Updated KDE packages for Red Hat Linux
Posted on: 05/12/2003 11:20 PM

Red Hat has released updated KDE packages

KDE fails in multiple places to properly quote URLs and file names before passing them to a command shell. This could allow remote attackers to execute arbitrary commands via carefully crafted URLs, filenames, or email addresses.

Red Hat Linux 9 provides KDE version 3.1 and is not vulnerable to the first issue (CAN-2002-1393). Red Hat Linux 7.3 and 8.0 currently provide KDE version 3.0.3 and are vulnerable to both of these issues. Red Hat Linux 7.2 shipped with KDE 2.2.2, and Red Hat Linux 7.1 shipped with KDE 2.1.1. The versions are vulnerable to both of the issues.


Read more


Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/updated_kde_packages_for_red_hat_linux.html)