Linux Compatible - KDE (Page 7)

KDE Security Advisory: KOffice PDF Import Filter Vulnerability

KDE 1701 Published 2005-01-21 05:13 by Philipp Esselbach 0

KDE Security Advisory: KOffice PDF Import Filter Vulnerability
Original Release Date: 2005-01-20
URL: http://www.kde.org/info/security/advisory-20050120-1.txt

0. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064
http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities

1. Systems affected:

KOffice 1.3 up to including KOffice 1.3.5

2. Overview:

The KOffice PDF Import Filter shares code with xpdf. xpdf contains a buffer overflow that can be triggered by a specially crafted PDF file.

kpdf Buffer Overflow Vulnerability

KDE 1701 Published 2005-01-19 15:50 by Philipp Esselbach 0

KDE Security Advisory: kpdf Buffer Overflow Vulnerability
Original Release Date: 2005-01-19
URL: http://www.kde.org/info/security/advisory-20050119-1.txt

0. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0064
http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities

1. Systems affected:

KDE 3.2 up to including KDE 3.2.3.
KDE 3.3 up to including KDE 3.3.2.

KDar-1.3.2 released

KDE 1701 Published 2005-01-17 08:17 by Philipp Esselbach 0

The third release in the 1.3 series of the KDE Disk archiver (KDar) has been released

KDE 3.4 Beta 1

KDE 1701 Published 2005-01-13 15:12 by Philipp Esselbach 0

KDE 3.4 Beta 1 has been released

ftp kioslave command injection

KDE 1701 Published 2005-01-11 04:06 by Philipp Esselbach 0

KDE Security Advisory: ftp kioslave command injection
Original Release Date: 2005-01-01

URL: http://www.kde.org/info/security/advisory-20050101-1.txt

0. References

http://www.securityfocus.com/bid/11827 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1165

1. Systems affected:

All KDE releases up to including KDE 3.3.2.

2. Overview:

KDE applications which use the ftp kioslave, e.g. Konqueror, allow remote attackers to execute arbitrary FTP commands via an ftp://URL that contains an URL-encoded newline ( %0a ) before the ftp command, which causes the commands to be inserted into the resulting FTP session.

Due to similiarities between the ftp and the SMTP protocol, this vulnerability allows to misuse the ftp slave to connect to a SMTP server and issue arbitrary commands, like sending an email.

KPlayer 0.5.3 released

KDE 1701 Published 2005-01-11 04:01 by Philipp Esselbach 0

KPlayer 0.5.3 has been released

amaroK 1.2-beta3 Released

KDE 1701 Published 2005-01-11 03:59 by Philipp Esselbach 0

amaroK 1.2-beta3 has been released

Knotebook: KDE applet for notebooks/laptops

KDE 1701 Published 2005-01-08 05:09 by Philipp Esselbach 0

Knotebook, a KDE applet for notebooks, has been released

KDE Security Advisory: ftp kioslave command injection

KDE 1701 Published 2005-01-04 14:40 by Philipp Esselbach 0

KDE Security Advisory: ftp kioslave command injection
Original Release Date: 2005-01-01

URL: http://www.kde.org/info/security/advisory-20050101-1.txt

0. References
http://www.securityfocus.com/bid/11827 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1165

1. Systems affected:
All KDE releases up to including KDE 3.3.2.

DigikamImagePlugins 0.7.1 released

KDE 1701 Published 2005-01-04 14:30 by Philipp Esselbach 0

DigikamImagePlugins 0.7.1 is out

KDE Security Advisory: Multiple integer overflows in kpdf

KDE 1701 Published 2004-12-31 18:53 by mgjim 0

KDE Security Advisory: kpdf integer overflows
Original Release Date: 2004-10-21
URL: http://www.kde.org/info/security/advisory-20041021-1.txt

Chris Evans notified the KDE security team about multiple integer overflow and integer arithmetic flaws in xpdf 3.0. These flaws, if exploited, can cause xpdf (and therefore kpdf) to hang using 100% CPU, crash the viewer or corrupt the program heaproblem:
Chris Evans notified the KDE security team about multiple integer overflow and integer arithmetic flaws in xpdf 3.0. These flaws, if exploited, can cause xpdf (and therefore kpdf) to hang using 100% CPU, crash the viewer or corrupt the program heap.