Slackware alert SSA:2004-238-01 (kdelibs)
| From: | Slackware Security Team <security@slackware.com> | |
| To: | slackware-security@slackware.com | |
| Subject: | [slackware-security] kdelibs (SSA:2004-238-01) | |
| Date: | Tue, 18 May 2004 00:08:28 -0700 (PDT) |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] kdelibs (SSA:2004-238-01) New kdelibs packages are available for Slackware 9.0, 9.1 and -current to fix security issues with URI handling. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0411 Here are the details from the Slackware 9.1 ChangeLog: +--------------------------+ Mon May 17 19:31:12 PDT 2004 patches/packages/kdelibs-3.1.4-i486-2.tgz: Patched URI security issues. According to www.kde.org: The telnet, rlogin, ssh and mailto URI handlers in KDE do not check for '-' at the beginning of the hostname passed, which makes it possible to pass an option to the programs started by the handlers. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0411 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Updated package for Slackware 9.0: ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/kde/kdelibs-3.1.3a-i386-2.tgz Updated package for Slackware 9.1: ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/kdelibs-3.1.4-i486-2.tgz Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/kde/kdelibs-3.2.2-i486-2.tgz MD5 signatures: +-------------+ Slackware 9.0 package: 554873b76b83e345c2c86a9785199fcf kdelibs-3.1.3a-i386-2.tgz Slackware 9.1 package: 4be0192b1c0c246aa947b625eeb6dfd9 kdelibs-3.1.4-i486-2.tgz Slackware -current package: 015a0efcd12fb61b6bf78a10e218c0cd kdelibs-3.2.2-i486-2.tgz Installation instructions: +------------------------+ Upgrade the kdelibs package as root: # upgradepkg kdelibs-3.1.4-i486-2.tgz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAqbZaakRjwEAQIjMRArN8AKCE/7v7A3W0lmHzsaERd9dPkcgLsgCdFyyF 7DC3dKBXzxvFkoHcUqzb4p8= =FUQf -----END PGP SIGNATURE-----
(Log in to post comments)