Slackware alert SSA:2004-247-01 (kde)
| From: | Slackware Security Team <security@slackware.com> | |
| To: | slackware-security@slackware.com | |
| Subject: | [slackware-security] kde (SSA:2004-247-01) | |
| Date: | Fri, 3 Sep 2004 22:01:35 -0700 (PDT) |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] kde (SSA:2004-247-01) New kdelibs and kdebase packages are available for Slackware 9.1, 10.0, and -current to fix security issues. More details about this issues may be found in the Common Vulnerabilities and Exposures (CVE) database: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0689 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0690 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0721 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0746 Here are the details from the Slackware 10.0 ChangeLog: +--------------------------+ Fri Sep 3 13:13:09 PDT 2004 patches/packages/kdebase-3.2.3-i486-2.tgz: Patched frame injection vulnerability in Konqueror. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0721 (* Security fix *) patches/packages/kdelibs-3.2.3-i486-2.tgz: Patched unsafe temporary directory usage, cross-domain cookie injection vulnerability for certain country specific domains, and frame injection vulnerability in Konqueror. For more details, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0689 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0690 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0721 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0746 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Updated packages for Slackware 9.1: ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patch... ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patch... Updated packages for Slackware 10.0: ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patc... ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patc... Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/s... ftp://ftp.slackware.com/pub/slackware/slackware-current/s... MD5 signatures: +-------------+ Slackware 9.1 packages: 296fc0b2d31c5914b08ab54332312cf9 kdebase-3.1.4-i486-2.tgz c0de072389daeb6bd8a1cde2ed1dc8ef kdelibs-3.1.4-i486-3.tgz Slackware 10.0 packages: 528edca97f8d6c412742fa8f817abd76 kdebase-3.2.3-i486-2.tgz 8eabfa597ea805ceb457933d36e144be kdelibs-3.2.3-i486-2.tgz Slackware -current packages: 528edca97f8d6c412742fa8f817abd76 kdebase-3.2.3-i486-2.tgz 8eabfa597ea805ceb457933d36e144be kdelibs-3.2.3-i486-2.tgz Installation instructions: +------------------------+ Upgrade the packages as root: # upgradepkg kdebase-3.2.3-i486-2.tgz kdelibs-3.2.3-i486-2.tgz +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. | +------------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFBOSTiakRjwEAQIjMRAivpAJ4iUTSi4YnM8uuGhEn+izLF4ZxqDACeIeqa mQFpAIOtK43Yw4aGUPabFls= =pe6e -----END PGP SIGNATURE-----
(Log in to post comments)