Nom du paquet
kdelibs
Date
2004-05-18
Advisory ID
MDKSA-2004:047
Affected versions
10.0 amd64 , 9.2 i586 , 10.0 i586 , 9.2 amd64

Problem description

A vulnerability in the Opera web browser was identified by iDEFENSE; the same type of vulnerability exists in KDE. The telnet, rlogin, ssh, and mailto URI handlers do not check for '-' at the beginning of the hostname passed, which makes it possible to pass an option to the programs started by the handlers. This can allow remote attackers to create or truncate arbitrary files. The updated packages contain patches provided by the KDE team to fix this problem.

Updated packages

10.0 amd64

 e1da8eb3974deedab1a88cadde9a8485  amd64/10.0/RPMS/kdelibs-common-3.2-36.2.100mdk.amd64.rpm
dbfdb75e9e4d21df70ced100d58f95e9  amd64/10.0/RPMS/lib64kdecore4-3.2-36.2.100mdk.amd64.rpm
1af32502b0dff3cd0dc4d384aa3b9429  amd64/10.0/RPMS/lib64kdecore4-devel-3.2-36.2.100mdk.amd64.rpm
eabd0014c180f29e2df40ad669cb8727  amd64/10.0/SRPMS/kdelibs-3.2-36.2.100mdk.src.rpm

9.2 i586

 1600ba6398e53148f4ae46a36c1014ac  9.2/RPMS/kdelibs-common-3.1.3-35.2.92mdk.i586.rpm
a1725a29836ae4fedc94a259bfea2957  9.2/RPMS/libkdecore4-3.1.3-35.2.92mdk.i586.rpm
88eaf9cd1ea992bfc455425344faa500  9.2/RPMS/libkdecore4-devel-3.1.3-35.2.92mdk.i586.rpm
664aa0ba51c942d0b437bbaf9623e4c0  9.2/SRPMS/kdelibs-3.1.3-35.2.92mdk.src.rpm

10.0 i586

 5834d2544ea362a8b1a89df573d37a5e  10.0/RPMS/kdelibs-common-3.2-36.2.100mdk.i586.rpm
c3f3605f848c79040202b741d504be5b  10.0/RPMS/libkdecore4-3.2-36.2.100mdk.i586.rpm
ba2f23077a06234e3ea8abff508c3491  10.0/RPMS/libkdecore4-devel-3.2-36.2.100mdk.i586.rpm
eabd0014c180f29e2df40ad669cb8727  10.0/SRPMS/kdelibs-3.2-36.2.100mdk.src.rpm

9.2 amd64

 323f3915da6a05de388b9e89b6739055  amd64/9.2/RPMS/kdelibs-common-3.1.3-35.2.92mdk.amd64.rpm
adf904eaa80f7f1b34e7f51cd177a08d  amd64/9.2/RPMS/lib64kdecore4-3.1.3-35.2.92mdk.amd64.rpm
3ae0b390d54151105c33e93af4d686de  amd64/9.2/RPMS/lib64kdecore4-devel-3.1.3-35.2.92mdk.amd64.rpm
664aa0ba51c942d0b437bbaf9623e4c0  amd64/9.2/SRPMS/kdelibs-3.1.3-35.2.92mdk.src.rpm

References