1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
- - --------------------------------------------------------------------- |
5 |
GENTOO LINUX SECURITY ANNOUNCEMENT 200304-04 |
6 |
- - --------------------------------------------------------------------- |
7 |
|
8 |
PACKAGE : kde-3.x |
9 |
SUMMARY : aribitrary code execution |
10 |
DATE : 2003-04-10 15:34 UTC |
11 |
EXPLOIT : remote |
12 |
VERSIONS AFFECTED : <3.1.1a || <3.0.5b |
13 |
FIXED VERSION : >=3.1.1a || >=3.0.5b |
14 |
CVE : |
15 |
|
16 |
- - --------------------------------------------------------------------- |
17 |
|
18 |
- From advisory: |
19 |
|
20 |
"KDE uses Ghostscript software for processing of PostScript (PS) |
21 |
and PDF files in a way that allows for the execution of arbitrary |
22 |
commands that can be contained in such files. |
23 |
|
24 |
An attacker can prepare a malicious PostScript or PDF file which will |
25 |
provide the attacker with access to the victim's account and privileges |
26 |
when the victim opens this malicious file for viewing or when the |
27 |
victim browses a directory containing such malicious file and has |
28 |
file previews enabled. |
29 |
|
30 |
An attacker can provide malicious files remotely to a victim in an |
31 |
e-mail, as part of a webpage, via an ftp server and possible other |
32 |
means." |
33 |
|
34 |
Read the full advisory at: |
35 |
http://www.kde.org/info/security/advisory-20030409-1.txt |
36 |
|
37 |
INFORMATION REGARDING OTHER ARCHITECTURES THAN X86 |
38 |
|
39 |
kde-3.1.1a and kde-3.0.5b are currently only marked stable for x86. |
40 |
If you have succesfully compiled and merged 3.1.1a or 3.0.5a on any |
41 |
other architecture than x86 please report this to kde@g.o. |
42 |
|
43 |
SOLUTION |
44 |
|
45 |
It is recommended that all Gentoo Linux users who are running |
46 |
kde-base/kde upgrade to kde-3.1.1a or kde-3.0.5b as follows: |
47 |
|
48 |
emerge sync |
49 |
emerge kde OR \=kde-base/kde-3.0.5b |
50 |
emerge clean |
51 |
|
52 |
- - --------------------------------------------------------------------- |
53 |
aliz@g.o - GnuPG key is available at http://cvs.gentoo.org/~aliz |
54 |
kde@g.o |
55 |
- - --------------------------------------------------------------------- |
56 |
-----BEGIN PGP SIGNATURE----- |
57 |
Version: GnuPG v1.2.1 (GNU/Linux) |
58 |
|
59 |
iD8DBQE+lY8jfT7nyhUpoZMRAvLiAJ9H88aDx2IA/Hv/PucuCDLf+I1N8gCfc4QF |
60 |
SEzK/MyCf96Z5CSmQ2hNtlk= |
61 |
=j+2O |
62 |
-----END PGP SIGNATURE----- |