Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Daniel Ahlberg <aliz@g.o>
To: gentoo-announce@g.o
Subject: GLSA: kdegraphics-3.1.x (200304-04.1)
Date: Tue, 15 Apr 2003 06:33:06
Message-Id: 20030415063101.994D6338E5@mail1.tamperd.net
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4 - - - ---------------------------------------------------------------------
5 GENTOO LINUX SECURITY ANNOUNCEMENT 200304-04.1
6 - - - ---------------------------------------------------------------------
7
8 PACKAGE : kdegraphics-3.1.x
9 SUMMARY : aribitrary code execution
10 DATE : 2003-04-10 15:34 UTC
11 EXPLOIT : remote
12 VERSIONS AFFECTED : <kdegraphics-3.1.1a-r1
13 FIXED VERSION : >=kdegraphics-3.1.1a-r1
14 CVE :
15
16 - - - ---------------------------------------------------------------------
17
18 A new revision of kdegraphics-3.1.1a has been released to fix outstanding
19 security bugs in the 3.1.1a release.
20
21 - - From advisory:
22
23 "KDE uses Ghostscript software for processing of PostScript (PS)
24 and PDF files in a way that allows for the execution of arbitrary
25 commands that can be contained in such files.
26
27 An attacker can prepare a malicious PostScript or PDF file which will
28 provide the attacker with access to the victim's account and privileges
29 when the victim opens this malicious file for viewing or when the
30 victim browses a directory containing such malicious file and has
31 file previews enabled.
32
33 An attacker can provide malicious files remotely to a victim in an
34 e-mail, as part of a webpage, via an ftp server and possible other
35 means."
36
37 Read the full advisory at:
38 http://www.kde.org/info/security/advisory-20030409-1.txt
39
40 SOLUTION
41
42 It is recommended that all Gentoo Linux users who are running
43 kde-base/kdegraphics upgrade to kdegraphics-3.1.1a-r1 as follows:
44
45 emerge sync
46 emerge kdegraphics
47 emerge clean
48
49 - - - ---------------------------------------------------------------------
50 aliz@g.o - GnuPG key is available at http://cvs.gentoo.org/~aliz
51 kde@g.o
52 - - - ---------------------------------------------------------------------
53 -----BEGIN PGP SIGNATURE-----
54 Version: GnuPG v1.2.1 (GNU/Linux)
55
56 iD8DBQE+m6clfT7nyhUpoZMRAghCAJ0eF8K4ZU6cHJwfLOqZU7G1JTUhSQCgjScQ
57 p+nrdUu2hYF0IFdFg3VJ09Y=
58 =+cwr
59 -----END PGP SIGNATURE-----
Report Message
Find on MARC Find on Google Groups