1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
- - - --------------------------------------------------------------------- |
5 |
GENTOO LINUX SECURITY ANNOUNCEMENT 200304-04.1 |
6 |
- - - --------------------------------------------------------------------- |
7 |
|
8 |
PACKAGE : kdegraphics-3.1.x |
9 |
SUMMARY : aribitrary code execution |
10 |
DATE : 2003-04-10 15:34 UTC |
11 |
EXPLOIT : remote |
12 |
VERSIONS AFFECTED : <kdegraphics-3.1.1a-r1 |
13 |
FIXED VERSION : >=kdegraphics-3.1.1a-r1 |
14 |
CVE : |
15 |
|
16 |
- - - --------------------------------------------------------------------- |
17 |
|
18 |
A new revision of kdegraphics-3.1.1a has been released to fix outstanding |
19 |
security bugs in the 3.1.1a release. |
20 |
|
21 |
- - From advisory: |
22 |
|
23 |
"KDE uses Ghostscript software for processing of PostScript (PS) |
24 |
and PDF files in a way that allows for the execution of arbitrary |
25 |
commands that can be contained in such files. |
26 |
|
27 |
An attacker can prepare a malicious PostScript or PDF file which will |
28 |
provide the attacker with access to the victim's account and privileges |
29 |
when the victim opens this malicious file for viewing or when the |
30 |
victim browses a directory containing such malicious file and has |
31 |
file previews enabled. |
32 |
|
33 |
An attacker can provide malicious files remotely to a victim in an |
34 |
e-mail, as part of a webpage, via an ftp server and possible other |
35 |
means." |
36 |
|
37 |
Read the full advisory at: |
38 |
http://www.kde.org/info/security/advisory-20030409-1.txt |
39 |
|
40 |
SOLUTION |
41 |
|
42 |
It is recommended that all Gentoo Linux users who are running |
43 |
kde-base/kdegraphics upgrade to kdegraphics-3.1.1a-r1 as follows: |
44 |
|
45 |
emerge sync |
46 |
emerge kdegraphics |
47 |
emerge clean |
48 |
|
49 |
- - - --------------------------------------------------------------------- |
50 |
aliz@g.o - GnuPG key is available at http://cvs.gentoo.org/~aliz |
51 |
kde@g.o |
52 |
- - - --------------------------------------------------------------------- |
53 |
-----BEGIN PGP SIGNATURE----- |
54 |
Version: GnuPG v1.2.1 (GNU/Linux) |
55 |
|
56 |
iD8DBQE+m6clfT7nyhUpoZMRAghCAJ0eF8K4ZU6cHJwfLOqZU7G1JTUhSQCgjScQ |
57 |
p+nrdUu2hYF0IFdFg3VJ09Y= |
58 |
=+cwr |
59 |
-----END PGP SIGNATURE----- |