1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
- - --------------------------------------------------------------------- |
5 |
GENTOO LINUX SECURITY ANNOUNCEMENT 200304-05.1 |
6 |
- - --------------------------------------------------------------------- |
7 |
|
8 |
PACKAGE : kde-2.x |
9 |
SUMMARY : aribitrary code execution |
10 |
DATE : 2003-04-14 09:43 UTC |
11 |
EXPLOIT : remote |
12 |
VERSIONS AFFECTED : <kdebase-2.2.2-r5, <kdelibs-2.2.2a-r2 |
13 |
<kdegraphics-2.2.2-r2 |
14 |
FIXED VERSION : >=kdebase-2.2.2-r5, >=kdelibs-2.2.2a-r2 |
15 |
>=kdegraphics-2.2.2-r2 |
16 |
CVE : |
17 |
|
18 |
- - --------------------------------------------------------------------- |
19 |
|
20 |
- From advisory: |
21 |
|
22 |
"KDE uses Ghostscript software for processing of PostScript (PS) |
23 |
and PDF files in a way that allows for the execution of arbitrary |
24 |
commands that can be contained in such files. |
25 |
|
26 |
An attacker can prepare a malicious PostScript or PDF file which will |
27 |
provide the attacker with access to the victim's account and privileges |
28 |
when the victim opens this malicious file for viewing or when the |
29 |
victim browses a directory containing such malicious file and has |
30 |
file previews enabled. |
31 |
|
32 |
An attacker can provide malicious files remotely to a victim in an |
33 |
e-mail, as part of a webpage, via an ftp server and possible other |
34 |
means." |
35 |
|
36 |
Read the full advisory at: |
37 |
http://www.kde.org/info/security/advisory-20030409-1.txt |
38 |
|
39 |
SOLUTION |
40 |
|
41 |
It is recommended that all Gentoo Linux users who are running |
42 |
kde-base/kde upgrade to fixed packages as follows: |
43 |
|
44 |
emerge sync |
45 |
emerge \=kde-base/kdebase-2.2.2-r5 |
46 |
emerge \=kde-base/kdelibs-2.2.2a-r2 |
47 |
emerge \=kde-base/kdegraphics-2.2.2-r2 |
48 |
emerge clean |
49 |
|
50 |
- - --------------------------------------------------------------------- |
51 |
aliz@g.o - GnuPG key is available at http://cvs.gentoo.org/~aliz |
52 |
kde@g.o |
53 |
- - --------------------------------------------------------------------- |
54 |
-----BEGIN PGP SIGNATURE----- |
55 |
Version: GnuPG v1.2.1 (GNU/Linux) |
56 |
|
57 |
iD8DBQE+moK1fT7nyhUpoZMRAgH/AKDBP33V1Ec7/od2IRw/xH8Rea7JWgCdFQTt |
58 |
AgjIW1/sGXveSkA6Q9ArjU4= |
59 |
=C4Qc |
60 |
-----END PGP SIGNATURE----- |