Advisories
Mandriva Advisories
|
 |
| Problem Description |
The FTP protocol implementation in Konqueror 3.5.5 allows remote
servers to force the client to connect to other servers, perform a
proxied port scan, or obtain sensitive information by specifying an
alternate server address in a FTP PASV command.
Updated packages have been patched to address this issue.
| Updated Packages |
Corporate Server 3.0
bfd644bf673c34bcdc40f16cf0b37b0d corporate/3.0/i586/kdelibs-common-3.2-36.18.C30mdk.i586.rpm af2ffbed7fd04d59bcebae3b4bfe71eb corporate/3.0/i586/libkdecore4-3.2-36.18.C30mdk.i586.rpm 42e3a51ec6aac2a2c9e2ae4971910087 corporate/3.0/i586/libkdecore4-devel-3.2-36.18.C30mdk.i586.rpm 5575864f778b851db8fdaf8099bcc813 corporate/3.0/SRPMS/kdelibs-3.2-36.18.C30mdk.src.rpm
Corporate Server 3.0/X86_64
931bef1ba4a2c3dbff91cd1d9b4dd606 corporate/3.0/x86_64/kdelibs-common-3.2-36.18.C30mdk.x86_64.rpm f1228776d803fe9d126705cbd8ae90c6 corporate/3.0/x86_64/lib64kdecore4-3.2-36.18.C30mdk.x86_64.rpm 90c14b9533af7b0a94ce86f6f6862743 corporate/3.0/x86_64/lib64kdecore4-devel-3.2-36.18.C30mdk.x86_64.rpm 5575864f778b851db8fdaf8099bcc813 corporate/3.0/SRPMS/kdelibs-3.2-36.18.C30mdk.src.rpm
Mandriva Linux 2007
c0c597de9778cb8206e1ed62fec046b3 2007.0/i586/kdelibs-common-3.5.4-19.4mdv2007.0.i586.rpm 68b85c647d6e117eeab8d77252ee9cf5 2007.0/i586/kdelibs-devel-doc-3.5.4-19.4mdv2007.0.i586.rpm 61d9c254adf06c805411a8d2a8ae88b9 2007.0/i586/libkdecore4-3.5.4-19.4mdv2007.0.i586.rpm 361e161cf27d52446f8d4cca3cde5399 2007.0/i586/libkdecore4-devel-3.5.4-19.4mdv2007.0.i586.rpm a94477af19ac845bdc7cb58ddc981dc9 2007.0/SRPMS/kdelibs-3.5.4-19.4mdv2007.0.src.rpm
Mandriva Linux 2007/X86_64
d1cabaa637a4cd98c4d5d2453fe5e795 2007.0/x86_64/kdelibs-common-3.5.4-19.4mdv2007.0.x86_64.rpm 606305ad558a0f28cb0cfbdd33e84baa 2007.0/x86_64/kdelibs-devel-doc-3.5.4-19.4mdv2007.0.x86_64.rpm 7804378996ebeb4d866f08b95169dd73 2007.0/x86_64/lib64kdecore4-3.5.4-19.4mdv2007.0.x86_64.rpm a2f440c1e184ba56d4e6dd206575e739 2007.0/x86_64/lib64kdecore4-devel-3.5.4-19.4mdv2007.0.x86_64.rpm a94477af19ac845bdc7cb58ddc981dc9 2007.0/SRPMS/kdelibs-3.5.4-19.4mdv2007.0.src.rpm
Corporate Server 4.0
99ce0c5be728891343589c6e43e29584 corporate/4.0/i586/kdelibs-arts-3.5.4-2.5.20060mlcs4.i586.rpm c8d918697e252a90412e205a310116c4 corporate/4.0/i586/kdelibs-common-3.5.4-2.5.20060mlcs4.i586.rpm e9b51f7417d497700dede43bb194d468 corporate/4.0/i586/kdelibs-devel-doc-3.5.4-2.5.20060mlcs4.i586.rpm e3a58c49c5687673f5cffaf85838f425 corporate/4.0/i586/libkdecore4-3.5.4-2.5.20060mlcs4.i586.rpm 756ef302380caad03d383c44eee28147 corporate/4.0/i586/libkdecore4-devel-3.5.4-2.5.20060mlcs4.i586.rpm c5507e07961ca39859483995ddff7a34 corporate/4.0/SRPMS/kdelibs-3.5.4-2.5.20060mlcs4.src.rpm
Corporate Server 4.0/X86_64
a1fc572f298d659cbcf47746eac2eb03 corporate/4.0/x86_64/kdelibs-arts-3.5.4-2.5.20060mlcs4.x86_64.rpm 2fa636d65a3b1ef56611d250fa40db4d corporate/4.0/x86_64/kdelibs-common-3.5.4-2.5.20060mlcs4.x86_64.rpm 9eb6a39a045cbad4d97895e49defe523 corporate/4.0/x86_64/kdelibs-devel-doc-3.5.4-2.5.20060mlcs4.x86_64.rpm bd29b8c1f173f373bd43a0f2672f2ffd corporate/4.0/x86_64/lib64kdecore4-3.5.4-2.5.20060mlcs4.x86_64.rpm b99795fa58545d3eef9a47fcd821b116 corporate/4.0/x86_64/lib64kdecore4-devel-3.5.4-2.5.20060mlcs4.x86_64.rpm c5507e07961ca39859483995ddff7a34 corporate/4.0/SRPMS/kdelibs-3.5.4-2.5.20060mlcs4.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1564
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.