Advisories
Mandriva Advisories
|
 |
| Problem Description |
A vulnerability was discovered by the KDE team in the way that KDE
uses Ghostscript for processing PostScript and PDF files. A malicious
attacker could provide a carefully constructed PDF or PostScript file
to an end user (via web or mail) that could lead to the execution of
arbitrary commands as the user viewing the file. The vulnerability
can be triggered even by the browser generating a directory listing
with thumbnails.
All users are encouraged to upgrade to these new kdegraphics, kdebase,
and kdelibs packages that contain patches to correct the problem.
This issue is corrected upstream in KDE 3.0.5b and KDE 3.1.1a.
| Updated Packages |
Mandrakelinux 9.0
934ab3303bdfe0fc071f4d7f709ef401 9.0/RPMS/kdebase-3.0.5a-1.2mdk.i586.rpm fa4f76482512c6aaf8289ebe8a160d3a 9.0/RPMS/kdebase-devel-3.0.5a-1.2mdk.i586.rpm df43d1eef62d3d4963a270ffafabc09e 9.0/RPMS/kdebase-nsplugins-3.0.5a-1.2mdk.i586.rpm 29245513bdf280b83b988dd34f6189f6 9.0/RPMS/kdelibs-3.0.5a-1.2mdk.i586.rpm a19b592bdbdf5354de12b59644fa504f 9.0/RPMS/kdelibs-devel-3.0.5a-1.2mdk.i586.rpm f9043548de772408dd4c698de088eacc 9.0/RPMS/kdegraphics-3.0.5a-1.2mdk.i586.rpm e7b5ec7e373fdd5450b58efebbeece33 9.0/RPMS/kdegraphics-devel-3.0.5a-1.2mdk.i586.rpm 250d4699bfe5834fd0e9bc4ffb29cda9 9.0/SRPMS/kdebase-3.0.5a-1.2mdk.src.rpm 397970927d3247fc6d492439e5fec3ba 9.0/SRPMS/kdelibs-3.0.5a-1.2mdk.src.rpm d765b5a2a03360ebe7c854e8a59bab96 9.0/SRPMS/kdegraphics-3.0.5a-1.2mdk.src.rpm
Mandrakelinux 9.1
e837efa5296b2aac2aeea66ae9bd78fa 9.1/RPMS/kdebase-3.1-83.1mdk.i586.rpm 04b1a8b8e8e2df14956f15bf5e839300 9.1/RPMS/kdebase-devel-3.1-83.1mdk.i586.rpm 535e83dd69ab6b12fd10e4f071e2236d 9.1/RPMS/kdebase-kdm-3.1-83.1mdk.i586.rpm 2c3e16cc462864687ad6e069a724e9e3 9.1/RPMS/kdebase-nsplugins-3.1-83.1mdk.i586.rpm 5ff6674a1e5416dbb55427e9ff3ee49d 9.1/RPMS/kdelibs-3.1-58.1mdk.i586.rpm 57071f2442db26cb09ee698998023796 9.1/RPMS/kdelibs-common-3.1-58.1mdk.i586.rpm 93bd6dc8ba2d5092a14f1528f7c9fb12 9.1/RPMS/kdelibs-devel-3.1-58.1mdk.i586.rpm 10e3d6b17eeea31db72e96fc3e67e19e 9.1/RPMS/kdelibs-static-devel-3.1-58.1mdk.i586.rpm cf66a123564521716eb88cc62e89adc8 9.1/RPMS/kdegraphics-3.1-9.1mdk.i586.rpm be94af8460bc232199523b0f85db4978 9.1/RPMS/kdegraphics-devel-3.1-9.1mdk.i586.rpm 32e95d6c0c859136f1be0e1d3af951c3 9.1/SRPMS/kdebase-3.1-83.1mdk.src.rpm 3a6411fc388f14809ab92e0c34ee4ba2 9.1/SRPMS/kdelibs-3.1-58.1mdk.src.rpm c125fd93d6a69abce85986b38714245b 9.1/SRPMS/kdegraphics-3.1-9.1mdk.src.rpm
Mandrakelinux 9.1/PPC
5f4bf8a92b89a372fa36d4c6cb72225f ppc/9.1/RPMS/kdebase-3.1-83.1mdk.ppc.rpm c3b396fc342700749c8849eadd815b2d ppc/9.1/RPMS/kdebase-devel-3.1-83.1mdk.ppc.rpm 2cc4dc2962fb14dbb8f932df65131867 ppc/9.1/RPMS/kdebase-kdm-3.1-83.1mdk.ppc.rpm 60e6736333b3a370c516af7ee803d282 ppc/9.1/RPMS/kdebase-nsplugins-3.1-83.1mdk.ppc.rpm 99350dae77e920ae26353f963061a447 ppc/9.1/RPMS/kdelibs-3.1-58.1mdk.ppc.rpm fb9ce6e8404248513587eaba58ce7e6c ppc/9.1/RPMS/kdelibs-common-3.1-58.1mdk.ppc.rpm c649233711d3b197887d930411b25322 ppc/9.1/RPMS/kdelibs-devel-3.1-58.1mdk.ppc.rpm d3257808be980c89e58cf43a5bc6d7f3 ppc/9.1/RPMS/kdelibs-static-devel-3.1-58.1mdk.ppc.rpm f62f86681644894b4ebfcc4f6dff4ff0 ppc/9.1/RPMS/kdegraphics-3.1-9.1mdk.ppc.rpm 02cd13f040a102ba314ff6c9083f45e6 ppc/9.1/RPMS/kdegraphics-devel-3.1-9.1mdk.ppc.rpm 32e95d6c0c859136f1be0e1d3af951c3 ppc/9.1/SRPMS/kdebase-3.1-83.1mdk.src.rpm 3a6411fc388f14809ab92e0c34ee4ba2 ppc/9.1/SRPMS/kdelibs-3.1-58.1mdk.src.rpm c125fd93d6a69abce85986b38714245b ppc/9.1/SRPMS/kdegraphics-3.1-9.1mdk.src.rpm
Corporate Server 2.1
934ab3303bdfe0fc071f4d7f709ef401 corporate/2.1/RPMS/kdebase-3.0.5a-1.2mdk.i586.rpm fa4f76482512c6aaf8289ebe8a160d3a corporate/2.1/RPMS/kdebase-devel-3.0.5a-1.2mdk.i586.rpm df43d1eef62d3d4963a270ffafabc09e corporate/2.1/RPMS/kdebase-nsplugins-3.0.5a-1.2mdk.i586.rpm 29245513bdf280b83b988dd34f6189f6 corporate/2.1/RPMS/kdelibs-3.0.5a-1.2mdk.i586.rpm a19b592bdbdf5354de12b59644fa504f corporate/2.1/RPMS/kdelibs-devel-3.0.5a-1.2mdk.i586.rpm f9043548de772408dd4c698de088eacc corporate/2.1/RPMS/kdegraphics-3.0.5a-1.2mdk.i586.rpm e7b5ec7e373fdd5450b58efebbeece33 corporate/2.1/RPMS/kdegraphics-devel-3.0.5a-1.2mdk.i586.rpm 250d4699bfe5834fd0e9bc4ffb29cda9 corporate/2.1/SRPMS/kdebase-3.0.5a-1.2mdk.src.rpm 397970927d3247fc6d492439e5fec3ba corporate/2.1/SRPMS/kdelibs-3.0.5a-1.2mdk.src.rpm d765b5a2a03360ebe7c854e8a59bab96 corporate/2.1/SRPMS/kdegraphics-3.0.5a-1.2mdk.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0204
http://www.kde.org/info/security/advisory-20030409-1.txt
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.