lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <E1DvO0j-0006Pe-VF@mercury.mandriva.com>
Date: Wed, 20 Jul 2005 17:29:57 -0600
From: Mandriva Security Team <security@...driva.com>
To: bugtraq@...urityfocus.com
Subject: MDKSA-2005:122 - Updated kdelibs packages fix vulnerability in kate and kwrite


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           kdelibs
 Advisory ID:            MDKSA-2005:122
 Date:                   July 20th, 2005

 Affected versions:	 10.1, 10.2, Corporate 3.0
 ______________________________________________________________________

 Problem Description:

 The Kate and Kwrite programs create a file backup before saving a
 modified file.  These backup files are created with default system
 permissions, even if the original file had more strict permissions
 set.
 
 The updated packages have been patched to address this issue.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1920
  http://www.kde.org/info/security/advisory-20050718-1.txt
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.1:
 a0f1efe07bb5841847108cc0daf12217  10.1/RPMS/kdelibs-common-3.2.3-106.2.101mdk.i586.rpm
 f7862670574e110f1f1c057e3469fc7a  10.1/RPMS/libkdecore4-3.2.3-106.2.101mdk.i586.rpm
 237a0ae8464e3bfd53c92f5c0de55393  10.1/RPMS/libkdecore4-devel-3.2.3-106.2.101mdk.i586.rpm
 e8a3cf31cbead94c2cae9b0354b8519b  10.1/SRPMS/kdelibs-3.2.3-106.2.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 58459812a658d852c9e687dc1f9b4330  x86_64/10.1/RPMS/kdelibs-common-3.2.3-106.2.101mdk.x86_64.rpm
 5d6bfa6646edbc3ad2eca04ad9fdc327  x86_64/10.1/RPMS/lib64kdecore4-3.2.3-106.2.101mdk.x86_64.rpm
 504c65d12c4688b4cd37309e6d989062  x86_64/10.1/RPMS/lib64kdecore4-devel-3.2.3-106.2.101mdk.x86_64.rpm
 f7862670574e110f1f1c057e3469fc7a  x86_64/10.1/RPMS/libkdecore4-3.2.3-106.2.101mdk.i586.rpm
 237a0ae8464e3bfd53c92f5c0de55393  x86_64/10.1/RPMS/libkdecore4-devel-3.2.3-106.2.101mdk.i586.rpm
 e8a3cf31cbead94c2cae9b0354b8519b  x86_64/10.1/SRPMS/kdelibs-3.2.3-106.2.101mdk.src.rpm

 Mandrakelinux 10.2:
 b87de63cf909821c607ad96a9fe4d214  10.2/RPMS/kdelibs-common-3.3.2-124.2.102mdk.i586.rpm
 afd0981056261c82daf24cd8225b12d6  10.2/RPMS/libkdecore4-3.3.2-124.2.102mdk.i586.rpm
 8102a00c4778222972484fa92a3f125e  10.2/RPMS/libkdecore4-devel-3.3.2-124.2.102mdk.i586.rpm
 0574a1270ad44837e35afb7c15f7d1c0  10.2/SRPMS/kdelibs-3.3.2-124.2.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 4d55b8d9aa6108bc94a8d1151136d01d  x86_64/10.2/RPMS/kdelibs-common-3.3.2-124.2.102mdk.x86_64.rpm
 0576c9fe5bc43927f3cea421e7d2301a  x86_64/10.2/RPMS/lib64kdecore4-3.3.2-124.2.102mdk.x86_64.rpm
 c65120ab7eaab75027d8e39e0f434b65  x86_64/10.2/RPMS/lib64kdecore4-devel-3.3.2-124.2.102mdk.x86_64.rpm
 afd0981056261c82daf24cd8225b12d6  x86_64/10.2/RPMS/libkdecore4-3.3.2-124.2.102mdk.i586.rpm
 8102a00c4778222972484fa92a3f125e  x86_64/10.2/RPMS/libkdecore4-devel-3.3.2-124.2.102mdk.i586.rpm
 0574a1270ad44837e35afb7c15f7d1c0  x86_64/10.2/SRPMS/kdelibs-3.3.2-124.2.102mdk.src.rpm

 Corporate 3.0:
 e45c3989a48dc0ec233aab73bbeeb8b0  corporate/3.0/RPMS/kdelibs-common-3.2-36.14.C30mdk.i586.rpm
 c0b72328b43a17d765554c1dddaa7602  corporate/3.0/RPMS/libkdecore4-3.2-36.14.C30mdk.i586.rpm
 8f53a7b7cfd1ffd2d16e47f54a8b21e9  corporate/3.0/RPMS/libkdecore4-devel-3.2-36.14.C30mdk.i586.rpm
 def69e2c45825276eceae1ad9a3e34cd  corporate/3.0/SRPMS/kdelibs-3.2-36.14.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 5d7c3a0ee26395542ce0560c29c9872d  x86_64/corporate/3.0/RPMS/kdelibs-common-3.2-36.14.C30mdk.x86_64.rpm
 b37a1651ba33fdb2bb6e8bbd1c15b0be  x86_64/corporate/3.0/RPMS/lib64kdecore4-3.2-36.14.C30mdk.x86_64.rpm
 32cee9a6d31ff7e57ebad83ab3c292ef  x86_64/corporate/3.0/RPMS/lib64kdecore4-devel-3.2-36.14.C30mdk.x86_64.rpm
 c0b72328b43a17d765554c1dddaa7602  x86_64/corporate/3.0/RPMS/libkdecore4-3.2-36.14.C30mdk.i586.rpm
 def69e2c45825276eceae1ad9a3e34cd  x86_64/corporate/3.0/SRPMS/kdelibs-3.2-36.14.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFC3t51mqjQ0CJFipgRAi2yAKDrp/EUhavta8Of1140P5zGlKkSEACcDOkS
TtUwKi4VR4Mkht/DA3ZN6io=
=eM7a
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ