lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <E1DvO0k-0006Pn-2M@mercury.mandriva.com> Date: Thu Jul 21 00:30:07 2005 From: security at mandriva.com (Mandriva Security Team) Subject: MDKSA-2005:122 - Updated kdelibs packages fix vulnerability in kate and kwrite -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Update Advisory _______________________________________________________________________ Package name: kdelibs Advisory ID: MDKSA-2005:122 Date: July 20th, 2005 Affected versions: 10.1, 10.2, Corporate 3.0 ______________________________________________________________________ Problem Description: The Kate and Kwrite programs create a file backup before saving a modified file. These backup files are created with default system permissions, even if the original file had more strict permissions set. The updated packages have been patched to address this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1920 http://www.kde.org/info/security/advisory-20050718-1.txt ______________________________________________________________________ Updated Packages: Mandrakelinux 10.1: a0f1efe07bb5841847108cc0daf12217 10.1/RPMS/kdelibs-common-3.2.3-106.2.101mdk.i586.rpm f7862670574e110f1f1c057e3469fc7a 10.1/RPMS/libkdecore4-3.2.3-106.2.101mdk.i586.rpm 237a0ae8464e3bfd53c92f5c0de55393 10.1/RPMS/libkdecore4-devel-3.2.3-106.2.101mdk.i586.rpm e8a3cf31cbead94c2cae9b0354b8519b 10.1/SRPMS/kdelibs-3.2.3-106.2.101mdk.src.rpm Mandrakelinux 10.1/X86_64: 58459812a658d852c9e687dc1f9b4330 x86_64/10.1/RPMS/kdelibs-common-3.2.3-106.2.101mdk.x86_64.rpm 5d6bfa6646edbc3ad2eca04ad9fdc327 x86_64/10.1/RPMS/lib64kdecore4-3.2.3-106.2.101mdk.x86_64.rpm 504c65d12c4688b4cd37309e6d989062 x86_64/10.1/RPMS/lib64kdecore4-devel-3.2.3-106.2.101mdk.x86_64.rpm f7862670574e110f1f1c057e3469fc7a x86_64/10.1/RPMS/libkdecore4-3.2.3-106.2.101mdk.i586.rpm 237a0ae8464e3bfd53c92f5c0de55393 x86_64/10.1/RPMS/libkdecore4-devel-3.2.3-106.2.101mdk.i586.rpm e8a3cf31cbead94c2cae9b0354b8519b x86_64/10.1/SRPMS/kdelibs-3.2.3-106.2.101mdk.src.rpm Mandrakelinux 10.2: b87de63cf909821c607ad96a9fe4d214 10.2/RPMS/kdelibs-common-3.3.2-124.2.102mdk.i586.rpm afd0981056261c82daf24cd8225b12d6 10.2/RPMS/libkdecore4-3.3.2-124.2.102mdk.i586.rpm 8102a00c4778222972484fa92a3f125e 10.2/RPMS/libkdecore4-devel-3.3.2-124.2.102mdk.i586.rpm 0574a1270ad44837e35afb7c15f7d1c0 10.2/SRPMS/kdelibs-3.3.2-124.2.102mdk.src.rpm Mandrakelinux 10.2/X86_64: 4d55b8d9aa6108bc94a8d1151136d01d x86_64/10.2/RPMS/kdelibs-common-3.3.2-124.2.102mdk.x86_64.rpm 0576c9fe5bc43927f3cea421e7d2301a x86_64/10.2/RPMS/lib64kdecore4-3.3.2-124.2.102mdk.x86_64.rpm c65120ab7eaab75027d8e39e0f434b65 x86_64/10.2/RPMS/lib64kdecore4-devel-3.3.2-124.2.102mdk.x86_64.rpm afd0981056261c82daf24cd8225b12d6 x86_64/10.2/RPMS/libkdecore4-3.3.2-124.2.102mdk.i586.rpm 8102a00c4778222972484fa92a3f125e x86_64/10.2/RPMS/libkdecore4-devel-3.3.2-124.2.102mdk.i586.rpm 0574a1270ad44837e35afb7c15f7d1c0 x86_64/10.2/SRPMS/kdelibs-3.3.2-124.2.102mdk.src.rpm Corporate 3.0: e45c3989a48dc0ec233aab73bbeeb8b0 corporate/3.0/RPMS/kdelibs-common-3.2-36.14.C30mdk.i586.rpm c0b72328b43a17d765554c1dddaa7602 corporate/3.0/RPMS/libkdecore4-3.2-36.14.C30mdk.i586.rpm 8f53a7b7cfd1ffd2d16e47f54a8b21e9 corporate/3.0/RPMS/libkdecore4-devel-3.2-36.14.C30mdk.i586.rpm def69e2c45825276eceae1ad9a3e34cd corporate/3.0/SRPMS/kdelibs-3.2-36.14.C30mdk.src.rpm Corporate 3.0/X86_64: 5d7c3a0ee26395542ce0560c29c9872d x86_64/corporate/3.0/RPMS/kdelibs-common-3.2-36.14.C30mdk.x86_64.rpm b37a1651ba33fdb2bb6e8bbd1c15b0be x86_64/corporate/3.0/RPMS/lib64kdecore4-3.2-36.14.C30mdk.x86_64.rpm 32cee9a6d31ff7e57ebad83ab3c292ef x86_64/corporate/3.0/RPMS/lib64kdecore4-devel-3.2-36.14.C30mdk.x86_64.rpm c0b72328b43a17d765554c1dddaa7602 x86_64/corporate/3.0/RPMS/libkdecore4-3.2-36.14.C30mdk.i586.rpm def69e2c45825276eceae1ad9a3e34cd x86_64/corporate/3.0/SRPMS/kdelibs-3.2-36.14.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFC3t51mqjQ0CJFipgRAi2yAKDrp/EUhavta8Of1140P5zGlKkSEACcDOkS TtUwKi4VR4Mkht/DA3ZN6io= =eM7a -----END PGP SIGNATURE-----
Powered by blists - more mailing lists