Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

Fedora Core 3: 2005-745 Moderate: Kdeedu Local File Overwrite Risk

fedora
Calendar Grey August 15, 2005
Dist Fedora Esm H88
The latest patch for Fedora Core 3 resolves concerns in kdeedu regarding the management of temporary files, specifically fixing problems tied to overwriting local files.
Ben Burton notified the KDE security team about several tempfile handling related vulnerabilities in langen2kvtml, a conversion script for kvoctrain.

Summary

Educational/Edutainment applications for KDE

Ben Burton notified the KDE security team about several

tempfile handling related vulnerabilities in langen2kvtml,

a conversion script for kvoctrain. The script must be

manually invoked.

The script uses known filenames in /tmp which allow an local

attacker to overwrite files writeable by the user invoking the

conversion script.

This update fixes these vulnerabilities.

- apply patch to fix tempfile vulnerability, CAN-2005-2101, #165606

16f0ba99cbd812599efc87f439e3cd3e SRPMS/kdeedu-3.4.2-0.fc3.2.src.rpm

d76cb28b1363d42cc95ed2e8b6ce453f x86_64/kdeedu-3.4.2-0.fc3.2.x86_64.rpm

9e3beda785a248d2b32fda76c8274be8 x86_64/kdeedu-devel-3.4.2-0.fc3.2.x86_64.rpm

14ba8ddbcb79d5c5800024843c7dd2f7

x86_64/debug/kdeedu-debuginfo-3.4.2-0.fc3.2.x86_64.rpm

918f1d116b2b47b7fc7be55ef1ce5dd8 i386/kdeedu-3.4.2-0.fc3.2.i386.rpm

0461f594898e6caa6745cbf4017ce617 i386/kdeedu-devel-3.4.2-0.fc3.2.i386.rpm

f0a8f527a6f30c9e78118804e54b73ca i386/debug/kdeedu-debuginfo-3.4.2-0.fc3.2.i386.rpm

This update can also be installed with the Update Agent; you can

launch the Update Agent with the 'up2date' command.

fedora-announce-list@redhat.com

Change Log

References

Update Instructions

Name: kdeedu
Version: 3.4.2
Release: 0.fc3.2
Summary: Educational/Edutainment applications for KDE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here