Red Hat 6.0 RHSA-1999:015-01 Moderate: KDE Security Fixes Available
Dec 07, 1999
•
LinuxSecurity Advisories
2 - 4 min read
Topics Covered
New KDE RPMs are available for Red Hat Linux 6.0. These RPMs upgrade the
1.1.1pre2 release to 1.1.1 final + fixes. Several security holes have been
closed, and other bugs noted in the original RPMs have been corrected.
| Red Hat, Inc. Security
Advisory |
||
| Package | KDE | |
| Synopsis | KDE update for Red Hat Linux 6.0 | |
| Advisory ID | RHSA-1999:015-01 | |
| Issue Date | 1999-06-21 | |
| Keywords | kde kdm kvt kmail 1.1.1 | |
|
1. Topic:
2. Bug IDs fixed:
3. Relevant releases/architectures:
4. Obsoleted by:
5. Conflicts with:
6. RPMs required: Intel:
kdeadmin-
1.1.2-3.i386.rpm Alpha:
kdeadmin-1.1.2-3.alpha.rpm SPARC:
kdeadmin-1.1.2-3.sparc.rpm
7. Problem description: kmail, the kde mail reader, had a bug related to decoding mime attachments in an unsafe manner. Attachments were written using an easily predictable filename to a temporary directory. This could could then be be exploited to overwrite arbitrary files owned by the person using kmail via a symlink attack.
8. Solution: For each RPM for your particular architecture, run: rpm -Uvh FILENAME where filename is the name of the RPM.
9. Verification:
You can verify each package with the following command:
rpm --checksig If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command:
rpm --checksig --nopgp
10. References: |
||
PREVIOUS
NEXT
Warning: Undefined array key "solution" in /var/www/www.linuxsecurity.com-443/html/lsadvisories/lsadvisories.php on line 316
Red Hat 6.0 RHSA-1999:015-01 Moderate: KDE Security Fixes Available
red hat
December 7, 1999
New KDE RPMs are available for Red Hat Linux 6.0
Solution
Upgrade to KDE 1.1.1 final, which fixes a number of bugs present in
the previous release and contains additional patches to correct
security holes in kmail and kvt.
For each RPM for your particular architecture, run:
rpm -Uvh FILENAME
where filename is the name of the RPM.
9. Verification:
These packages are also PGP signed by Red Hat Inc. for security. Our
key is available at:
You can verify each package with the following command:
rpm --checksig
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
rpm --checksig --nopgp
Summary
Topics Covered
References
This URL describes the kmail security hole.
Package List
Severity
important
Lowest
Low
Medium
High
Critical
Topic
Topics Covered
Relevant Releases Architectures
Red Hat Linux 6.0, all architectures
4. Obsoleted by:
None
5. Conflicts with:
None
6. RPMs required:
Intel:
kdeadmin-
1.1.2-3.i386.rpm
kdebase-
1.1.2-11.i386.rpm
kdegames-
1.1.2-2.i386.rpm
kdegraphics-1.1.2-2.i386.rpm
kdelibs-
1.1.2-9.i386.rpm
kdemultimedia-1.1.2-3.i386.rpm
kdenetwork-1.1.2-4.i386.rpm
kdesupport-1.1.2-3.i386.rpm
kdetoys-
1.1.2-2.i386.rpm
kdeutils-
1.1.2-2.i386.rpm
korganizer-1.1.1-2.i386.rpm
kpilot-
3.1b9-3.i386.rpm
Alpha:
kdeadmin-1.1.2-3.alpha.rpm
kdebase-1.1.2-11.alpha.rpm
kdegames-1.1.2-2.alpha.rpm
kdegraphics-1.1.2-2.alpha.rpm
kdelibs-
1.1.2-9.alpha.rpm
kdemultimedia-1.1.2-3.alpha.rpm
kdenetwork-1.1.2-4.alpha.rpm
kdesupport-1.1.2-3.alpha.rpm
kdetoys-
1.1.2-2.alpha.rpm
kdeutils-1.1.2-2.alpha.rpm
korganizer-1.1.1-2.alpha.rpm
kpilot-
3.1b9-3.alpha.rpm
SPARC:
kdeadmin-1.1.2-3.sparc.rpm
kdebase-1.1.2-11.sparc.rpm
kdegames-1.1.2-2.sparc.rpm
kdegraphics-1.1.2-2.sparc.rpm
kdelibs-
1.1.2-9.sparc.rpm
kdemultimedia-1.1.2-3.sparc.rpm
kdenetwork-1.1.2-4.sparc.rpm
kdesupport-1.1.2-3.sparc.rpm
kdetoys-
1.1.2-2.sparc.rpm
kdeutils-1.1.2-2.sparc.rpm
korganizer-1.1.1-2.sparc.rpm
kpilot-
3.1b9-3.sparc.rpm
Bugs Fixed
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!