[slackware-security]  Updated KDE packages available

New KDE 3.1.1a packages are available for Slackware 9.0 which
fix a security problem with the handling of PS and PDF documents.

Here are the details from the Slackware 9.0 ChangeLog:
+--------------------------+
Thu Apr 17 15:32:15 PDT 2003
patches/packages/kde/*:  Upgraded to KDE 3.1.1a.  Also included in
  this directory are a rebuild of Qt (linked with Xft2 rather than
  Xft1), an updated aRts package (the aRts sound server is a
  component of KDE, but ships as part of Slackware's L series), and
  kdevelop-3.0a4a.

  Note that this update addresses a security problem with KDE's
  handling of PostScript documents.  This is the overview of the
  problem from the KDE site:

    KDE uses Ghostscript software for processing of PostScript (PS)
    and PDF files in a way that allows for the execution of arbitrary
    commands that can be contained in such files.

    An attacker can prepare a malicious PostScript or PDF file which will
    provide the attacker with access to the victim's account and privileges
    when the victim opens this malicious file for viewing or when the
    victim browses a directory containing such malicious file and has
    file previews enabled.

    An attacker can provide malicious files remotely to a victim in an
    e-mail, as part of a webpage, via an ftp server and possible other
    means.

We recommend that sites running KDE install this update.

Please note that the change from Xft1 to Xft2 has changed the available
fonts in Konsole (and presumably elsewhere), and that Xft2 seems unable to
display the Linux Console font that was previously Slackware's default.
Also, it doesn't handle gamma correction when displaying fonts against a
black background, so we've had to change the default to black fonts on a
white background (this is Konsole's default).  This creates an additional
issue with certain file types displayed as bold white by /etc/DIR_COLORS
becoming invisible in directory listings.  A workaround is to comment out
these lines (or change to a different color):

.mpg 01;37 # movie formats
.avi 01;37
.mov 01;37

(* Security fix *)

patches/packages/kdei/*:  New internationalization packages for KDE 3.1.1a.
+--------------------------+



WHERE TO FIND THE NEW PACKAGES:
+-----------------------------+

Updated packages for Slackware 9.0: 
  
 



MD5 SIGNATURES:
+-------------+

Here are the md5sums for the packages:

Slackware 9.0 packages:
a4703d36ada98b2cf4f007831c345e71  arts-1.1.1-i386-1.tgz
84dee1d245b4a6a20cd863802cdb5585  kdeaddons-3.1.1-i386-1.tgz
41e728989a1607f0d1e59646299eaf5c  kdeadmin-3.1.1-i386-1.tgz
b78695f2fc29620b1042ed588168a0ce  kdeartwork-3.1.1-i386-1.tgz
fb8c6bc0b62e93c9cd0bc909184396fb  kdebase-3.1.1a-i386-1.tgz
b1bdcb88a6b063652dd1ccc39c185ea9  kdebindings-3.1.1-i386-1.tgz
984b511797675a0a656f61b13dab55ee  kdeedu-3.1.1-i386-1.tgz
4d50f069d411d6ca25c929d1912cacef  kdegames-3.1.1-i386-1.tgz
8d2d16f700606679f9c6f910cdfe8866  kdegraphics-3.1.1a-i386-1.tgz
b5801384f120c0091fe424184f927747  kdelibs-3.1.1a-i386-1.tgz
9153f3c96a342bc028c1d3d1817d9bd6  kdemultimedia-3.1.1-i386-1.tgz
e00a3cc3619021b4d1729fad8df70086  kdenetwork-3.1.1-i386-1.tgz
7a20c02d86b0fd944e51d3fa6e4c52cb  kdepim-3.1.1-i386-1.tgz
6fb982e85cf99f1ad33eac381e9344d3  kdesdk-3.1.1-i386-1.tgz
49d7ff0c5043baa45d849e04671daf6e  kdetoys-3.1.1-i386-1.tgz
547b68096327504b0368b979654b7639  kdeutils-3.1.1-i386-1.tgz
7a8716caa31054e3aa4f12d1bc80483a  kdevelop-3.0a4a-i386-1.tgz
c54f79a75a01e7b3947797eaf814045a  koffice-1.2.1-i386-3.tgz
abcd31460c04e7f7f2aa81153c4f1281  qt-3.1.2-i386-3.tgz
45b6b7d89d801925d6abe94f48042c5a  quanta-3.1.1-i386-1.tgz



INSTALLATION INSTRUCTIONS:
+------------------------+

As root, use upgradepkg to upgrade to the new packages:

upgradepkg *.tgz



+-----+

Slackware Linux Security Team 
slackware
security@slackware.com

Slackware: kde3 pdf/ps buffer overflow vulnerability

April 18, 2003
New KDE 3.1.1a packages are available for Slackware 9.0 which fix a security problem with the handling of PS and PDF documents.

Summary

Here are the details from the Slackware 9.0 ChangeLog: Thu Apr 17 15:32:15 PDT 2003 patches/packages/kde/*: Upgraded to KDE 3.1.1a. Also included in this directory are a rebuild of Qt (linked with Xft2 rather than Xft1), an updated aRts package (the aRts sound server is a component of KDE, but ships as part of Slackware's L series), and kdevelop-3.0a4a. Note that this update addresses a security problem with KDE's handling of PostScript documents. This is the overview of the problem from the KDE site: KDE uses Ghostscript software for processing of PostScript (PS) and PDF files in a way that allows for the execution of arbitrary commands that can be contained in such files. An attacker can prepare a malicious PostScript or PDF file which will provide the attacker with access to the victim's account and privileges when the victim opens this malicious file for viewing or when the victim browses a directory containing such malicious file and has file previews enabled. An attacker can provide malicious files remotely to a victim in an e-mail, as part of a webpage, via an ftp server and possible other means. We recommend that sites running KDE install this update. Please note that the change from Xft1 to Xft2 has changed the available fonts in Konsole (and presumably elsewhere), and that Xft2 seems unable to display the Linux Console font that was previously Slackware's default. Also, it doesn't handle gamma correction when displaying fonts against a black background, so we've had to change the default to black fonts on a white background (this is Konsole's default). This creates an additional issue with certain file types displayed as bold white by /etc/DIR_COLORS becoming invisible in directory listings. A workaround is to comment out these lines (or change to a different color): .mpg 01;37 # movie formats .avi 01;37 .mov 01;37 (* Security fix *) patches/packages/kdei/*: New internationalization packages for KDE 3.1.1a. WHERE TO FIND THE NEW PACKAGES: Updated packages for Slackware 9.0: MD5 SIGNATURES: Here are the md5sums for the packages: Slackware 9.0 packages: a4703d36ada98b2cf4f007831c345e71 arts-1.1.1-i386-1.tgz 84dee1d245b4a6a20cd863802cdb5585 kdeaddons-3.1.1-i386-1.tgz 41e728989a1607f0d1e59646299eaf5c kdeadmin-3.1.1-i386-1.tgz b78695f2fc29620b1042ed588168a0ce kdeartwork-3.1.1-i386-1.tgz fb8c6bc0b62e93c9cd0bc909184396fb kdebase-3.1.1a-i386-1.tgz b1bdcb88a6b063652dd1ccc39c185ea9 kdebindings-3.1.1-i386-1.tgz 984b511797675a0a656f61b13dab55ee kdeedu-3.1.1-i386-1.tgz 4d50f069d411d6ca25c929d1912cacef kdegames-3.1.1-i386-1.tgz 8d2d16f700606679f9c6f910cdfe8866 kdegraphics-3.1.1a-i386-1.tgz b5801384f120c0091fe424184f927747 kdelibs-3.1.1a-i386-1.tgz 9153f3c96a342bc028c1d3d1817d9bd6 kdemultimedia-3.1.1-i386-1.tgz e00a3cc3619021b4d1729fad8df70086 kdenetwork-3.1.1-i386-1.tgz 7a20c02d86b0fd944e51d3fa6e4c52cb kdepim-3.1.1-i386-1.tgz 6fb982e85cf99f1ad33eac381e9344d3 kdesdk-3.1.1-i386-1.tgz 49d7ff0c5043baa45d849e04671daf6e kdetoys-3.1.1-i386-1.tgz 547b68096327504b0368b979654b7639 kdeutils-3.1.1-i386-1.tgz 7a8716caa31054e3aa4f12d1bc80483a kdevelop-3.0a4a-i386-1.tgz c54f79a75a01e7b3947797eaf814045a koffice-1.2.1-i386-3.tgz abcd31460c04e7f7f2aa81153c4f1281 qt-3.1.2-i386-3.tgz 45b6b7d89d801925d6abe94f48042c5a quanta-3.1.1-i386-1.tgz INSTALLATION INSTRUCTIONS: As root, use upgradepkg to upgrade to the new packages: upgradepkg *.tgz Slackware Linux Security Team slackware security@slackware.com

Where Find New Packages

MD5 Signatures

Severity
[slackware-security] Updated KDE packages available
New KDE 3.1.1a packages are available for Slackware 9.0 which fix a security problem with the handling of PS and PDF documents.

Installation Instructions

Related News

19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved