aru Posted May 18, 2004 Report Share Posted May 18, 2004 MandrakeSoft Security Advisory MDKSA-2004:047 : kdelibs May 18th, 2004 Updated kdelibs packages fix URI handling vulnerabilities A vulnerability in the Opera web browser was identified by iDEFENSE; the same type of vulnerability exists in KDE. The telnet, rlogin, ssh, and mailto URI handlers do not check for '-' at the beginning of the hostname passed, which makes it possible to pass an option to the programs started by the handlers. This can allow remote attackers to create or truncate arbitrary files. The updated packages contain patches provided by the KDE team to fix this problem. The released versions of Mandrake GNU/Linux affected are: 9.2 9.2/AMD64 10.0 Full information about this advisory, including the updated packages, is available at: www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:047 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2004-0411 http://www.securityfocus.com/archive/1/363225 Posted automatically by aru (mdksec2mub v0.0.8) Link to comment Share on other sites More sharing options...
Recommended Posts