what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2005.159

Mandriva Linux Security Advisory 2005.159
Posted Sep 8, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Update Advisory - Ben Burton notified the KDE security team about several tempfile handling related vulnerabilities in langen2kvtml, a conversion script for kvoctrain. This vulnerability was initially discovered by Javier Fern

tags | advisory, local, vulnerability
systems | linux, mandriva
SHA-256 | a47c7b1147b1d3baf301144a1eadf49cf107afeef603b598d59f027c3dd9368a

Mandriva Linux Security Advisory 2005.159

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Update Advisory
_______________________________________________________________________

Package name: kdeedu
Advisory ID: MDKSA-2005:159
Date: September 6th, 2005

Affected versions: 10.1, 10.2
______________________________________________________________________

Problem Description:

Ben Burton notified the KDE security team about several tempfile
handling related vulnerabilities in langen2kvtml, a conversion script
for kvoctrain. This vulnerability was initially discovered by Javier
Fernández-Sanguino Peña.

The script uses known filenames in /tmp which allow an local attacker
to overwrite files writeable by the user (manually) invoking the
conversion script.

The updated packages have been patched to correct this problem.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2101
http://www.kde.org/info/security/advisory-20050815-1.txt
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.1:
22f08da9f14236b97f67c5976eda26d8 10.1/RPMS/kdeedu-3.2.3-7.1.101mdk.i586.rpm
da6b340e1110607e71c3997030e6ff52 10.1/RPMS/libkdeedu1-3.2.3-7.1.101mdk.i586.rpm
895a59f03e50cfa3976a4b023e6f944d 10.1/RPMS/libkdeedu1-devel-3.2.3-7.1.101mdk.i586.rpm
fab7de15f23ba02676b302e9b9f4606f 10.1/SRPMS/kdeedu-3.2.3-7.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:
e689e0327fe6656afe4427dbde6531b4 x86_64/10.1/RPMS/kdeedu-3.2.3-7.1.101mdk.x86_64.rpm
737170e6d672711c36cb2b2e83243172 x86_64/10.1/RPMS/lib64kdeedu1-3.2.3-7.1.101mdk.x86_64.rpm
de170bee8d5bbf97b5d0159865e6414f x86_64/10.1/RPMS/lib64kdeedu1-devel-3.2.3-7.1.101mdk.x86_64.rpm
da6b340e1110607e71c3997030e6ff52 x86_64/10.1/RPMS/libkdeedu1-3.2.3-7.1.101mdk.i586.rpm
fab7de15f23ba02676b302e9b9f4606f x86_64/10.1/SRPMS/kdeedu-3.2.3-7.1.101mdk.src.rpm

Mandrakelinux 10.2:
04f206d950e469d65fa244fabf3607e1 10.2/RPMS/kdeedu-3.3.2-9.1.102mdk.i586.rpm
1d62bb60fb8e272e8ae9aa7ec4476631 10.2/RPMS/libkdeedu1-3.3.2-9.1.102mdk.i586.rpm
d268b14834e1b89e55630bc33d26df15 10.2/RPMS/libkdeedu1-devel-3.3.2-9.1.102mdk.i586.rpm
ab09fc314b45a9ab535b0ec9dcf848a0 10.2/SRPMS/kdeedu-3.3.2-9.1.102mdk.src.rpm

Mandrakelinux 10.2/X86_64:
9d2ae377f8c640ec006a3de8f7773a5a x86_64/10.2/RPMS/kdeedu-3.3.2-9.1.102mdk.x86_64.rpm
54c81580deb3f2b06944046334759ce3 x86_64/10.2/RPMS/lib64kdeedu1-3.3.2-9.1.102mdk.x86_64.rpm
d200247c5318c421ded410f0c80e1f4c x86_64/10.2/RPMS/lib64kdeedu1-devel-3.3.2-9.1.102mdk.x86_64.rpm
ab09fc314b45a9ab535b0ec9dcf848a0 x86_64/10.2/SRPMS/kdeedu-3.3.2-9.1.102mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDHmKWmqjQ0CJFipgRAo6cAJ0cy86w1K8QsXRKPHll+L7yUkIhZgCglNSK
oLKFVwNPXfUQZodkiSlohS8=
=udO9
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    15 Files
  • 20
    Jun 20th
    18 Files
  • 21
    Jun 21st
    8 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close