-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Update Advisory _______________________________________________________________________ Package name: kdeedu Advisory ID: MDKSA-2005:159 Date: September 6th, 2005 Affected versions: 10.1, 10.2 ______________________________________________________________________ Problem Description: Ben Burton notified the KDE security team about several tempfile handling related vulnerabilities in langen2kvtml, a conversion script for kvoctrain. This vulnerability was initially discovered by Javier Fernández-Sanguino Peña. The script uses known filenames in /tmp which allow an local attacker to overwrite files writeable by the user (manually) invoking the conversion script. The updated packages have been patched to correct this problem. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2101 http://www.kde.org/info/security/advisory-20050815-1.txt ______________________________________________________________________ Updated Packages: Mandrakelinux 10.1: 22f08da9f14236b97f67c5976eda26d8 10.1/RPMS/kdeedu-3.2.3-7.1.101mdk.i586.rpm da6b340e1110607e71c3997030e6ff52 10.1/RPMS/libkdeedu1-3.2.3-7.1.101mdk.i586.rpm 895a59f03e50cfa3976a4b023e6f944d 10.1/RPMS/libkdeedu1-devel-3.2.3-7.1.101mdk.i586.rpm fab7de15f23ba02676b302e9b9f4606f 10.1/SRPMS/kdeedu-3.2.3-7.1.101mdk.src.rpm Mandrakelinux 10.1/X86_64: e689e0327fe6656afe4427dbde6531b4 x86_64/10.1/RPMS/kdeedu-3.2.3-7.1.101mdk.x86_64.rpm 737170e6d672711c36cb2b2e83243172 x86_64/10.1/RPMS/lib64kdeedu1-3.2.3-7.1.101mdk.x86_64.rpm de170bee8d5bbf97b5d0159865e6414f x86_64/10.1/RPMS/lib64kdeedu1-devel-3.2.3-7.1.101mdk.x86_64.rpm da6b340e1110607e71c3997030e6ff52 x86_64/10.1/RPMS/libkdeedu1-3.2.3-7.1.101mdk.i586.rpm fab7de15f23ba02676b302e9b9f4606f x86_64/10.1/SRPMS/kdeedu-3.2.3-7.1.101mdk.src.rpm Mandrakelinux 10.2: 04f206d950e469d65fa244fabf3607e1 10.2/RPMS/kdeedu-3.3.2-9.1.102mdk.i586.rpm 1d62bb60fb8e272e8ae9aa7ec4476631 10.2/RPMS/libkdeedu1-3.3.2-9.1.102mdk.i586.rpm d268b14834e1b89e55630bc33d26df15 10.2/RPMS/libkdeedu1-devel-3.3.2-9.1.102mdk.i586.rpm ab09fc314b45a9ab535b0ec9dcf848a0 10.2/SRPMS/kdeedu-3.3.2-9.1.102mdk.src.rpm Mandrakelinux 10.2/X86_64: 9d2ae377f8c640ec006a3de8f7773a5a x86_64/10.2/RPMS/kdeedu-3.3.2-9.1.102mdk.x86_64.rpm 54c81580deb3f2b06944046334759ce3 x86_64/10.2/RPMS/lib64kdeedu1-3.3.2-9.1.102mdk.x86_64.rpm d200247c5318c421ded410f0c80e1f4c x86_64/10.2/RPMS/lib64kdeedu1-devel-3.3.2-9.1.102mdk.x86_64.rpm ab09fc314b45a9ab535b0ec9dcf848a0 x86_64/10.2/SRPMS/kdeedu-3.3.2-9.1.102mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDHmKWmqjQ0CJFipgRAo6cAJ0cy86w1K8QsXRKPHll+L7yUkIhZgCglNSK oLKFVwNPXfUQZodkiSlohS8= =udO9 -----END PGP SIGNATURE-----