<<< Date Index >>>     <<< Thread Index >>>

MDKSA-2004:003 - Updated kdepim packages fix vulnerability



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandrake Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           kdepim
 Advisory ID:            MDKSA-2004:003
 Date:                   January 14th, 2004

 Affected versions:      9.1, 9.2
 ______________________________________________________________________

 Problem Description:

 A vulnerability was discovered in all versions of kdepim as distributed
 with KDE versions 3.1.0 through 3.1.4.  This vulnerability allows for a
 carefully crafted .VCF file to potentially enable a local attacker to
 compromise the privacy of a victim's data or execute arbitrary commands
 with the victim's privileges.  This can also be used by remote
 attackers if the victim enables previews for remote files; however this
 is disabled by default.
 
 The provided packages contain a patch from the KDE team to correct this
 problem.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0988
 ______________________________________________________________________

 Updated Packages:
  
 Mandrake Linux 9.1:
 b3297bd1264c7a3b75ae0e9b7625c55c  9.1/RPMS/kdepim-3.1-17.1.91mdk.i586.rpm
 cc27c7b4f34ffc7691ac94cd88cc6e7d  9.1/RPMS/kdepim-devel-3.1-17.1.91mdk.i586.rpm
 7b9e7195a0d2be0a104721573cd4baa9  9.1/SRPMS/kdepim-3.1-17.1.91mdk.src.rpm

 Mandrake Linux 9.1/PPC:
 4bbf0580609a00149251c289a4fbcf78  ppc/9.1/RPMS/kdepim-3.1-17.1.91mdk.ppc.rpm
 e0685eaca858741c8c3cae1790d3e1ae  
ppc/9.1/RPMS/kdepim-devel-3.1-17.1.91mdk.ppc.rpm
 7b9e7195a0d2be0a104721573cd4baa9  ppc/9.1/SRPMS/kdepim-3.1-17.1.91mdk.src.rpm

 Mandrake Linux 9.2:
 9e997e2a0c4091396e6d7cb6c9672976  9.2/RPMS/kdepim-3.1.3-22.1.92mdk.i586.rpm
 00014dec7ba7cbc4c4f325595b8ef9dc  
9.2/RPMS/kdepim-common-3.1.3-22.1.92mdk.i586.rpm
 f460ab9983a88eed43e249f49b36ca23  
9.2/RPMS/kdepim-kaddressbook-3.1.3-22.1.92mdk.i586.rpm
 769d777f660104e9c780604e5e21bb49  
9.2/RPMS/kdepim-karm-3.1.3-22.1.92mdk.i586.rpm
 d0281ac08e2e1c873b6e09cb3ca97955  
9.2/RPMS/kdepim-knotes-3.1.3-22.1.92mdk.i586.rpm
 b4306a3cf159f33f931d9e017b606154  
9.2/RPMS/kdepim-korganizer-3.1.3-22.1.92mdk.i586.rpm
 781b247e4eccd95c7ee1349447e02252  
9.2/RPMS/kdepim-kpilot-3.1.3-22.1.92mdk.i586.rpm
 c88dde56483fa3644b7e82d95570274d  
9.2/RPMS/libkdepim2-common-3.1.3-22.1.92mdk.i586.rpm
 40fa05bc22dc12ee2772bb7810a74b3e  
9.2/RPMS/libkdepim2-common-devel-3.1.3-22.1.92mdk.i586.rpm
 3eb1ff8007af841cf98213d702e94860  
9.2/RPMS/libkdepim2-korganizer-3.1.3-22.1.92mdk.i586.rpm
 9cdffe4f67383764cd073a7f6082eb17  
9.2/RPMS/libkdepim2-korganizer-devel-3.1.3-22.1.92mdk.i586.rpm
 0879f99e16110e11984d5c337e67e345  
9.2/RPMS/libkdepim2-kpilot-3.1.3-22.1.92mdk.i586.rpm
 5331380f4ebbc639d15641ff8edd626f  
9.2/RPMS/libkdepim2-kpilot-devel-3.1.3-22.1.92mdk.i586.rpm
 86d7735e5e82a6966f8fad89041c820e  9.2/SRPMS/kdepim-3.1.3-22.1.92mdk.src.rpm

 Mandrake Linux 9.2/AMD64:
 a34c205be11a42acfe402e0af7987e9b  
amd64/9.2/RPMS/kdepim-3.1.3-22.1.92mdk.amd64.rpm
 9946de101a38af66dae3e4351d31bdf7  
amd64/9.2/RPMS/kdepim-common-3.1.3-22.1.92mdk.amd64.rpm
 e583a811dcba5546a87a27746d1e0b29  
amd64/9.2/RPMS/kdepim-kaddressbook-3.1.3-22.1.92mdk.amd64.rpm
 8087b3aff32942839d314f3e3e48c3e2  
amd64/9.2/RPMS/kdepim-karm-3.1.3-22.1.92mdk.amd64.rpm
 6d87bb121fdbe4d770f48f64717b87c2  
amd64/9.2/RPMS/kdepim-knotes-3.1.3-22.1.92mdk.amd64.rpm
 0cfe63aa263386eb3c9c6eb26284ab30  
amd64/9.2/RPMS/kdepim-korganizer-3.1.3-22.1.92mdk.amd64.rpm
 41ed47ace322ef4d3abf28a01ee8298a  
amd64/9.2/RPMS/kdepim-kpilot-3.1.3-22.1.92mdk.amd64.rpm
 22435736ed0d8ff509f4588281ac60a5  
amd64/9.2/RPMS/lib64kdepim2-common-3.1.3-22.1.92mdk.amd64.rpm
 1f3c9f5c68e4b4f9b5d7b6a76b11a0a8  
amd64/9.2/RPMS/lib64kdepim2-common-devel-3.1.3-22.1.92mdk.amd64.rpm
 007ba31592667f67120defd7d967aee8  
amd64/9.2/RPMS/lib64kdepim2-korganizer-3.1.3-22.1.92mdk.amd64.rpm
 0cec041bae994060f9431743540a7c72  
amd64/9.2/RPMS/lib64kdepim2-korganizer-devel-3.1.3-22.1.92mdk.amd64.rpm
 df94e0e34a10dc1ae28487b958ecab33  
amd64/9.2/RPMS/lib64kdepim2-kpilot-3.1.3-22.1.92mdk.amd64.rpm
 cb132b76bb3f1f994a769d1a3fcf6e3a  
amd64/9.2/RPMS/lib64kdepim2-kpilot-devel-3.1.3-22.1.92mdk.amd64.rpm
 86d7735e5e82a6966f8fad89041c820e  
amd64/9.2/SRPMS/kdepim-3.1.3-22.1.92mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 A list of FTP mirrors can be obtained from:

  http://www.mandrakesecure.net/en/ftp.php

 All packages are signed by MandrakeSoft for security.  You can obtain
 the GPG public key of the Mandrake Linux Security Team by executing:

  gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98

 Please be aware that sometimes it takes the mirrors a few hours to
 update.

 You can view other update advisories for Mandrake Linux at:

  http://www.mandrakesecure.net/en/advisories/

 MandrakeSoft has several security-related mailing list services that
 anyone can subscribe to.  Information on these lists can be obtained by
 visiting:

  http://www.mandrakesecure.net/en/mlist.php

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFABiFFmqjQ0CJFipgRAr6fAKDPbtTrsDSNUEAx6aTH/4l0cTqbmgCfb0+U
hP3kyvgPzJrLpHdql0ZgTNg=
=hvPY
-----END PGP SIGNATURE-----