MDKSA-2005:122 - Updated kdelibs packages fix vulnerability in kate and kwrite
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: kdelibs
Advisory ID: MDKSA-2005:122
Date: July 20th, 2005
Affected versions: 10.1, 10.2, Corporate 3.0
______________________________________________________________________
Problem Description:
The Kate and Kwrite programs create a file backup before saving a
modified file. These backup files are created with default system
permissions, even if the original file had more strict permissions
set.
The updated packages have been patched to address this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1920
http://www.kde.org/info/security/advisory-20050718-1.txt
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.1:
a0f1efe07bb5841847108cc0daf12217
10.1/RPMS/kdelibs-common-3.2.3-106.2.101mdk.i586.rpm
f7862670574e110f1f1c057e3469fc7a
10.1/RPMS/libkdecore4-3.2.3-106.2.101mdk.i586.rpm
237a0ae8464e3bfd53c92f5c0de55393
10.1/RPMS/libkdecore4-devel-3.2.3-106.2.101mdk.i586.rpm
e8a3cf31cbead94c2cae9b0354b8519b 10.1/SRPMS/kdelibs-3.2.3-106.2.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
58459812a658d852c9e687dc1f9b4330
x86_64/10.1/RPMS/kdelibs-common-3.2.3-106.2.101mdk.x86_64.rpm
5d6bfa6646edbc3ad2eca04ad9fdc327
x86_64/10.1/RPMS/lib64kdecore4-3.2.3-106.2.101mdk.x86_64.rpm
504c65d12c4688b4cd37309e6d989062
x86_64/10.1/RPMS/lib64kdecore4-devel-3.2.3-106.2.101mdk.x86_64.rpm
f7862670574e110f1f1c057e3469fc7a
x86_64/10.1/RPMS/libkdecore4-3.2.3-106.2.101mdk.i586.rpm
237a0ae8464e3bfd53c92f5c0de55393
x86_64/10.1/RPMS/libkdecore4-devel-3.2.3-106.2.101mdk.i586.rpm
e8a3cf31cbead94c2cae9b0354b8519b
x86_64/10.1/SRPMS/kdelibs-3.2.3-106.2.101mdk.src.rpm
Mandrakelinux 10.2:
b87de63cf909821c607ad96a9fe4d214
10.2/RPMS/kdelibs-common-3.3.2-124.2.102mdk.i586.rpm
afd0981056261c82daf24cd8225b12d6
10.2/RPMS/libkdecore4-3.3.2-124.2.102mdk.i586.rpm
8102a00c4778222972484fa92a3f125e
10.2/RPMS/libkdecore4-devel-3.3.2-124.2.102mdk.i586.rpm
0574a1270ad44837e35afb7c15f7d1c0 10.2/SRPMS/kdelibs-3.3.2-124.2.102mdk.src.rpm
Mandrakelinux 10.2/X86_64:
4d55b8d9aa6108bc94a8d1151136d01d
x86_64/10.2/RPMS/kdelibs-common-3.3.2-124.2.102mdk.x86_64.rpm
0576c9fe5bc43927f3cea421e7d2301a
x86_64/10.2/RPMS/lib64kdecore4-3.3.2-124.2.102mdk.x86_64.rpm
c65120ab7eaab75027d8e39e0f434b65
x86_64/10.2/RPMS/lib64kdecore4-devel-3.3.2-124.2.102mdk.x86_64.rpm
afd0981056261c82daf24cd8225b12d6
x86_64/10.2/RPMS/libkdecore4-3.3.2-124.2.102mdk.i586.rpm
8102a00c4778222972484fa92a3f125e
x86_64/10.2/RPMS/libkdecore4-devel-3.3.2-124.2.102mdk.i586.rpm
0574a1270ad44837e35afb7c15f7d1c0
x86_64/10.2/SRPMS/kdelibs-3.3.2-124.2.102mdk.src.rpm
Corporate 3.0:
e45c3989a48dc0ec233aab73bbeeb8b0
corporate/3.0/RPMS/kdelibs-common-3.2-36.14.C30mdk.i586.rpm
c0b72328b43a17d765554c1dddaa7602
corporate/3.0/RPMS/libkdecore4-3.2-36.14.C30mdk.i586.rpm
8f53a7b7cfd1ffd2d16e47f54a8b21e9
corporate/3.0/RPMS/libkdecore4-devel-3.2-36.14.C30mdk.i586.rpm
def69e2c45825276eceae1ad9a3e34cd
corporate/3.0/SRPMS/kdelibs-3.2-36.14.C30mdk.src.rpm
Corporate 3.0/X86_64:
5d7c3a0ee26395542ce0560c29c9872d
x86_64/corporate/3.0/RPMS/kdelibs-common-3.2-36.14.C30mdk.x86_64.rpm
b37a1651ba33fdb2bb6e8bbd1c15b0be
x86_64/corporate/3.0/RPMS/lib64kdecore4-3.2-36.14.C30mdk.x86_64.rpm
32cee9a6d31ff7e57ebad83ab3c292ef
x86_64/corporate/3.0/RPMS/lib64kdecore4-devel-3.2-36.14.C30mdk.x86_64.rpm
c0b72328b43a17d765554c1dddaa7602
x86_64/corporate/3.0/RPMS/libkdecore4-3.2-36.14.C30mdk.i586.rpm
def69e2c45825276eceae1ad9a3e34cd
x86_64/corporate/3.0/SRPMS/kdelibs-3.2-36.14.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFC3t51mqjQ0CJFipgRAi2yAKDrp/EUhavta8Of1140P5zGlKkSEACcDOkS
TtUwKi4VR4Mkht/DA3ZN6io=
=eM7a
-----END PGP SIGNATURE-----