kdebase, kdelibs: Multiple security issues
1.
Gentoo Linux Security Advisory
Version Information
| Advisory Reference |
GLSA 200408-13 / kde, kdebase, kdelibs |
| Release Date |
August 12, 2004 |
| Latest Revision |
August 12, 2004: 01 |
| Impact |
normal |
| Exploitable |
remote and local |
| Package |
Vulnerable versions |
Unaffected versions |
Architecture(s) |
| kde-base/kdebase |
<
3.2.3-r1 |
>=
3.2.3-r1 |
All supported architectures
|
| kde-base/kdelibs |
<
3.2.3-r1 |
>=
3.2.3-r1 |
All supported architectures
|
Related bugreports:
#60068
Synopsis
KDE contains three security issues that can allow an attacker to compromise
system accounts, cause a Denial of Service, or spoof websites via frame
injection.
2.
Impact Information
Background
KDE is a powerful Free Software graphical desktop environment for Linux and
Unix-like Operating Systems.
Description
KDE contains three security issues:
- Insecure handling of temporary files when running KDE applications
outside of the KDE environment
- DCOPServer creates temporary files in an insecure manner
- The Konqueror browser allows websites to load webpages into a target
frame of any other open frame-based webpage
Impact
An attacker could exploit these vulnerabilities to create or overwrite
files with the permissions of another user, compromise the account of users
running a KDE application and insert arbitrary frames into an otherwise
trusted webpage.
3.
Resolution Information
Workaround
There is no known workaround at this time. All users are encouraged to
upgrade to the latest available version of kdebase.
Resolution
All KDE users should upgrade to the latest versions of kdelibs and kdebase:
Code Listing 3.1: Resolution |
# emerge sync
# emerge -pv ">=kde-base/kdebase-3.2.3-r1"
# emerge ">=kde-base/kdebase-3.2.3-r1"
# emerge -pv ">=kde-base/kdelibs-3.2.3-r1"
# emerge ">=kde-base/kdelibs-3.2.3-r1"
|
4.
References
|
