LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandrake: Updated kdelibs packages fix Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake A vulnerability in dcopserver was discovered by Sebastian Krahmer of the SUSE security team. A local user can lock up the dcopserver of other users on the same machine by stalling the DCOP authentication process, causing a local Denial of Service.
 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           kdelibs
 Advisory ID:            MDKSA-2005:058
 Date:                   March 16th, 2005

 Affected versions:	 10.0, 10.1, Corporate 3.0
 ______________________________________________________________________

 Problem Description:

 A vulnerability in dcopserver was discovered by Sebastian Krahmer of
 the SUSE security team.  A local user can lock up the dcopserver of
 other users on the same machine by stalling the DCOP authentication
 process, causing a local Denial of Service.  dcopserver is the KDE
 Desktop Communication Procotol daemon (CAN-2005-0396).
 
 As well, the IDN (International Domain Names) support in Konqueror is
 vulnerable to a phishing technique known as a Homograph attack.  This
 attack is made possible due to IDN allowing a website to use a wide
 range of international characters that have a strong resemblance to
 other characters.  This can be used to trick users into thinking they
 are on a different trusted site when they are in fact on a site mocked
 up to look legitimate using these other characters, known as
 homographs.  This can be used to trick users into providing personal
 information to a site they think is trusted (CAN-2005-0237).
 
 Finally, it was found that the dcopidlng script was vulnerable to
 symlink attacks, potentially allowing a local user to overwrite
 arbitrary files of a user when the script is run on behalf of that
 user.  However, this script is only used as part of the build process
 of KDE itself and may also be used by the build processes of third-
 party KDE applications (CAN-2005-0365).
 
 The updated packages are patched to deal with these issues and
 Mandrakesoft encourages all users to upgrade immediately.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0237
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0365
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0396
  http://www.kde.org/info/security/advisory-20050316-1.txt
  http://www.kde.org/info/security/advisory-20050316-2.txt
  http://www.kde.org/info/security/advisory-20050316-3.txt
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 6c24906717a7a75fb7c0c7b0267bdca6  10.0/RPMS/kdelibs-common-3.2-36.12.100mdk.i586.rpm
 e0cb970bc7efeb6ba447c6cd92398f4b  10.0/RPMS/libkdecore4-3.2-36.12.100mdk.i586.rpm
 046bd58e4261238bb8857d3bdd5e09e7  10.0/RPMS/libkdecore4-devel-3.2-36.12.100mdk.i586.rpm
 113483436cc05765978f497ba70c300a  10.0/SRPMS/kdelibs-3.2-36.12.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 23bd80fb1b6e29ac30abf8ca030f02ce  amd64/10.0/RPMS/kdelibs-common-3.2-36.12.100mdk.amd64.rpm
 f0ed5a6cc839264cb1cf3d6a83a4881a  amd64/10.0/RPMS/lib64kdecore4-3.2-36.12.100mdk.amd64.rpm
 a1985658ba14f572ba759482debcef14  amd64/10.0/RPMS/lib64kdecore4-devel-3.2-36.12.100mdk.amd64.rpm
 113483436cc05765978f497ba70c300a  amd64/10.0/SRPMS/kdelibs-3.2-36.12.100mdk.src.rpm

 Mandrakelinux 10.1:
 ec7b57ea845f6c7ab01c8ee67b14b473  10.1/RPMS/kdelibs-common-3.2.3-104.2.101mdk.i586.rpm
 9e900e767495f30a02453974855b0497  10.1/RPMS/libkdecore4-3.2.3-104.2.101mdk.i586.rpm
 036ba66a047006933c33bc397d9503ee  10.1/RPMS/libkdecore4-devel-3.2.3-104.2.101mdk.i586.rpm
 468a28ffcb57e01535ba35fb633f4ee5  10.1/SRPMS/kdelibs-3.2.3-104.2.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 2f0b1d547f7b8f0234606092b3ea2bd4  x86_64/10.1/RPMS/kdelibs-common-3.2.3-104.2.101mdk.x86_64.rpm
 96cc9a12ab7c247f2c7c0c478fd3c772  x86_64/10.1/RPMS/lib64kdecore4-3.2.3-104.2.101mdk.x86_64.rpm
 cbe167d1624f0a1821de6af47b734771  x86_64/10.1/RPMS/lib64kdecore4-devel-3.2.3-104.2.101mdk.x86_64.rpm
 9e900e767495f30a02453974855b0497  x86_64/10.1/RPMS/libkdecore4-3.2.3-104.2.101mdk.i586.rpm
 468a28ffcb57e01535ba35fb633f4ee5  x86_64/10.1/SRPMS/kdelibs-3.2.3-104.2.101mdk.src.rpm

 Corporate 3.0:
 21a462267a1e459b2fe234338667d3c5  corporate/3.0/RPMS/kdelibs-common-3.2-36.12.C30mdk.i586.rpm
 221807f377f57439960bdcdfa4ea4a5c  corporate/3.0/RPMS/libkdecore4-3.2-36.12.C30mdk.i586.rpm
 b6b4538be00036dca0b983aa55061fb8  corporate/3.0/RPMS/libkdecore4-devel-3.2-36.12.C30mdk.i586.rpm
 f8bb656cb23100dae5da6c7024f89277  corporate/3.0/SRPMS/kdelibs-3.2-36.12.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 d42efc7c072d78794750742a0ffa8808  x86_64/corporate/3.0/RPMS/kdelibs-common-3.2-36.12.C30mdk.x86_64.rpm
 ed57b05ddc173abc8271516abd47e289  x86_64/corporate/3.0/RPMS/lib64kdecore4-3.2-36.12.C30mdk.x86_64.rpm
 99bd9de3205bf4e728987b1267382174  x86_64/corporate/3.0/RPMS/lib64kdecore4-devel-3.2-36.12.C30mdk.x86_64.rpm
 f8bb656cb23100dae5da6c7024f89277  x86_64/corporate/3.0/SRPMS/kdelibs-3.2-36.12.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
USB is now UEC (use with extreme caution)
iPhone Encryption and the Return of the Crypto Wars
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.