Fedora Core 3 Update: kdelibs-3.3.1-2.12.FC3 - The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

Is Mandatory Access Control Too Much Security For Enterprise's Linux?

	Yes, too difficult to configure and manage.
	No. You can never have enough security.
	Yes. Standard Linux security settings work for us.
	No. Industry demands will demand SELinux.
	Don't know.

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

Emily Ratliff: OS Security

DanWalsh LiveJournal

Security Bloggers Network

Latest Newsletters

Linux Advisory Watch: October 10th, 2008

Linux Security Week: October 6th, 2008

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

Fedora Core 3 Update: kdelibs-3.3.1-2.12.FC3

User Rating:

How can I rate this item?

Posted by Benjamin D. Thomas

A buffer overflow was found in the kimgio library for KDE 3.3.1. An attacker could create a carefully crafted PCX image in such a way that it would cause kimgio to execute arbitrary code when processing the image.

---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-350
2005-05-02
---------------------------------------------------------------------

Product     : Fedora Core 3
Name        : kdelibs
Version     : 3.3.1
Release     : 2.12.FC3
Summary     : K Desktop Environment - Libraries
Description :
Libraries for the K Desktop Environment:
KDE Libraries included: kdecore (KDE core library), kdeui (user interface),
kfm (file manager), khtmlw (HTML widget), kio (Input/Output, networking),
kspell (spelling checker), jscript (javascript), kab (addressbook),
kimgio (image manipulation).
---------------------------------------------------------------------
Update Information:

A buffer overflow was found in the kimgio library for KDE 3.3.1. An
attacker could create a carefully crafted PCX image in such a way that it
would cause kimgio to execute arbitrary code when processing the image.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-1046 to this issue.

All users of kdelibs should upgrade to these updated packages, which
contain a backported security patch to correct these issues.
---------------------------------------------------------------------

* Tue Apr 19 2005 Than Ngo  6:3.3.1-2.12.FC3

- apply patch to fix gcc warning #117938

* Tue Apr 19 2005 Than Ngo  6:3.3.1-2.11.FC3

- add missing kde documents #152307
- apply patch to fix kimgio input validation vulnerabilities, CAN-2005-1046
- add hack for loading of *.so shared object files #142244

* Mon Apr 18 2005 Than Ngo  6:3.3.1-2.10.FC3

- backport the patch to fix kimgio input validation vulnerabilities,
  CAN-2005-1046, #152093, thanks to KDE security team


---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

1023f08e9573cd579ed4d978b8f7a7fb  SRPMS/kdelibs-3.3.1-2.12.FC3.src.rpm
be28a562a1d99f4530ac1866ab332199  x86_64/kdelibs-3.3.1-2.12.FC3.x86_64.rpm
784b411818c9a1a3d28811e814b9880a  
x86_64/kdelibs-devel-3.3.1-2.12.FC3.x86_64.rpm
c81fb52aa13551ffb233f9ecc9ea72df  
x86_64/debug/kdelibs-debuginfo-3.3.1-2.12.FC3.x86_64.rpm
0e6fdd04807160ee7571bcfb098d4c79  x86_64/kdelibs-3.3.1-2.12.FC3.i386.rpm
0e6fdd04807160ee7571bcfb098d4c79  i386/kdelibs-3.3.1-2.12.FC3.i386.rpm
f14c330fcc3f2c9618dc88550d4dd307  i386/kdelibs-devel-3.3.1-2.12.FC3.i386.rpm
bf6808e504ace10edb9da8b6f71efc5f  
i386/debug/kdelibs-debuginfo-3.3.1-2.12.FC3.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------

--
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list

< Prev		Next >

Partner:

Latest Features

Never Installed a Firewall on Ubuntu? Try Firestarter

Review: Hacking Exposed Linux, Third Edition

Security Features of Firefox 3.0

Review: The Book of Wireless

April 2008 Open Source Tool of the Month: sudo

Open Source Tool of March: ZoneMinder

Meet the Anti-Nmap: PSAD

Weekend Edition

Billy Hoffman On AJAX Security and Browser Attacks

QuickLinks: Comunity , HOWTOs , Blogs , Features , Book Reviews , Networking ,
Security Projects , Latest News , Newsletters , SELinux , Privacy , Home,
Hardening , About Us, Advertise, Legal Notice, RSS, Guardian Digital