---------------------------------------------------------------------Fedora Update Notification
FEDORA-2005-744
2005-08-16
---------------------------------------------------------------------Product     : Fedora Core 4
Name        : kdeedu
Version     : 3.4.2                      
Release     : 0.fc4.2                  
Summary     : Educational/Edutainment applications for KDE
Description :
Educational/Edutainment applications for KDE

---------------------------------------------------------------------Update Information:

Ben Burton notified the KDE security team about several
tempfile handling related vulnerabilities in langen2kvtml,
a conversion script for kvoctrain. The script must be
manually invoked.

The script uses known filenames in /tmp which allow an local 
attacker to overwrite files writeable by the user invoking the 
conversion script.

This update fixes these vulnerabilities.
---------------------------------------------------------------------* Tue Aug  9 2005 Than Ngo  3.4.2-0.fc4.2
- apply patch to fix tempfile vulnerability, CAN-2005-2101, #165606


---------------------------------------------------------------------This update can be downloaded from:
  
c67158d3b335fbc4a8f2ea525c3b72b7  SRPMS/kdeedu-3.4.2-0.fc4.2.src.rpm
bd7bb376d62d379191c13e41ddacc71c  ppc/kdeedu-3.4.2-0.fc4.2.ppc.rpm
0078da1ed86fb27e7cafdf7266aaf531  ppc/kdeedu-devel-3.4.2-0.fc4.2.ppc.rpm
2413132c98bd9056d83d3a36599a7a7c  ppc/debug/kdeedu-debuginfo-3.4.2-0.fc4.2.ppc.rpm
ad81b18583d1c1ae12b7bb80e5f9a231  x86_64/kdeedu-3.4.2-0.fc4.2.x86_64.rpm
dc9701f17f39a2b2e7557445cb643a0c  x86_64/kdeedu-devel-3.4.2-0.fc4.2.x86_64.rpm
3fdfc3ac1f9b274aa23105f668669928  x86_64/debug/kdeedu-debuginfo-3.4.2-0.fc4.2.x86_64.rpm
2dec5389a9e086cfe32bea50dfc0020f  i386/kdeedu-3.4.2-0.fc4.2.i386.rpm
3fb79b0ca43b4f83b535ded7c8d6bcdb  i386/kdeedu-devel-3.4.2-0.fc4.2.i386.rpm
7ac009558c5f813312dd95b9e9ef03b1  i386/debug/kdeedu-debuginfo-3.4.2-0.fc4.2.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
-----------------------------------------------------------------------fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list

Fedora Core 4 Update: kdeedu-3.4.2-0.fc4.2

August 18, 2005
Ben Burton notified the KDE security team about several tempfile handling related vulnerabilities in langen2kvtml, a conversion script for kvoctrain

Summary

Educational/Edutainment applications for KDE

Ben Burton notified the KDE security team about several

tempfile handling related vulnerabilities in langen2kvtml,

a conversion script for kvoctrain. The script must be

manually invoked.

The script uses known filenames in /tmp which allow an local

attacker to overwrite files writeable by the user invoking the

conversion script.

This update fixes these vulnerabilities.

- apply patch to fix tempfile vulnerability, CAN-2005-2101, #165606

c67158d3b335fbc4a8f2ea525c3b72b7 SRPMS/kdeedu-3.4.2-0.fc4.2.src.rpm

bd7bb376d62d379191c13e41ddacc71c ppc/kdeedu-3.4.2-0.fc4.2.ppc.rpm

0078da1ed86fb27e7cafdf7266aaf531 ppc/kdeedu-devel-3.4.2-0.fc4.2.ppc.rpm

2413132c98bd9056d83d3a36599a7a7c ppc/debug/kdeedu-debuginfo-3.4.2-0.fc4.2.ppc.rpm

ad81b18583d1c1ae12b7bb80e5f9a231 x86_64/kdeedu-3.4.2-0.fc4.2.x86_64.rpm

dc9701f17f39a2b2e7557445cb643a0c x86_64/kdeedu-devel-3.4.2-0.fc4.2.x86_64.rpm

3fdfc3ac1f9b274aa23105f668669928 x86_64/debug/kdeedu-debuginfo-3.4.2-0.fc4.2.x86_64.rpm

2dec5389a9e086cfe32bea50dfc0020f i386/kdeedu-3.4.2-0.fc4.2.i386.rpm

3fb79b0ca43b4f83b535ded7c8d6bcdb i386/kdeedu-devel-3.4.2-0.fc4.2.i386.rpm

7ac009558c5f813312dd95b9e9ef03b1 i386/debug/kdeedu-debuginfo-3.4.2-0.fc4.2.i386.rpm

This update can also be installed with the Update Agent; you can

launch the Update Agent with the 'up2date' command.

fedora-announce-list@redhat.com

http://www.redhat.com/mailman/listinfo/fedora-announce-list

FEDORA-2005-744 2005-08-16 Name : kdeedu Version : 3.4.2 Release : 0.fc4.2 Summary : Educational/Edutainment applications for KDE Description : Educational/Edutainment applications for KDE Ben Burton notified the KDE security team about several tempfile handling related vulnerabilities in langen2kvtml, a conversion script for kvoctrain. The script must be manually invoked. The script uses known filenames in /tmp which allow an local attacker to overwrite files writeable by the user invoking the conversion script. This update fixes these vulnerabilities. - apply patch to fix tempfile vulnerability, CAN-2005-2101, #165606 c67158d3b335fbc4a8f2ea525c3b72b7 SRPMS/kdeedu-3.4.2-0.fc4.2.src.rpm bd7bb376d62d379191c13e41ddacc71c ppc/kdeedu-3.4.2-0.fc4.2.ppc.rpm 0078da1ed86fb27e7cafdf7266aaf531 ppc/kdeedu-devel-3.4.2-0.fc4.2.ppc.rpm 2413132c98bd9056d83d3a36599a7a7c ppc/debug/kdeedu-debuginfo-3.4.2-0.fc4.2.ppc.rpm ad81b18583d1c1ae12b7bb80e5f9a231 x86_64/kdeedu-3.4.2-0.fc4.2.x86_64.rpm dc9701f17f39a2b2e7557445cb643a0c x86_64/kdeedu-devel-3.4.2-0.fc4.2.x86_64.rpm 3fdfc3ac1f9b274aa23105f668669928 x86_64/debug/kdeedu-debuginfo-3.4.2-0.fc4.2.x86_64.rpm 2dec5389a9e086cfe32bea50dfc0020f i386/kdeedu-3.4.2-0.fc4.2.i386.rpm 3fb79b0ca43b4f83b535ded7c8d6bcdb i386/kdeedu-devel-3.4.2-0.fc4.2.i386.rpm 7ac009558c5f813312dd95b9e9ef03b1 i386/debug/kdeedu-debuginfo-3.4.2-0.fc4.2.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. fedora-announce-list@redhat.com http://www.redhat.com/mailman/listinfo/fedora-announce-list

Change Log

References

Update Instructions

Severity
Name : kdeedu
Version : 3.4.2
Release : 0.fc4.2
Summary : Educational/Edutainment applications for KDE

Related News