Rapid7 Vulnerability & Exploit Database

RHSA-2003:002: Updated KDE packages fix security issues

Back to Search

RHSA-2003:002: Updated KDE packages fix security issues

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
05/05/2003
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

This erratum provides updated KDE packages to resolve two security issues.

KDE is a graphical desktop environment for the X Window System. KDE fails in multiple places to properly quote URLs and file names before passing them to a command shell. This could allow remote attackers to execute arbitrary commands via carefully crafted URLs, filenames, or email addresses. CAN-2002-1393. KDE versions up to and including KDE 3.1.1 have a vulnerability caused by -dSAFER not being used when previewing in Konquerer. An attacker can prepare a malicious PostScript or PDF file which provides the attacker with access to the victim's account and privileges when the victim opens this malicious file for viewing or when the victim browses a directory containing such malicious file and has file previews enabled. Red Hat Linux 9 provides KDE version 3.1 and is not vulnerable to the first issue (CAN-2002-1393). This erratum provides updated packages with a backported fix for the malicious PostScript and PDF issue. Red Hat Linux 7.3 and 8.0 currently provide KDE version 3.0.3 and are vulnerable to both of these issues. This erratum provides KDE 3.0.5a packages with patches to correct these issues. Red Hat Linux 7.2 shipped with KDE 2.2.2, and Red Hat Linux 7.1 shipped with KDE 2.1.1. The versions are vulnerable to both of the issues. This erratum provides packages which contain backported patches to correct the issues.

Solution(s)

  • redhat-upgrade-ark
  • redhat-upgrade-arts
  • redhat-upgrade-arts-devel
  • redhat-upgrade-cervisia
  • redhat-upgrade-kaboodle
  • redhat-upgrade-kamera
  • redhat-upgrade-karm
  • redhat-upgrade-kcalc
  • redhat-upgrade-kcharselect
  • redhat-upgrade-kcoloredit
  • redhat-upgrade-kde-i18n-afrikaans
  • redhat-upgrade-kde-i18n-azerbaijani
  • redhat-upgrade-kde-i18n-brazil
  • redhat-upgrade-kde-i18n-british
  • redhat-upgrade-kde-i18n-bulgarian
  • redhat-upgrade-kde-i18n-catalan
  • redhat-upgrade-kde-i18n-chinese
  • redhat-upgrade-kde-i18n-chinese-big5
  • redhat-upgrade-kde-i18n-czech
  • redhat-upgrade-kde-i18n-danish
  • redhat-upgrade-kde-i18n-dutch
  • redhat-upgrade-kde-i18n-esperanto
  • redhat-upgrade-kde-i18n-estonian
  • redhat-upgrade-kde-i18n-finnish
  • redhat-upgrade-kde-i18n-french
  • redhat-upgrade-kde-i18n-german
  • redhat-upgrade-kde-i18n-greek
  • redhat-upgrade-kde-i18n-hebrew
  • redhat-upgrade-kde-i18n-hungarian
  • redhat-upgrade-kde-i18n-icelandic
  • redhat-upgrade-kde-i18n-italian
  • redhat-upgrade-kde-i18n-japanese
  • redhat-upgrade-kde-i18n-korean
  • redhat-upgrade-kde-i18n-latvian
  • redhat-upgrade-kde-i18n-lithuanian
  • redhat-upgrade-kde-i18n-maltese
  • redhat-upgrade-kde-i18n-norwegian
  • redhat-upgrade-kde-i18n-norwegian-nynorsk
  • redhat-upgrade-kde-i18n-polish
  • redhat-upgrade-kde-i18n-portuguese
  • redhat-upgrade-kde-i18n-romanian
  • redhat-upgrade-kde-i18n-russian
  • redhat-upgrade-kde-i18n-serbian
  • redhat-upgrade-kde-i18n-slovak
  • redhat-upgrade-kde-i18n-slovenian
  • redhat-upgrade-kde-i18n-spanish
  • redhat-upgrade-kde-i18n-swedish
  • redhat-upgrade-kde-i18n-tamil
  • redhat-upgrade-kde-i18n-thai
  • redhat-upgrade-kde-i18n-turkish
  • redhat-upgrade-kde-i18n-ukrainian
  • redhat-upgrade-kde-i18n-xhosa
  • redhat-upgrade-kdeaddons-kate
  • redhat-upgrade-kdeaddons-kicker
  • redhat-upgrade-kdeaddons-knewsticker
  • redhat-upgrade-kdeaddons-konqueror
  • redhat-upgrade-kdeaddons-noatun
  • redhat-upgrade-kdeadmin
  • redhat-upgrade-kdeartwork
  • redhat-upgrade-kdeartwork-kworldclock
  • redhat-upgrade-kdeartwork-locolor
  • redhat-upgrade-kdeartwork-screensavers
  • redhat-upgrade-kdebase
  • redhat-upgrade-kdebase-devel
  • redhat-upgrade-kdebindings
  • redhat-upgrade-kdebindings-devel
  • redhat-upgrade-kdebindings-kdec
  • redhat-upgrade-kdebindings-kdejava
  • redhat-upgrade-kdebindings-kmozilla
  • redhat-upgrade-kdebindings-qtc
  • redhat-upgrade-kdebindings-qtjava
  • redhat-upgrade-kdegames
  • redhat-upgrade-kdegames-devel
  • redhat-upgrade-kdegraphics
  • redhat-upgrade-kdegraphics-devel
  • redhat-upgrade-kdelibs
  • redhat-upgrade-kdelibs-devel
  • redhat-upgrade-kdelibs-sound
  • redhat-upgrade-kdelibs-sound-devel
  • redhat-upgrade-kdemultimedia
  • redhat-upgrade-kdemultimedia-arts
  • redhat-upgrade-kdemultimedia-devel
  • redhat-upgrade-kdemultimedia-kfile
  • redhat-upgrade-kdemultimedia-libs
  • redhat-upgrade-kdenetwork
  • redhat-upgrade-kdenetwork-devel
  • redhat-upgrade-kdenetwork-libs
  • redhat-upgrade-kdenetwork-ppp
  • redhat-upgrade-kdepasswd
  • redhat-upgrade-kdepim
  • redhat-upgrade-kdepim-cellphone
  • redhat-upgrade-kdepim-devel
  • redhat-upgrade-kdepim-pilot
  • redhat-upgrade-kdesdk
  • redhat-upgrade-kdesdk-devel
  • redhat-upgrade-kdesdk-gimp
  • redhat-upgrade-kdesdk-kapptemplate
  • redhat-upgrade-kdesdk-kbabel
  • redhat-upgrade-kdesdk-kbugbuster
  • redhat-upgrade-kdesdk-kmtrace
  • redhat-upgrade-kdesdk-kompare
  • redhat-upgrade-kdesdk-kspy
  • redhat-upgrade-kdessh
  • redhat-upgrade-kdesupport
  • redhat-upgrade-kdesupport-devel
  • redhat-upgrade-kdetoys
  • redhat-upgrade-kdeutils
  • redhat-upgrade-kdeutils-laptop
  • redhat-upgrade-kdevelop
  • redhat-upgrade-kdf
  • redhat-upgrade-kdict
  • redhat-upgrade-kdvi
  • redhat-upgrade-kedit
  • redhat-upgrade-keduca
  • redhat-upgrade-kfax
  • redhat-upgrade-kfile-pdf
  • redhat-upgrade-kfile-png
  • redhat-upgrade-kfloppy
  • redhat-upgrade-kfract
  • redhat-upgrade-kgeo
  • redhat-upgrade-kghostview
  • redhat-upgrade-khexedit
  • redhat-upgrade-kiconedit
  • redhat-upgrade-kit
  • redhat-upgrade-kjots
  • redhat-upgrade-klettres
  • redhat-upgrade-kljettool
  • redhat-upgrade-klpq
  • redhat-upgrade-klprfax
  • redhat-upgrade-kmail
  • redhat-upgrade-kmessedwords
  • redhat-upgrade-kmid
  • redhat-upgrade-kmidi
  • redhat-upgrade-kmix
  • redhat-upgrade-knewsticker
  • redhat-upgrade-knode
  • redhat-upgrade-knotes
  • redhat-upgrade-koncd
  • redhat-upgrade-kooka
  • redhat-upgrade-korn
  • redhat-upgrade-kpaint
  • redhat-upgrade-kpf
  • redhat-upgrade-kppp
  • redhat-upgrade-kregexpeditor
  • redhat-upgrade-kregexpeditor-devel
  • redhat-upgrade-kruler
  • redhat-upgrade-kscd
  • redhat-upgrade-ksirc
  • redhat-upgrade-ksnapshot
  • redhat-upgrade-kstars
  • redhat-upgrade-ktalkd
  • redhat-upgrade-ktimer
  • redhat-upgrade-ktouch
  • redhat-upgrade-kuickshow
  • redhat-upgrade-kview
  • redhat-upgrade-kviewshell
  • redhat-upgrade-kviewshell-devel
  • redhat-upgrade-kvoctrain
  • redhat-upgrade-kxmlrpcd
  • redhat-upgrade-libkscan
  • redhat-upgrade-libkscan-devel
  • redhat-upgrade-lisa
  • redhat-upgrade-noatun

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;