A security issue has been found in KDE. This errata provides updates which resolve these issues.
KDE is a graphical desktop environment for the X Window System. KDE fails in multiple places to properly quote URLs and filenames before passing them to a command shell. This could allow remote attackers to execute arbitrary commands through carefully crafted URLs, filenames, or email addresses. Users of KDE are advised to install the updated packages which contain backported patches to correct this issue. Please note that for the Itanium (IA64) architecture only, this update also fixes several other vulnerabilities. Details concerning these vulnerabilities can be found in advisory RHSA-2002:221 and correspond to CVE names CAN-2002-0970, CAN-2002-1151, CAN-2002-1247, and CAN-2002-1306.