Rapid7 Vulnerability & Exploit Database

RHSA-2003:003: kdelibs security update

Back to Search

RHSA-2003:003: kdelibs security update

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
01/17/2003
Created
07/25/2018
Added
10/28/2005
Modified
07/12/2017

Description

A security issue has been found in KDE. This errata provides updates which resolve these issues.

KDE is a graphical desktop environment for the X Window System. KDE fails in multiple places to properly quote URLs and filenames before passing them to a command shell. This could allow remote attackers to execute arbitrary commands through carefully crafted URLs, filenames, or email addresses. Users of KDE are advised to install the updated packages which contain backported patches to correct this issue. Please note that for the Itanium (IA64) architecture only, this update also fixes several other vulnerabilities. Details concerning these vulnerabilities can be found in advisory RHSA-2002:221 and correspond to CVE names CAN-2002-0970, CAN-2002-1151, CAN-2002-1247, and CAN-2002-1306.

Solution(s)

  • redhat-upgrade-arts
  • redhat-upgrade-kdebase
  • redhat-upgrade-kdebase-devel
  • redhat-upgrade-kdegames
  • redhat-upgrade-kdegraphics
  • redhat-upgrade-kdegraphics-devel
  • redhat-upgrade-kdelibs
  • redhat-upgrade-kdelibs-devel
  • redhat-upgrade-kdelibs-sound
  • redhat-upgrade-kdelibs-sound-devel
  • redhat-upgrade-kdemultimedia
  • redhat-upgrade-kdemultimedia-devel
  • redhat-upgrade-kdenetwork
  • redhat-upgrade-kdenetwork-ppp
  • redhat-upgrade-kdepim
  • redhat-upgrade-kdepim-cellphone
  • redhat-upgrade-kdepim-devel
  • redhat-upgrade-kdepim-pilot
  • redhat-upgrade-kdesdk
  • redhat-upgrade-kdesdk-devel
  • redhat-upgrade-kdeutils

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;