The kdelibs packages include libraries for the K Desktop Environment.
Two flaws were found in the sandbox environment used to run Java-applets in
the Konqueror web browser. If a user has Java enabled in Konqueror and
visits a malicious website, the website could run a carefully crafted
Java-applet and obtain escalated privileges allowing reading and writing of
arbitrary files with the privileges of the victim. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-1145 to this issue.
A flaw was discovered in the FTP kioslave. KDE applications such as
Konqueror could be forced to execute arbitrary FTP commands via a carefully
crafted ftp URL. The URL could also be crafted in such a way as to send an
arbitrary email via SMTP. An attacker could make use of this flaw if a
victim visits a malicious web site. The Common Vulnerabilities and
Exposures project has assigned the name CAN-2004-1165 to this issue.
Users should update to these erratum packages which contain backported
patches to correct these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | i386 | kdelibs-devel | < 3.3.1-3.3 | kdelibs-devel-3.3.1-3.3.i386.rpm |
RedHat | any | ia64 | kdelibs-devel | < 3.3.1-3.3 | kdelibs-devel-3.3.1-3.3.ia64.rpm |
RedHat | any | ppc | kdelibs-devel | < 3.3.1-3.3 | kdelibs-devel-3.3.1-3.3.ppc.rpm |
RedHat | any | s390x | kdelibs | < 3.3.1-3.3 | kdelibs-3.3.1-3.3.s390x.rpm |
RedHat | any | ppc | kdelibs | < 3.3.1-3.3 | kdelibs-3.3.1-3.3.ppc.rpm |
RedHat | any | src | kdelibs | < 3.3.1-3.3 | kdelibs-3.3.1-3.3.src.rpm |
RedHat | any | i386 | kdelibs | < 3.3.1-3.3 | kdelibs-3.3.1-3.3.i386.rpm |
RedHat | any | ia64 | kdelibs | < 3.3.1-3.3 | kdelibs-3.3.1-3.3.ia64.rpm |
RedHat | any | s390 | kdelibs-devel | < 3.3.1-3.3 | kdelibs-devel-3.3.1-3.3.s390.rpm |
RedHat | any | x86_64 | kdelibs | < 3.3.1-3.3 | kdelibs-3.3.1-3.3.x86_64.rpm |