Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2003:049 (kde3)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.50711

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2003:049 (kde3)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to kde3
announced via advisory MDKSA-2003:049.

A vulnerability was discovered by the KDE team in the way that KDE
uses Ghostscript for processing PostScript and PDF files. A malicious
attacker could provide a carefully constructed PDF or PostScript file
to an end user (via web or mail) that could lead to the execution of
arbitrary commands as the user viewing the file. The vulnerability
can be triggered even by the browser generating a directory listing
with thumbnails.

All users are encouraged to upgrade to these new kdegraphics, kdebase,
and kdelibs packages that contain patches to correct the problem.
This issue is corrected upstream in KDE 3.0.5b and KDE 3.1.1a.

Affected versions: 9.0, 9.1, Corporate Server 2.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2003:049
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0204
http://www.kde.org/info/security/advisory-20030409-1.txt

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2003-0204
Bugtraq: 20030410 GLSA: kde-3.x (200304-04) (Google Search)
http://marc.info/?l=bugtraq&m=105001557020141&w=2
Bugtraq: 20030411 GLSA: kde-2.x (200304-05) (Google Search)
http://marc.info/?l=bugtraq&m=105012994719099&w=2
Bugtraq: 20030412 [Sorcerer-spells] KDE-SORCERER2003-04-12 (Google Search)
http://marc.info/?l=bugtraq&m=105017403010459&w=2
Bugtraq: 20030414 GLSA: kde-2.x (200304-05.1) (Google Search)
http://marc.info/?l=bugtraq&m=105034222521369&w=2
Conectiva Linux advisory: CLA-2003:668
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000668
Conectiva Linux advisory: CLA-2003:747
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747
Debian Security Information: DSA-284 (Google Search)
http://www.debian.org/security/2003/dsa-284
Debian Security Information: DSA-293 (Google Search)
http://www.debian.org/security/2003/dsa-293
Debian Security Information: DSA-296 (Google Search)
http://www.debian.org/security/2003/dsa-296
http://www.mandriva.com/security/advisories?name=MDKSA-2003:049
http://www.redhat.com/support/errata/RHSA-2003-002.html

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.50711
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2003:049 (kde3)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to kde3 announced via advisory MDKSA-2003:049. A vulnerability was discovered by the KDE team in the way that KDE uses Ghostscript for processing PostScript and PDF files. A malicious attacker could provide a carefully constructed PDF or PostScript file to an end user (via web or mail) that could lead to the execution of arbitrary commands as the user viewing the file. The vulnerability can be triggered even by the browser generating a directory listing with thumbnails. All users are encouraged to upgrade to these new kdegraphics, kdebase, and kdelibs packages that contain patches to correct the problem. This issue is corrected upstream in KDE 3.0.5b and KDE 3.1.1a. Affected versions: 9.0, 9.1, Corporate Server 2.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2003:049 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0204 http://www.kde.org/info/security/advisory-20030409-1.txt Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0204 Bugtraq: 20030410 GLSA: kde-3.x (200304-04) (Google Search) http://marc.info/?l=bugtraq&m=105001557020141&w=2 Bugtraq: 20030411 GLSA: kde-2.x (200304-05) (Google Search) http://marc.info/?l=bugtraq&m=105012994719099&w=2 Bugtraq: 20030412 [Sorcerer-spells] KDE-SORCERER2003-04-12 (Google Search) http://marc.info/?l=bugtraq&m=105017403010459&w=2 Bugtraq: 20030414 GLSA: kde-2.x (200304-05.1) (Google Search) http://marc.info/?l=bugtraq&m=105034222521369&w=2 Conectiva Linux advisory: CLA-2003:668 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000668 Conectiva Linux advisory: CLA-2003:747 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747 Debian Security Information: DSA-284 (Google Search) http://www.debian.org/security/2003/dsa-284 Debian Security Information: DSA-293 (Google Search) http://www.debian.org/security/2003/dsa-293 Debian Security Information: DSA-296 (Google Search) http://www.debian.org/security/2003/dsa-296 http://www.mandriva.com/security/advisories?name=MDKSA-2003:049 http://www.redhat.com/support/errata/RHSA-2003-002.html
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com