Red Hat Local Security Checks : RedHat Security Advisory RHSA-2003:146

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51000

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2003:146

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2003:146.

KDE is a graphical desktop environment for the X Window System.

KDE versions up to and including KDE 3.1.1 have a vulnerability caused by
neglecting to use the -dSAFER option when previewing in Konquerer. An
attacker can prepare a malicious PostScript or PDF file which provides the
attacker with access to the victim's account and privileges when the victim
opens this malicious file for viewing, or when the victim browses a
directory containing this malicious file with file previews enabled in the
browser.

This erratum provides packages containing KDE 2.2.2 with backported patches
to correct these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2003-146.html
http://www.kde.org/info/security/advisory-20030409-1.txt

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2003-0204
Bugtraq: 20030410 GLSA: kde-3.x (200304-04) (Google Search)
http://marc.info/?l=bugtraq&m=105001557020141&w=2
Bugtraq: 20030411 GLSA: kde-2.x (200304-05) (Google Search)
http://marc.info/?l=bugtraq&m=105012994719099&w=2
Bugtraq: 20030412 [Sorcerer-spells] KDE-SORCERER2003-04-12 (Google Search)
http://marc.info/?l=bugtraq&m=105017403010459&w=2
Bugtraq: 20030414 GLSA: kde-2.x (200304-05.1) (Google Search)
http://marc.info/?l=bugtraq&m=105034222521369&w=2
Conectiva Linux advisory: CLA-2003:668
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000668
Conectiva Linux advisory: CLA-2003:747
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747
Debian Security Information: DSA-284 (Google Search)
http://www.debian.org/security/2003/dsa-284
Debian Security Information: DSA-293 (Google Search)
http://www.debian.org/security/2003/dsa-293
Debian Security Information: DSA-296 (Google Search)
http://www.debian.org/security/2003/dsa-296
http://www.mandriva.com/security/advisories?name=MDKSA-2003:049
http://www.redhat.com/support/errata/RHSA-2003-002.html

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51000
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2003:146
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2003:146. KDE is a graphical desktop environment for the X Window System. KDE versions up to and including KDE 3.1.1 have a vulnerability caused by neglecting to use the -dSAFER option when previewing in Konquerer. An attacker can prepare a malicious PostScript or PDF file which provides the attacker with access to the victim's account and privileges when the victim opens this malicious file for viewing, or when the victim browses a directory containing this malicious file with file previews enabled in the browser. This erratum provides packages containing KDE 2.2.2 with backported patches to correct these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2003-146.html http://www.kde.org/info/security/advisory-20030409-1.txt Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0204 Bugtraq: 20030410 GLSA: kde-3.x (200304-04) (Google Search) http://marc.info/?l=bugtraq&m=105001557020141&w=2 Bugtraq: 20030411 GLSA: kde-2.x (200304-05) (Google Search) http://marc.info/?l=bugtraq&m=105012994719099&w=2 Bugtraq: 20030412 [Sorcerer-spells] KDE-SORCERER2003-04-12 (Google Search) http://marc.info/?l=bugtraq&m=105017403010459&w=2 Bugtraq: 20030414 GLSA: kde-2.x (200304-05.1) (Google Search) http://marc.info/?l=bugtraq&m=105034222521369&w=2 Conectiva Linux advisory: CLA-2003:668 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000668 Conectiva Linux advisory: CLA-2003:747 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000747 Debian Security Information: DSA-284 (Google Search) http://www.debian.org/security/2003/dsa-284 Debian Security Information: DSA-293 (Google Search) http://www.debian.org/security/2003/dsa-293 Debian Security Information: DSA-296 (Google Search) http://www.debian.org/security/2003/dsa-296 http://www.mandriva.com/security/advisories?name=MDKSA-2003:049 http://www.redhat.com/support/errata/RHSA-2003-002.html
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com