Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[ MDKSA-2007:072 ] - Updated kdelibs packages to address FTP PASV issue in konqueror
From: security () mandriva com
Date: Thu, 29 Mar 2007 15:08:11 -0600


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:072
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : kdelibs
 Date    : March 29, 2007
 Affected: 2007.0, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 The FTP protocol implementation in Konqueror 3.5.5 allows remote
 servers to force the client to connect to other servers, perform a
 proxied port scan, or obtain sensitive information by specifying an
 alternate server address in a FTP PASV command.
 
 Updated packages have been patched to address this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1564
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 c0c597de9778cb8206e1ed62fec046b3  2007.0/i586/kdelibs-common-3.5.4-19.4mdv2007.0.i586.rpm
 68b85c647d6e117eeab8d77252ee9cf5  2007.0/i586/kdelibs-devel-doc-3.5.4-19.4mdv2007.0.i586.rpm
 61d9c254adf06c805411a8d2a8ae88b9  2007.0/i586/libkdecore4-3.5.4-19.4mdv2007.0.i586.rpm
 361e161cf27d52446f8d4cca3cde5399  2007.0/i586/libkdecore4-devel-3.5.4-19.4mdv2007.0.i586.rpm 
 a94477af19ac845bdc7cb58ddc981dc9  2007.0/SRPMS/kdelibs-3.5.4-19.4mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 d1cabaa637a4cd98c4d5d2453fe5e795  2007.0/x86_64/kdelibs-common-3.5.4-19.4mdv2007.0.x86_64.rpm
 606305ad558a0f28cb0cfbdd33e84baa  2007.0/x86_64/kdelibs-devel-doc-3.5.4-19.4mdv2007.0.x86_64.rpm
 7804378996ebeb4d866f08b95169dd73  2007.0/x86_64/lib64kdecore4-3.5.4-19.4mdv2007.0.x86_64.rpm
 a2f440c1e184ba56d4e6dd206575e739  2007.0/x86_64/lib64kdecore4-devel-3.5.4-19.4mdv2007.0.x86_64.rpm 
 a94477af19ac845bdc7cb58ddc981dc9  2007.0/SRPMS/kdelibs-3.5.4-19.4mdv2007.0.src.rpm

 Corporate 3.0:
 bfd644bf673c34bcdc40f16cf0b37b0d  corporate/3.0/i586/kdelibs-common-3.2-36.18.C30mdk.i586.rpm
 af2ffbed7fd04d59bcebae3b4bfe71eb  corporate/3.0/i586/libkdecore4-3.2-36.18.C30mdk.i586.rpm
 42e3a51ec6aac2a2c9e2ae4971910087  corporate/3.0/i586/libkdecore4-devel-3.2-36.18.C30mdk.i586.rpm 
 5575864f778b851db8fdaf8099bcc813  corporate/3.0/SRPMS/kdelibs-3.2-36.18.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 931bef1ba4a2c3dbff91cd1d9b4dd606  corporate/3.0/x86_64/kdelibs-common-3.2-36.18.C30mdk.x86_64.rpm
 f1228776d803fe9d126705cbd8ae90c6  corporate/3.0/x86_64/lib64kdecore4-3.2-36.18.C30mdk.x86_64.rpm
 90c14b9533af7b0a94ce86f6f6862743  corporate/3.0/x86_64/lib64kdecore4-devel-3.2-36.18.C30mdk.x86_64.rpm 
 5575864f778b851db8fdaf8099bcc813  corporate/3.0/SRPMS/kdelibs-3.2-36.18.C30mdk.src.rpm

 Corporate 4.0:
 99ce0c5be728891343589c6e43e29584  corporate/4.0/i586/kdelibs-arts-3.5.4-2.5.20060mlcs4.i586.rpm
 c8d918697e252a90412e205a310116c4  corporate/4.0/i586/kdelibs-common-3.5.4-2.5.20060mlcs4.i586.rpm
 e9b51f7417d497700dede43bb194d468  corporate/4.0/i586/kdelibs-devel-doc-3.5.4-2.5.20060mlcs4.i586.rpm
 e3a58c49c5687673f5cffaf85838f425  corporate/4.0/i586/libkdecore4-3.5.4-2.5.20060mlcs4.i586.rpm
 756ef302380caad03d383c44eee28147  corporate/4.0/i586/libkdecore4-devel-3.5.4-2.5.20060mlcs4.i586.rpm 
 c5507e07961ca39859483995ddff7a34  corporate/4.0/SRPMS/kdelibs-3.5.4-2.5.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 a1fc572f298d659cbcf47746eac2eb03  corporate/4.0/x86_64/kdelibs-arts-3.5.4-2.5.20060mlcs4.x86_64.rpm
 2fa636d65a3b1ef56611d250fa40db4d  corporate/4.0/x86_64/kdelibs-common-3.5.4-2.5.20060mlcs4.x86_64.rpm
 9eb6a39a045cbad4d97895e49defe523  corporate/4.0/x86_64/kdelibs-devel-doc-3.5.4-2.5.20060mlcs4.x86_64.rpm
 bd29b8c1f173f373bd43a0f2672f2ffd  corporate/4.0/x86_64/lib64kdecore4-3.5.4-2.5.20060mlcs4.x86_64.rpm
 b99795fa58545d3eef9a47fcd821b116  corporate/4.0/x86_64/lib64kdecore4-devel-3.5.4-2.5.20060mlcs4.x86_64.rpm 
 c5507e07961ca39859483995ddff7a34  corporate/4.0/SRPMS/kdelibs-3.5.4-2.5.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGC/9MmqjQ0CJFipgRAnBSAKCsTHavuZPB3lFUfv4UpRINWyXE4ACfWoYN
42pmDIWgS7Cogq2fNX/zre8=
=BU3y
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • [ MDKSA-2007:072 ] - Updated kdelibs packages to address FTP PASV issue in konqueror security (Mar 29)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault