-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is an announcement only email list for the x86 architecture. ============================================================ Turbolinux Security Announcement 05/Feb/2004 ============================================================
The following page contains the security information of Turbolinux Inc. - - Turbolinux Security Center http://www.turbolinux.com/security/ (1) kdepim -> Buffer overflow =========================================================== * kdepim -> Buffer overflow =========================================================== More information : kdepim is a collection of Personal Information Management (PIM) tools for the K Desktop Enviromnent (KDE). The KDE team has found a buffer overflow in the file information reader of VCF files. Impact : A carefully crafted .VCF file potentially enables local attackers to compromise the privacy of a victim's data or execute arbitrary commands with the victim's privileges. Affected Products : - Turbolinux 10 Desktop Solution : Please use turbopkg(zabom) tool to apply the update. --------------------------------------------- # turbopkg or # zabom -u kdepim --------------------------------------------- <Turbolinux 10 Desktop> Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/kdepim-3.1.5-1.src.rpm 3316207 0cc97ebfd9eb887b44da501d4f4818a3 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/kdepim-3.1.5-1.i586.rpm 2782266 3eda8516585fd991098d8386752aa790 References : KDE Security Advisory http://www.kde.org/info/security/advisory-20040114-1.txt CVE [CAN-2003-0988] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0988 * You may need to update the turbopkg tool before applying the update. Please refer to the following URL for detailed information. http://www.turbolinux.com/download/zabom.html http://www.turbolinux.com/download/zabomupdate.html Package Update Path http://www.turbolinux.com/update ============================================================ * To obtain the public key Here is the public key http://www.turbolinux.com/security/ * To unsubscribe from the list If you ever want to remove yourself from this mailing list, you can send a message to <[EMAIL PROTECTED]> with the word `unsubscribe' in the body (don't include the quotes). unsubscribe * To change your email address If you ever want to chage email address in this mailing list, you can send a message to <[EMAIL PROTECTED]> with the following command in the message body: chaddr 'old address' 'new address' If you have any questions or problems, please contact <[EMAIL PROTECTED]> Thank you! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFAIioSK0LzjOqIJMwRAtxAAJ4jSx1xU7V0YkXWdVUpf2AAPqrEbwCePsnG kvMSzgseizDeLxTH5qj2tjc= =HBSS -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html