[bglug] Fwd: [slackware-security] Updated KDE packages available
k|b|s
bglug@lists.linux.it
Fri, 18 Apr 2003 11:10:40 +0200
--Boundary-00=_QE8n+lFI9hXQncK
Content-Type: Text/Plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Content-Description: clearsigned data
Content-Disposition: inline
=2D----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Patch per kde 3.1.1, per la gestione dei documenti ps e pdf
ciao
=2D --=20
/mandi/
* k|b|s * mailto `echo ti.gulgb@sbk|'rev'`=20
=2D----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: get slack! -> www.slackware.com
iD8DBQE+n8EQPJE4D78UP9MRAuuNAJwMD9xNOUDjqMN4XaO+n9/lQAYbJgCePAzW
hgdYVXqVQ2UvcVQNeaOHbFA=3D
=3Dk2fG
=2D----END PGP SIGNATURE-----
--Boundary-00=_QE8n+lFI9hXQncK
Content-Type: message/rfc822;
name="forwarded message"
Content-Transfer-Encoding: 8bit
Content-Description: Slackware Security Team <security@slackware.com>: [slackware-security] Updated KDE packages available
Return-Path: <owner-slackware-security@slackware.com>
Delivered-To: kbs@pond.net
Received: (qmail 2196 invoked by uid 1000); 18 Apr 2003 08:47:08 -0000
Delivered-To: kbs@kaiserino.ath.cx
Received: from kaiserino.ath.cx [212.183.170.233]
by localhost with POP3 (fetchmail-6.2.2)
for kbs@localhost (single-drop); Fri, 18 Apr 2003 10:47:08 +0200 (CEST)
Received: from localhost (dialup-1-0745.elitel.biz [::ffff:212.183.170.233])
by mail.kaiserino.ath.cx with esmtp; Fri, 18 Apr 2003 10:20:05 +0200
Received: from popmail.inwind.it [193.70.192.170]
by localhost with POP3 (fetchmail-5.9.11)
for kbs@kaiserino.ath.cx (single-drop); Fri, 18 Apr 2003 10:20:06 +0200 (CEST)
Received: from smtp6.libero.it (193.70.192.59) by ims10a.libero.it (7.0.012)
id 3E950242002160A5 for ciosul@inwind.it; Fri, 18 Apr 2003 10:15:45 +0200
Received: from diamond.ss.org (192.139.81.6) by smtp6.libero.it (7.0.012)
id 3E9BF117004C09D9 for ciosul@inwind.it; Fri, 18 Apr 2003 10:15:45 +0200
Received: from bob.slackware.com (slackware.com [64.57.102.34])
by diamond.ss.org (Postfix) with ESMTP id 491622FA9C
for <kbs@linux.ca>; Fri, 18 Apr 2003 04:15:43 -0400 (EDT)
Received: (from daemon@localhost)
by bob.slackware.com (8.11.6p2/8.11.6) id h3HMpfT21990
for slackware-security-outgoing; Thu, 17 Apr 2003 15:51:41 -0700
Received: from localhost (security@localhost)
by bob.slackware.com (8.11.6p2/8.11.6) with ESMTP id h3HMpee21987
for <slackware-security@slackware.com>; Thu, 17 Apr 2003 15:51:40 -0700
Date: Thu, 17 Apr 2003 15:51:40 -0700 (PDT)
From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] Updated KDE packages available
Message-ID: <Pine.LNX.4.21.0304171551160.21942-100000@bob.slackware.com>
Mime-Version: 1.0
Content-Type: text/plain;
charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-slackware-security@slackware.com
Precedence: bulk
Reply-To: Slackware Security Team <security@slackware.com>
Status: R
X-Status: N
X-KMail-EncryptionState:
X-KMail-SignatureState:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[slackware-security] Updated KDE packages available
New KDE 3.1.1a packages are available for Slackware 9.0 which
fix a security problem with the handling of PS and PDF documents.
Here are the details from the Slackware 9.0 ChangeLog:
+--------------------------+
Thu Apr 17 15:32:15 PDT 2003
patches/packages/kde/*: Upgraded to KDE 3.1.1a. Also included in
this directory are a rebuild of Qt (linked with Xft2 rather than
Xft1), an updated aRts package (the aRts sound server is a
component of KDE, but ships as part of Slackware's L series), and
kdevelop-3.0a4a.
Note that this update addresses a security problem with KDE's
handling of PostScript documents. This is the overview of the
problem from the KDE site:
KDE uses Ghostscript software for processing of PostScript (PS)
and PDF files in a way that allows for the execution of arbitrary
commands that can be contained in such files.
An attacker can prepare a malicious PostScript or PDF file which will
provide the attacker with access to the victim's account and privileges
when the victim opens this malicious file for viewing or when the
victim browses a directory containing such malicious file and has
file previews enabled.
An attacker can provide malicious files remotely to a victim in an
e-mail, as part of a webpage, via an ftp server and possible other
means.
We recommend that sites running KDE install this update.
Please note that the change from Xft1 to Xft2 has changed the available
fonts in Konsole (and presumably elsewhere), and that Xft2 seems unable to
display the Linux Console font that was previously Slackware's default.
Also, it doesn't handle gamma correction when displaying fonts against a
black background, so we've had to change the default to black fonts on a
white background (this is Konsole's default). This creates an additional
issue with certain file types displayed as bold white by /etc/DIR_COLORS
becoming invisible in directory listings. A workaround is to comment out
these lines (or change to a different color):
.mpg 01;37 # movie formats
.avi 01;37
.mov 01;37
(* Security fix *)
patches/packages/kdei/*: New internationalization packages for KDE 3.1.1a.
+--------------------------+
WHERE TO FIND THE NEW PACKAGES:
+-----------------------------+
Updated packages for Slackware 9.0:
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/kde/
ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/kdei/
MD5 SIGNATURES:
+-------------+
Here are the md5sums for the packages:
Slackware 9.0 packages:
a4703d36ada98b2cf4f007831c345e71 arts-1.1.1-i386-1.tgz
84dee1d245b4a6a20cd863802cdb5585 kdeaddons-3.1.1-i386-1.tgz
41e728989a1607f0d1e59646299eaf5c kdeadmin-3.1.1-i386-1.tgz
b78695f2fc29620b1042ed588168a0ce kdeartwork-3.1.1-i386-1.tgz
fb8c6bc0b62e93c9cd0bc909184396fb kdebase-3.1.1a-i386-1.tgz
b1bdcb88a6b063652dd1ccc39c185ea9 kdebindings-3.1.1-i386-1.tgz
984b511797675a0a656f61b13dab55ee kdeedu-3.1.1-i386-1.tgz
4d50f069d411d6ca25c929d1912cacef kdegames-3.1.1-i386-1.tgz
8d2d16f700606679f9c6f910cdfe8866 kdegraphics-3.1.1a-i386-1.tgz
b5801384f120c0091fe424184f927747 kdelibs-3.1.1a-i386-1.tgz
9153f3c96a342bc028c1d3d1817d9bd6 kdemultimedia-3.1.1-i386-1.tgz
e00a3cc3619021b4d1729fad8df70086 kdenetwork-3.1.1-i386-1.tgz
7a20c02d86b0fd944e51d3fa6e4c52cb kdepim-3.1.1-i386-1.tgz
6fb982e85cf99f1ad33eac381e9344d3 kdesdk-3.1.1-i386-1.tgz
49d7ff0c5043baa45d849e04671daf6e kdetoys-3.1.1-i386-1.tgz
547b68096327504b0368b979654b7639 kdeutils-3.1.1-i386-1.tgz
7a8716caa31054e3aa4f12d1bc80483a kdevelop-3.0a4a-i386-1.tgz
c54f79a75a01e7b3947797eaf814045a koffice-1.2.1-i386-3.tgz
abcd31460c04e7f7f2aa81153c4f1281 qt-3.1.2-i386-3.tgz
45b6b7d89d801925d6abe94f48042c5a quanta-3.1.1-i386-1.tgz
INSTALLATION INSTRUCTIONS:
+------------------------+
As root, use upgradepkg to upgrade to the new packages:
upgradepkg *.tgz
+-----+
Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com
+------------------------------------------------------------------------+
| HOW TO REMOVE YOURSELF FROM THIS MAILING LIST: |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message: |
| |
| unsubscribe slackware-security |
| |
| You will get a confirmation message back. Follow the instructions to |
| complete the unsubscription. Do not reply to this message to |
| unsubscribe! |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+nz4NakRjwEAQIjMRAtwhAJ488z113jLPaWtOpKNVbaiiOENDSACgjVqu
2Gx9TjuZj57hYTytmPEU11E=
=Cy/W
-----END PGP SIGNATURE-----
--Boundary-00=_QE8n+lFI9hXQncK--