-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
--------------------------------------------------------------------------
Turbolinux Security Advisory TLSA-2004-4
http://www.turbolinux.co.jp/security/
security-team@turbolinux.co.jp
--------------------------------------------------------------------------
Original released date : 05 Feb 2004
Last revised : 05 Feb 2004
Package : kdepim
Summary : Buffer overflow
More information :
kdepim is a collection of Personal Information Management (PIM) tools for
the K Desktop Enviromnent (KDE).
The KDE team has found a buffer overflow in the file information reader of VCF files.
Impact :
A carefully crafted .VCF file potentially enables local attackers
to compromise the privacy of a victim's data or execute
arbitrary commands with the victim's privileges.
Affected Products :
- Turbolinux 10 Desktop
Solution :
Please use turbopkg(zabom) tool to apply the update.
---------------------------------------------
# turbopkg
or
# zabom -u kdepim
---------------------------------------------
<Turbolinux 10 Desktop>
Source Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/kdepim-3.1.5-1.src.rpm
3316207 0cc97ebfd9eb887b44da501d4f4818a3
Binary Packages
Size : MD5
ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/kdepim-3.1.5-1.i586.rpm
2782266 3eda8516585fd991098d8386752aa790
References :
KDE Security Advisory
http://www.kde.org/info/security/advisory-20040114-1.txt
CVE
[
CAN-2003-0988]
http://cve.mitre.org/cgi-bin/cvename.cgi?name=
CAN-2003-0988
--------------------------------------------------------------------------
Revision History
05 Feb 2004 Initial release
--------------------------------------------------------------------------
Copyright(C) 2004 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQFAIdfBK0LzjOqIJMwRAvESAJ4+FNAiUDOp56u4SpHkNd3l065g0wCfVO7D
rkmdQGHYTu5TEtVz8VCCDmQ=
=v4h5
-----END PGP SIGNATURE-----
