-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2004-4 http://www.turbolinux.co.jp/security/ security-team@turbolinux.co.jp -------------------------------------------------------------------------- Original released date : 05 Feb 2004 Last revised : 05 Feb 2004 Package : kdepim Summary : Buffer overflow More information : kdepim is a collection of Personal Information Management (PIM) tools for the K Desktop Enviromnent (KDE). The KDE team has found a buffer overflow in the file information reader of VCF files. Impact : A carefully crafted .VCF file potentially enables local attackers to compromise the privacy of a victim's data or execute arbitrary commands with the victim's privileges. Affected Products : - Turbolinux 10 Desktop Solution : Please use turbopkg(zabom) tool to apply the update. --------------------------------------------- # turbopkg or # zabom -u kdepim --------------------------------------------- Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/kdepim-3.1.5-1.src.rpm 3316207 0cc97ebfd9eb887b44da501d4f4818a3 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/kdepim-3.1.5-1.i586.rpm 2782266 3eda8516585fd991098d8386752aa790 References : KDE Security Advisory http://www.kde.org/info/security/advisory-20040114-1.txt CVE [CAN-2003-0988] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0988 -------------------------------------------------------------------------- Revision History 05 Feb 2004 Initial release -------------------------------------------------------------------------- Copyright(C) 2004 Turbolinux, Inc. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFAIdfBK0LzjOqIJMwRAvESAJ4+FNAiUDOp56u4SpHkNd3l065g0wCfVO7D rkmdQGHYTu5TEtVz8VCCDmQ= =v4h5 -----END PGP SIGNATURE-----