From security-announce@turbolinux.co.jp Thu Feb 5 23:15:17 2004 From: Turbolinux Resent-From: security-announce@turbolinux.co.jp To: security-announce@turbolinux.co.jp Resent-To: server-users-e@turbolinux.co.jp (moderated) Date: Thu, 5 Feb 2004 20:33:32 +0900 Reply-To: server-users-e@turbolinux.co.jp Subject: [Full-Disclosure] [TURBOLINUX SECURITY INFO] 05/Feb/2004 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is an announcement only email list for the x86 architecture. ============================================================ Turbolinux Security Announcement 05/Feb/2004 ============================================================ The following page contains the security information of Turbolinux Inc. - - Turbolinux Security Center http://www.turbolinux.com/security/ (1) kdepim -> Buffer overflow =========================================================== * kdepim -> Buffer overflow =========================================================== More information : kdepim is a collection of Personal Information Management (PIM) tools for the K Desktop Enviromnent (KDE). The KDE team has found a buffer overflow in the file information reader of VCF files. Impact : A carefully crafted .VCF file potentially enables local attackers to compromise the privacy of a victim's data or execute arbitrary commands with the victim's privileges. Affected Products : - Turbolinux 10 Desktop Solution : Please use turbopkg(zabom) tool to apply the update. --------------------------------------------- # turbopkg or # zabom -u kdepim --------------------------------------------- Source Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/kdepim-3.1.5-1.src.rpm 3316207 0cc97ebfd9eb887b44da501d4f4818a3 Binary Packages Size : MD5 ftp://ftp.turbolinux.com/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/kdepim-3.1.5-1.i586.rpm 2782266 3eda8516585fd991098d8386752aa790 References : KDE Security Advisory http://www.kde.org/info/security/advisory-20040114-1.txt CVE [CAN-2003-0988] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0988 * You may need to update the turbopkg tool before applying the update. Please refer to the following URL for detailed information. http://www.turbolinux.com/download/zabom.html http://www.turbolinux.com/download/zabomupdate.html Package Update Path http://www.turbolinux.com/update ============================================================ * To obtain the public key Here is the public key http://www.turbolinux.com/security/ * To unsubscribe from the list If you ever want to remove yourself from this mailing list, you can send a message to with the word `unsubscribe' in the body (don't include the quotes). unsubscribe * To change your email address If you ever want to chage email address in this mailing list, you can send a message to with the following command in the message body: chaddr 'old address' 'new address' If you have any questions or problems, please contact Thank you! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFAIioSK0LzjOqIJMwRAtxAAJ4jSx1xU7V0YkXWdVUpf2AAPqrEbwCePsnG kvMSzgseizDeLxTH5qj2tjc= =HBSS -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html