(neue heise newsline) Ernste Sicherheitsl�cken in Unix/Linux-Desktop KDE
http://www.heise.de/newsticker/data/ju-06.12.02-000/ Laut der Meldung ist die Lücke in 3.0.5 behoben... aber da ja von SuSE kein komplettes 3.0.5-er update kam, sondern nur kdebase, frage ich mich jetzt, ob ich mir den kopf zerbrechen muss? bye, MH -- Die unaufgeforderte Zusendung einer Werbemail an Privatleute verstößt gegen §1 UWG und §823 I BGB (Beschluß des LG Berlin vom 2.8.1998 Az: 16 O 201/98). Jede kommerzielle Nutzung der übermittelten persönlichen Daten sowie deren Weitergabe an Dritte ist ausdrücklich untersagt!
http://www.heise.de/newsticker/data/ju-06.12.02-000/
Laut der Meldung ist die Lücke in 3.0.5 behoben... aber da ja von SuSE kein komplettes 3.0.5-er update kam, sondern nur kdebase, frage ich mich jetzt, ob ich mir den kopf zerbrechen muss?
bye, MH
Would you please be so kind and repeat your question in English? Roman.
Would you please be so kind and repeat your question in English? sure... its about the telnet:// and rlogin:// holes in KDE3. It says that it is fixed in KDE 3.0.5 but there is no KDE305 update for suse 8.0, only for 8.1. and I will not go that way again. Is there a KDE 3.0.5 for SuSE 8.0 anytime soon? bye, MH
Hi, Mathias Homann schrieb:
http://www.heise.de/newsticker/data/ju-06.12.02-000/ Hmm, this is an English language mailing list, actually.
(The problem described on that page is the telnet/rlogin vulnerability of KDE(libs).) Well, in http://lists.suse.com/archive/suse-security-announce/2002-Nov/0001.html there is: | 2) Pending vulnerabilities in SuSE Distributions and Workarounds: | In KDE 2.x and KDE 3.x, there is a vulnerability in the handler for | rlogin:// URLs, which allows remote attackers to execute arbitrary | shell commands with the privileges of the victim user. A similar | vulnerability exists in KDE 2.x in the handler for telnet:// URLs. | | The SuSE KDE team is in the process of preparing a kdelibs update | for SuSE Linux. In the interim, we recommend the to disable KDE | support for rlogin as a workaround. Since this problem is fixed in 3.0.5, you should be save if you have installed: ftp://ftp.gwdg.de/pub/linux/suse/ftp.suse.com/suse/i386/update/8.1/rpm/i586/kdelibs3-3.0.5-0.i586.rpm By the way, I would like to see better SuSE Security Announcements in the sense that one can also find such fixes. At present they are rather hidden in the "Pending vulnerabilities" only that there will be another announcement :-( Tobias -- This above all: To thine own self be true / And it must follow as the night the day / Thou canst not then be false to any man.
participants (3)
-
Mathias Homann
-
Roman Drahtmueller
-
Tobias Burnus