http://www.heise.de/newsticker/data/ju-06.12.02-000/

Laut der Meldung ist die Lücke in 3.0.5 behoben... aber da ja von SuSE kein komplettes 3.0.5-er update kam, sondern nur kdebase, frage ich mich jetzt, ob ich mir den kopf zerbrechen muss?

bye, MH

Would you please be so kind and repeat your question in English? Roman.

Hi, Mathias Homann schrieb:

http://www.heise.de/newsticker/data/ju-06.12.02-000/ Hmm, this is an English language mailing list, actually.

(The problem described on that page is the telnet/rlogin vulnerability of KDE(libs).) Well, in http://lists.suse.com/archive/suse-security-announce/2002-Nov/0001.html there is: | 2) Pending vulnerabilities in SuSE Distributions and Workarounds: | In KDE 2.x and KDE 3.x, there is a vulnerability in the handler for | rlogin:// URLs, which allows remote attackers to execute arbitrary | shell commands with the privileges of the victim user. A similar | vulnerability exists in KDE 2.x in the handler for telnet:// URLs. | | The SuSE KDE team is in the process of preparing a kdelibs update | for SuSE Linux. In the interim, we recommend the to disable KDE | support for rlogin as a workaround. Since this problem is fixed in 3.0.5, you should be save if you have installed: ftp://ftp.gwdg.de/pub/linux/suse/ftp.suse.com/suse/i386/update/8.1/rpm/i586/kdelibs3-3.0.5-0.i586.rpm By the way, I would like to see better SuSE Security Announcements in the sense that one can also find such fixes. At present they are rather hidden in the "Pending vulnerabilities" only that there will be another announcement :-( Tobias -- This above all: To thine own self be true / And it must follow as the night the day / Thou canst not then be false to any man.