From info@calderasystems.com Tue Mar 2 17:15:21 1999 From: Caldera Systems Information To: caldera-announce@rim.caldera.com Date: Tue, 2 Mar 1999 17:04:45 -0700 Reply-To: info@caldera.com Subject: SECURITY [CSSA-1999:005.0] -- KDE mediatool(multimedia) lib -----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ Caldera Systems, Inc. Security Advisory Subject: KDE mediatool(multimedia) lib Advisory number: CSSA-1999:005.0 Issue date: 1999 Mar 01 Cross reference: ______________________________________________________________________________ 1. Problem Description Local users may create files as the user running KDE. One of KDE's libraries, libmediatool, has a /tmp race problem. The problem is the way the library creates /tmp files. You can predict when a file will be created and create a symlink with the same name. 2. Vulnerable Versions Systems: 1.2, 1.3.x Packages: < kdelibs-1.1-2.i386.rpm 3. Solutions The proper solution is to upgrade to the kdelibs-1.1-2 packages. 4. Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.caldera.com/pub/OpenLinux/updates/1.3/022/RPMS/ The corresponding source code package can be found at: ftp://ftp.caldera.com/pub/OpenLinux/updates/1.3/022/SRPMS 5. Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -q kdelibs && rpm -U kdelibs-1.1-2.i386.rpm rpm -q kdelibs-devel && rpm -U kdelibs-devel-1.1-2.i386.rpm 6. Verification The MD5 checksums (from the "md5sum" command) for these packages are: 333fe4a1239858e3ce4f08c8e3a5300d RPMS/kdelibs-1.1-2.i386.rpm 53213cbecc94840c5092febc41ef6282 RPMS/kdelibs-devel-1.1-2.i386.rpm c12a972833aa1ac40a0f890728a824dc SRPMS/kdelibs-1.1-2.src.rpm 7. References This and other Caldera security resources are located at: http://www.calderasystems.com/news/security/index.html Additional documentation on this problem can be found in: http://www.hert.org This security fix closes Caldera's internal Problem Report . 8. Disclaimer Caldera Systems, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera OpenLinux. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBNtqNIOn+9R4958LpAQGmswP/RjXg5hSRdcwjHiIMJem8hmuDwPzzGLDV wtInIbbK5F82TLrGcDH9Kcw3ARAf9vURzc3UijmAs+rGtdOBN2L4WnHEmMO+EloL xTCK0ajyChMRC/ME0l7xMutMG95LyAOTSdsfEc5QkSM/3IE0c9rsXbKkpCY07iyl OtnppjKIYzA= =zzJz -----END PGP SIGNATURE----- - Notes: To learn how to use this list server, email a "help" command to majordomo@rim.caldera.com.