RHSA-2003:003 - Security Advisory

Topic

A security issue has been found in KDE. This errata provides updates which
resolve these issues.

Description

KDE is a graphical desktop environment for the X Window System.

KDE fails in multiple places to properly quote URLs and filenames
before passing them to a command shell. This could allow remote
attackers to execute arbitrary commands through carefully crafted URLs,
filenames, or email addresses.

Users of KDE are advised to install the updated packages which contain
backported patches to correct this issue.

Please note that for the Itanium (IA64) architecture only, this update also
fixes several other vulnerabilities. Details concerning these
vulnerabilities can be found in advisory RHSA-2002:221 and correspond to
CVE names CAN-2002-0970, CAN-2002-1151, CAN-2002-1247, and CAN-2002-1306.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Affected Products

• Red Hat Enterprise Linux Server 2 ia64
• Red Hat Enterprise Linux Workstation 2 ia64

Fixes

CVEs

• CVE-2002-1393

References

(none)