Summary: | kde-base/kdegraphics kfax libtiff vulnerability | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Caleb Tennis (RETIRED) <caleb> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | frilled, kde, m.debruijne |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.kde.org/info/security/advisory-20041209-2.txt | ||
Whiteboard: | B2 [glsa] jaervosz | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 72750 | ||
Bug Blocks: |
Description
Caleb Tennis (RETIRED)
2004-12-08 05:47:40 UTC
Closing access for now. This advisory is now public. The fix will be to upgrade kdegraphics to the latest version available once I get a fix in place in portage. Will advise as soon as I know the next steps. Note: The fixed version is currently in portage as kdegraphics-3.3.2. Users wishing to continue using kfax are advised to upgrade to the latest version. Otherwise, I think the best fix here would be to do what the KDE team recomemnds: As a workaround, you can remove the kfax binary and the kfaxpart.la KPart from your system to be on the safe side. That is: rm /usr/kde/3.2/bin/kfax rm /usr/kde/3.3/bin/kfax rm /usr/kde/3.2/libs/kfaxpart.la rm /usr/kde/3.3/libs/kfaxpart.la I will advise once I verify this. The KDE advisory indicates that this is solved in by removing the private copy of libtiff for KDE 3.2.x and KDE 3.3.x. No diff is supplied but perhaps new tar balls are provided? Another alternative is to quickly mark 3.3.2 stable as a security precaution? This is public now, opening. Caleb any estimate on when 3.3.2 can go stable on supported arches (security wise that is x86, ppc, sparc, amd64)? GLSA 200412-17 Caleb please comment when 3.3.2 goes stable. 3.3.2 is stable on all arches (-sparc). GLSA updated. sparc stable closing with GLSA 200412-17 *** Bug 143180 has been marked as a duplicate of this bug. *** |