|
Family: Ubuntu Local Security Checks --> Category: infos
USN115-1 : kdewebdev vulnerability Vulnerability Scan
Vulnerability Scan Summary kdewebdev vulnerability
Detailed Explanation for this Vulnerability Test
Synopsis :
These remote packages are missing security patches :
- kdewebdev
- kdewebdev-doc-html
- kfilereplace
- kimagemapeditor
- klinkstatus
- kommander
- kommander-dev
- kxsldbg
- quanta
- quanta-data
Description :
Eckhart Wörner discovered that Kommander opens files from remote and
possibly untrusted locations without user confirmation. Since
Kommander files can contain scripts, this would allow a possible hacker to
execute arbitrary code with the rights of the user opening the
file.
The updated Kommander will not automatically open files from remote
locations, and files which do not end with ".kmdr" any more.
Solution :
Upgrade to :
- kdewebdev-3.4.0-0ubuntu2.2 (Ubuntu 5.04)
- kdewebdev-doc-html-3.4.0-0ubuntu2.2 (Ubuntu 5.04)
- kfilereplace-3.4.0-0ubuntu2.2 (Ubuntu 5.04)
- kimagemapeditor-3.4.0-0ubuntu2.2 (Ubuntu 5.04)
- klinkstatus-3.4.0-0ubuntu2.2 (Ubuntu 5.04)
- kommander-3.4.0-0ubuntu2.2 (Ubuntu 5.04)
- kommander-dev-3.4.0-0ubuntu2.2 (Ubuntu 5.04)
- kxsldbg-3.4.0-0ubuntu2.2 (Ubuntu 5.04)
- quanta-3.4.0-0ubuntu2.2 (Ubuntu 5.04)
- quanta-data-3.4.0-0ubuntu2.2 (Ubuntu 5.04)
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|