Updated KDE packages available

ID SSA-2003-0417155140
Type slackware
Reporter Slackware Linux Project
Modified 2003-04-17T15:51:40


New KDE 3.1.1a packages are available for Slackware 9.0 which fix a security problem with the handling of PS and PDF documents.

Here are the details from the Slackware 9.0 ChangeLog:

Thu Apr 17 15:32:15 PDT 2003 patches/packages/kde/*: Upgraded to KDE 3.1.1a. Also included in this directory are a rebuild of Qt (linked with Xft2 rather than Xft1), an updated aRts package (the aRts sound server is a component of KDE, but ships as part of Slackware's L series), and kdevelop-3.0a4a.

Note that this update addresses a security problem with KDE's handling of PostScript documents. This is the overview of the problem from the KDE site:

KDE uses Ghostscript software for processing of PostScript (PS)
and PDF files in a way that allows for the execution of arbitrary
commands that can be contained in such files.

An attacker can prepare a malicious PostScript or PDF file which will
provide the attacker with access to the victim's account and privileges
when the victim opens this malicious file for viewing or when the
victim browses a directory containing such malicious file and has
file previews enabled.

An attacker can provide malicious files remotely to a victim in an
e-mail, as part of a webpage, via an ftp server and possible other

We recommend that sites running KDE install this update.

Please note that the change from Xft1 to Xft2 has changed the available fonts in Konsole (and presumably elsewhere), and that Xft2 seems unable to display the Linux Console font that was previously Slackware's default. Also, it doesn't handle gamma correction when displaying fonts against a black background, so we've had to change the default to black fonts on a white background (this is Konsole's default). This creates an additional issue with certain file types displayed as bold white by /etc/DIR_COLORS becoming invisible in directory listings. A workaround is to comment out these lines (or change to a different color):

.mpg 01;37 > movie formats .avi 01;37 .mov 01;37

( Security fix )

patches/packages/kdei/*: New internationalization packages for KDE 3.1.1a.


Updated packages for Slackware 9.0: ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/kde/ ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/kdei/


Here are the md5sums for the packages:

Slackware 9.0 packages: a4703d36ada98b2cf4f007831c345e71 arts-1.1.1-i386-1.tgz 84dee1d245b4a6a20cd863802cdb5585 kdeaddons-3.1.1-i386-1.tgz 41e728989a1607f0d1e59646299eaf5c kdeadmin-3.1.1-i386-1.tgz b78695f2fc29620b1042ed588168a0ce kdeartwork-3.1.1-i386-1.tgz fb8c6bc0b62e93c9cd0bc909184396fb kdebase-3.1.1a-i386-1.tgz b1bdcb88a6b063652dd1ccc39c185ea9 kdebindings-3.1.1-i386-1.tgz 984b511797675a0a656f61b13dab55ee kdeedu-3.1.1-i386-1.tgz 4d50f069d411d6ca25c929d1912cacef kdegames-3.1.1-i386-1.tgz 8d2d16f700606679f9c6f910cdfe8866 kdegraphics-3.1.1a-i386-1.tgz b5801384f120c0091fe424184f927747 kdelibs-3.1.1a-i386-1.tgz 9153f3c96a342bc028c1d3d1817d9bd6 kdemultimedia-3.1.1-i386-1.tgz e00a3cc3619021b4d1729fad8df70086 kdenetwork-3.1.1-i386-1.tgz 7a20c02d86b0fd944e51d3fa6e4c52cb kdepim-3.1.1-i386-1.tgz 6fb982e85cf99f1ad33eac381e9344d3 kdesdk-3.1.1-i386-1.tgz 49d7ff0c5043baa45d849e04671daf6e kdetoys-3.1.1-i386-1.tgz 547b68096327504b0368b979654b7639 kdeutils-3.1.1-i386-1.tgz 7a8716caa31054e3aa4f12d1bc80483a kdevelop-3.0a4a-i386-1.tgz c54f79a75a01e7b3947797eaf814045a koffice-1.2.1-i386-3.tgz abcd31460c04e7f7f2aa81153c4f1281 qt-3.1.2-i386-3.tgz 45b6b7d89d801925d6abe94f48042c5a quanta-3.1.1-i386-1.tgz


As root, use upgradepkg to upgrade to the new packages:

upgradepkg *.tgz