Mandrake Linux Advisory: kdepim | Linux Today

Mandrake Linux Advisory: kdepim

Written By
Web Webster
Web Webster
Jan 16, 2004

Mandrake Linux Security Update Advisory


Package name: kdepim
Advisory ID: MDKSA-2004:003
Date: January 14th, 2004
Affected versions: 9.1, 9.2

Problem Description:

A vulnerability was discovered in all versions of kdepim as
distributed with KDE versions 3.1.0 through 3.1.4. This
vulnerability allows for a carefully crafted .VCF file to
potentially enable a local attacker to compromise the privacy of a
victim’s data or execute arbitrary commands with the victim’s
privileges. This can also be used by remote attackers if the victim
enables previews for remote files; however this is disabled by
default.

The provided packages contain a patch from the KDE team to
correct this problem.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0988


Updated Packages:

Mandrake Linux 9.1:
b3297bd1264c7a3b75ae0e9b7625c55c
9.1/RPMS/kdepim-3.1-17.1.91mdk.i586.rpm
cc27c7b4f34ffc7691ac94cd88cc6e7d
9.1/RPMS/kdepim-devel-3.1-17.1.91mdk.i586.rpm
7b9e7195a0d2be0a104721573cd4baa9
9.1/SRPMS/kdepim-3.1-17.1.91mdk.src.rpm

Mandrake Linux 9.1/PPC:
4bbf0580609a00149251c289a4fbcf78
ppc/9.1/RPMS/kdepim-3.1-17.1.91mdk.ppc.rpm
e0685eaca858741c8c3cae1790d3e1ae
ppc/9.1/RPMS/kdepim-devel-3.1-17.1.91mdk.ppc.rpm
7b9e7195a0d2be0a104721573cd4baa9
ppc/9.1/SRPMS/kdepim-3.1-17.1.91mdk.src.rpm

Mandrake Linux 9.2:
9e997e2a0c4091396e6d7cb6c9672976
9.2/RPMS/kdepim-3.1.3-22.1.92mdk.i586.rpm
00014dec7ba7cbc4c4f325595b8ef9dc
9.2/RPMS/kdepim-common-3.1.3-22.1.92mdk.i586.rpm
f460ab9983a88eed43e249f49b36ca23
9.2/RPMS/kdepim-kaddressbook-3.1.3-22.1.92mdk.i586.rpm
769d777f660104e9c780604e5e21bb49
9.2/RPMS/kdepim-karm-3.1.3-22.1.92mdk.i586.rpm
d0281ac08e2e1c873b6e09cb3ca97955
9.2/RPMS/kdepim-knotes-3.1.3-22.1.92mdk.i586.rpm
b4306a3cf159f33f931d9e017b606154
9.2/RPMS/kdepim-korganizer-3.1.3-22.1.92mdk.i586.rpm
781b247e4eccd95c7ee1349447e02252
9.2/RPMS/kdepim-kpilot-3.1.3-22.1.92mdk.i586.rpm
c88dde56483fa3644b7e82d95570274d
9.2/RPMS/libkdepim2-common-3.1.3-22.1.92mdk.i586.rpm
40fa05bc22dc12ee2772bb7810a74b3e
9.2/RPMS/libkdepim2-common-devel-3.1.3-22.1.92mdk.i586.rpm
3eb1ff8007af841cf98213d702e94860
9.2/RPMS/libkdepim2-korganizer-3.1.3-22.1.92mdk.i586.rpm
9cdffe4f67383764cd073a7f6082eb17
9.2/RPMS/libkdepim2-korganizer-devel-3.1.3-22.1.92mdk.i586.rpm
0879f99e16110e11984d5c337e67e345
9.2/RPMS/libkdepim2-kpilot-3.1.3-22.1.92mdk.i586.rpm
5331380f4ebbc639d15641ff8edd626f
9.2/RPMS/libkdepim2-kpilot-devel-3.1.3-22.1.92mdk.i586.rpm
86d7735e5e82a6966f8fad89041c820e
9.2/SRPMS/kdepim-3.1.3-22.1.92mdk.src.rpm

Mandrake Linux 9.2/AMD64:
a34c205be11a42acfe402e0af7987e9b
amd64/9.2/RPMS/kdepim-3.1.3-22.1.92mdk.amd64.rpm
9946de101a38af66dae3e4351d31bdf7
amd64/9.2/RPMS/kdepim-common-3.1.3-22.1.92mdk.amd64.rpm
e583a811dcba5546a87a27746d1e0b29
amd64/9.2/RPMS/kdepim-kaddressbook-3.1.3-22.1.92mdk.amd64.rpm
8087b3aff32942839d314f3e3e48c3e2
amd64/9.2/RPMS/kdepim-karm-3.1.3-22.1.92mdk.amd64.rpm
6d87bb121fdbe4d770f48f64717b87c2
amd64/9.2/RPMS/kdepim-knotes-3.1.3-22.1.92mdk.amd64.rpm
0cfe63aa263386eb3c9c6eb26284ab30
amd64/9.2/RPMS/kdepim-korganizer-3.1.3-22.1.92mdk.amd64.rpm
41ed47ace322ef4d3abf28a01ee8298a
amd64/9.2/RPMS/kdepim-kpilot-3.1.3-22.1.92mdk.amd64.rpm
22435736ed0d8ff509f4588281ac60a5
amd64/9.2/RPMS/lib64kdepim2-common-3.1.3-22.1.92mdk.amd64.rpm
1f3c9f5c68e4b4f9b5d7b6a76b11a0a8
amd64/9.2/RPMS/lib64kdepim2-common-devel-3.1.3-22.1.92mdk.amd64.rpm

007ba31592667f67120defd7d967aee8
amd64/9.2/RPMS/lib64kdepim2-korganizer-3.1.3-22.1.92mdk.amd64.rpm

0cec041bae994060f9431743540a7c72
amd64/9.2/RPMS/lib64kdepim2-korganizer-devel-3.1.3-22.1.92mdk.amd64.rpm

df94e0e34a10dc1ae28487b958ecab33
amd64/9.2/RPMS/lib64kdepim2-kpilot-3.1.3-22.1.92mdk.amd64.rpm
cb132b76bb3f1f994a769d1a3fcf6e3a
amd64/9.2/RPMS/lib64kdepim2-kpilot-devel-3.1.3-22.1.92mdk.amd64.rpm

86d7735e5e82a6966f8fad89041c820e
amd64/9.2/SRPMS/kdepim-3.1.3-22.1.92mdk.src.rpm


To upgrade automatically use MandrakeUpdate or urpmi. The
verification of md5 checksums and GPG signatures is performed
automatically for you.

A list of FTP mirrors can be obtained from:

http://www.mandrakesecure.net/en/ftp.php

All packages are signed by MandrakeSoft for security. You can
obtain the GPG public key of the Mandrake Linux Security Team by
executing:

gpg –recv-keys –keyserver www.mandrakesecure.net
0x22458A98

Please be aware that sometimes it takes the mirrors a few hours
to update.

You can view other update advisories for Mandrake Linux at:

http://www.mandrakesecure.net/en/advisories/

MandrakeSoft has several security-related mailing list services
that anyone can subscribe to. Information on these lists can be
obtained by visiting:

http://www.mandrakesecure.net/en/mlist.php

If you want to report vulnerabilities, please contact

security_linux-mandrake.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team <security
linux-mandrake.com>
Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.