Security 10816 Published by

Two new security updates for Mandrake Linux has been released:

kde3

A vulnerability was discovered by the KDE team in the way that KDE uses Ghostscript for processing PostScript and PDF files. A malicious attacker could provide a carefully constructed PDF or PostScript file to an end user (via web or mail) that could lead to the execution of arbitrary commands as the user viewing the file. The vulnerability can be triggered even by the browser generating a directory listing with thumbnails.

Read more

file

A memory allocation problem in file was found by Jeff Johnson, and a stack overflow corruption problem was found by David Endler. These problems have been corrected in file version 3.41 and likely affect all previous version. These problems pose a security threat as they can be used to execute arbitrary code by an attacker under the privileges of another user. Note that the attacker must first somehow convince the target user to execute file against a specially crafted file that triggers the buffer overflow in file.

Read more