LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 27th, 2014
Linux Advisory Watch: October 24th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: Updated kdelibs and kdebase packages correct Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
RedHat Linux Updated kdelib and kdebase packages that resolve several security issues are now available.
- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated kdelibs and kdebase packages correct security issues
Advisory ID:       RHSA-2005:009-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-009.html
Issue date:        2005-02-10
Updated on:        2005-02-10
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2004-1158 CAN-2004-1165 CAN-2005-0078
- ---------------------------------------------------------------------

1. Summary:

Updated kdelib and kdebase packages that resolve several security issues
are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, ppc64, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

The kdelibs packages include libraries for the K Desktop Environment. The
kdebase packages include core applications for the K Desktop Environment.

Secunia Research discovered a window injection spoofing vulnerability
affecting the Konqueror web browser. This issue could allow a malicious
website to show arbitrary content in a different browser window. The Common
Vulnerabilities and Exposures project has assigned the name CAN-2004-1158
to this issue.

A bug was discovered in the way kioslave handles URL-encoded newline (%0a)
characters before the FTP command. It is possible that a specially crafted
URL could be used to execute any ftp command on a remote server, or
potentially send unsolicited email. The Common Vulnerabilities and
Exposures project has assigned the name CAN-2004-1165 to this issue.

A bug was discovered that can crash KDE screensaver under certain local
circumstances. This could allow an attacker with physical access to the
workstation to take over a locked desktop session. Please note that this
issue only affects Red Hat Enterprise Linux 2.1. The Common Vulnerabilities
and Exposures project has assigned the name CAN-2005-0078 to this issue.

All users of KDE are advised to upgrade to this updated packages, which
contain backported patches to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

142393 - CAN-2004-1158 Frame injection vulnerability.
139265 - KDE+Cadence bug
146760 - CAN-2004-1165 kioslave command injection
145381 - CAN-2005-0078 password bypass in kde screensaver

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/kdebase-2.2.2-15.src.rpm
42ea76d700ba15316ed91ce65cf771f9  kdebase-2.2.2-15.src.rpm
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/kdelibs-2.2.2-15.src.rpm
2effc951a3ee4ae25512280243542b5c  kdelibs-2.2.2-15.src.rpm

i386:
4d38bae519a161f1452bb554fb04ba81  arts-2.2.2-15.i386.rpm
030a200855eb2be8bdc42800eeb06cef  kdebase-2.2.2-15.i386.rpm
774d4f3c8b056b807279149410432482  kdebase-devel-2.2.2-15.i386.rpm
bb8d504cb0c377299863c4b5a49fdeab  kdelibs-2.2.2-15.i386.rpm
5cdcc1ff323a76d713de8b602a8681e5  kdelibs-devel-2.2.2-15.i386.rpm
134afda3f20237a143a48b05efa19ce3  kdelibs-sound-2.2.2-15.i386.rpm
f4be4258a190a5dcf32c4c9cd338d9f9  kdelibs-sound-devel-2.2.2-15.i386.rpm

ia64:
29b839c2620301ae2abfc6f26511e64e  arts-2.2.2-15.ia64.rpm
aceb3a74103fd439be563eb1c5346890  kdebase-2.2.2-15.ia64.rpm
8b5de25703a71498f6ce9c316a7be391  kdebase-devel-2.2.2-15.ia64.rpm
ebd5bc9dd5419cf9dc00e8c663e0b722  kdelibs-2.2.2-15.ia64.rpm
6788128e0c457af8c7531f4ad4cf0620  kdelibs-devel-2.2.2-15.ia64.rpm
0eced9a280854ff5a56cf9248778aa91  kdelibs-sound-2.2.2-15.ia64.rpm
c30d0494f359483f5ea45c216a75fb83  kdelibs-sound-devel-2.2.2-15.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/kdebase-2.2.2-15.src.rpm
42ea76d700ba15316ed91ce65cf771f9  kdebase-2.2.2-15.src.rpm
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/kdelibs-2.2.2-15.src.rpm
2effc951a3ee4ae25512280243542b5c  kdelibs-2.2.2-15.src.rpm

ia64:
29b839c2620301ae2abfc6f26511e64e  arts-2.2.2-15.ia64.rpm
aceb3a74103fd439be563eb1c5346890  kdebase-2.2.2-15.ia64.rpm
8b5de25703a71498f6ce9c316a7be391  kdebase-devel-2.2.2-15.ia64.rpm
ebd5bc9dd5419cf9dc00e8c663e0b722  kdelibs-2.2.2-15.ia64.rpm
6788128e0c457af8c7531f4ad4cf0620  kdelibs-devel-2.2.2-15.ia64.rpm
0eced9a280854ff5a56cf9248778aa91  kdelibs-sound-2.2.2-15.ia64.rpm
c30d0494f359483f5ea45c216a75fb83  kdelibs-sound-devel-2.2.2-15.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/kdebase-2.2.2-15.src.rpm
42ea76d700ba15316ed91ce65cf771f9  kdebase-2.2.2-15.src.rpm
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/kdelibs-2.2.2-15.src.rpm
2effc951a3ee4ae25512280243542b5c  kdelibs-2.2.2-15.src.rpm

i386:
4d38bae519a161f1452bb554fb04ba81  arts-2.2.2-15.i386.rpm
030a200855eb2be8bdc42800eeb06cef  kdebase-2.2.2-15.i386.rpm
774d4f3c8b056b807279149410432482  kdebase-devel-2.2.2-15.i386.rpm
bb8d504cb0c377299863c4b5a49fdeab  kdelibs-2.2.2-15.i386.rpm
5cdcc1ff323a76d713de8b602a8681e5  kdelibs-devel-2.2.2-15.i386.rpm
134afda3f20237a143a48b05efa19ce3  kdelibs-sound-2.2.2-15.i386.rpm
f4be4258a190a5dcf32c4c9cd338d9f9  kdelibs-sound-devel-2.2.2-15.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/kdebase-2.2.2-15.src.rpm
42ea76d700ba15316ed91ce65cf771f9  kdebase-2.2.2-15.src.rpm
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/kdelibs-2.2.2-15.src.rpm
2effc951a3ee4ae25512280243542b5c  kdelibs-2.2.2-15.src.rpm

i386:
4d38bae519a161f1452bb554fb04ba81  arts-2.2.2-15.i386.rpm
030a200855eb2be8bdc42800eeb06cef  kdebase-2.2.2-15.i386.rpm
774d4f3c8b056b807279149410432482  kdebase-devel-2.2.2-15.i386.rpm
bb8d504cb0c377299863c4b5a49fdeab  kdelibs-2.2.2-15.i386.rpm
5cdcc1ff323a76d713de8b602a8681e5  kdelibs-devel-2.2.2-15.i386.rpm
134afda3f20237a143a48b05efa19ce3  kdelibs-sound-2.2.2-15.i386.rpm
f4be4258a190a5dcf32c4c9cd338d9f9  kdelibs-sound-devel-2.2.2-15.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/kdebase-3.1.3-5.8.src.rpm
82bd5517a6dc195ca5c7a4fcf4cc3fcf  kdebase-3.1.3-5.8.src.rpm
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/kdelibs-3.1.3-6.9.src.rpm
6b5b2aba61ac2ced6df5689de2721a71  kdelibs-3.1.3-6.9.src.rpm

i386:
559c33d7383e7c81f2642f02c5aed26a  kdebase-3.1.3-5.8.i386.rpm
a66570d58774ae59253985e9089f7074  kdebase-devel-3.1.3-5.8.i386.rpm
1b9bf6cfbedde310068e7b47ec43dab0  kdelibs-3.1.3-6.9.i386.rpm
65ff2276ebd06a84363734aac1e819c2  kdelibs-devel-3.1.3-6.9.i386.rpm

ia64:
3fff6529152bac165097691689afd5ae  kdebase-3.1.3-5.8.ia64.rpm
559c33d7383e7c81f2642f02c5aed26a  kdebase-3.1.3-5.8.i386.rpm
9e9245aceb7cb8d4422f91798ee47fcf  kdebase-devel-3.1.3-5.8.ia64.rpm
3ff097e232c2c1ecd0a8684c8b526581  kdelibs-3.1.3-6.9.ia64.rpm
1b9bf6cfbedde310068e7b47ec43dab0  kdelibs-3.1.3-6.9.i386.rpm
155776d1b23d3c1c881f805416ecc9fa  kdelibs-devel-3.1.3-6.9.ia64.rpm

ppc:
0fc9e4a1708c61b2206768e1394ecebd  kdebase-3.1.3-5.8.ppc.rpm
2dd6ee38cd14fa2fe23738288ccbedba  kdebase-devel-3.1.3-5.8.ppc.rpm
4a16bc2c6e43daab1e89c2325524b05a  kdelibs-3.1.3-6.9.ppc.rpm
e502d549dfd189d1adc737ec8465b891  kdelibs-devel-3.1.3-6.9.ppc.rpm

ppc64:
72499cac48e0a01419aab74f7ede3aac  kdebase-3.1.3-5.8.ppc64.rpm
e90b5b1341b2b3b377ffd29ae77f851a  kdelibs-3.1.3-6.9.ppc64.rpm

s390:
f0a4e0e6fdf9eee9f2825da3736a7885  kdebase-3.1.3-5.8.s390.rpm
2147f372980f4df3d112545c3de5c0a8  kdebase-devel-3.1.3-5.8.s390.rpm
3a4b1bc5571900b494af7082ab7a1a13  kdelibs-3.1.3-6.9.s390.rpm
bf90245b516428c7d9ef4cf0cef37342  kdelibs-devel-3.1.3-6.9.s390.rpm

s390x:
755768f2b7ad338f8d66aaa05d66cec7  kdebase-3.1.3-5.8.s390x.rpm
f0a4e0e6fdf9eee9f2825da3736a7885  kdebase-3.1.3-5.8.s390.rpm
cfd77c86b6f3a565c5799b057fbb5798  kdebase-devel-3.1.3-5.8.s390x.rpm
4273cbc141a3c025b40a121a320f569e  kdelibs-3.1.3-6.9.s390x.rpm
3a4b1bc5571900b494af7082ab7a1a13  kdelibs-3.1.3-6.9.s390.rpm
050516f5c80f0cc06466d8698bef3833  kdelibs-devel-3.1.3-6.9.s390x.rpm

x86_64:
85c1ebcce8e37502e4c57ac5666bd5b6  kdebase-3.1.3-5.8.x86_64.rpm
559c33d7383e7c81f2642f02c5aed26a  kdebase-3.1.3-5.8.i386.rpm
cc159d0af68f93775029e72c98fa67cd  kdebase-devel-3.1.3-5.8.x86_64.rpm
ea4f3a20b3b90e64c065dd1a43047f01  kdelibs-3.1.3-6.9.x86_64.rpm
1b9bf6cfbedde310068e7b47ec43dab0  kdelibs-3.1.3-6.9.i386.rpm
8c99f2100c9f3e5b03efff7165eff15c  kdelibs-devel-3.1.3-6.9.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/kdebase-3.1.3-5.8.src.rpm
82bd5517a6dc195ca5c7a4fcf4cc3fcf  kdebase-3.1.3-5.8.src.rpm
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/kdelibs-3.1.3-6.9.src.rpm
6b5b2aba61ac2ced6df5689de2721a71  kdelibs-3.1.3-6.9.src.rpm

i386:
559c33d7383e7c81f2642f02c5aed26a  kdebase-3.1.3-5.8.i386.rpm
a66570d58774ae59253985e9089f7074  kdebase-devel-3.1.3-5.8.i386.rpm
1b9bf6cfbedde310068e7b47ec43dab0  kdelibs-3.1.3-6.9.i386.rpm
65ff2276ebd06a84363734aac1e819c2  kdelibs-devel-3.1.3-6.9.i386.rpm

x86_64:
85c1ebcce8e37502e4c57ac5666bd5b6  kdebase-3.1.3-5.8.x86_64.rpm
559c33d7383e7c81f2642f02c5aed26a  kdebase-3.1.3-5.8.i386.rpm
cc159d0af68f93775029e72c98fa67cd  kdebase-devel-3.1.3-5.8.x86_64.rpm
ea4f3a20b3b90e64c065dd1a43047f01  kdelibs-3.1.3-6.9.x86_64.rpm
1b9bf6cfbedde310068e7b47ec43dab0  kdelibs-3.1.3-6.9.i386.rpm
8c99f2100c9f3e5b03efff7165eff15c  kdelibs-devel-3.1.3-6.9.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/kdebase-3.1.3-5.8.src.rpm
82bd5517a6dc195ca5c7a4fcf4cc3fcf  kdebase-3.1.3-5.8.src.rpm
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/kdelibs-3.1.3-6.9.src.rpm
6b5b2aba61ac2ced6df5689de2721a71  kdelibs-3.1.3-6.9.src.rpm

i386:
559c33d7383e7c81f2642f02c5aed26a  kdebase-3.1.3-5.8.i386.rpm
a66570d58774ae59253985e9089f7074  kdebase-devel-3.1.3-5.8.i386.rpm
1b9bf6cfbedde310068e7b47ec43dab0  kdelibs-3.1.3-6.9.i386.rpm
65ff2276ebd06a84363734aac1e819c2  kdelibs-devel-3.1.3-6.9.i386.rpm

ia64:
3fff6529152bac165097691689afd5ae  kdebase-3.1.3-5.8.ia64.rpm
559c33d7383e7c81f2642f02c5aed26a  kdebase-3.1.3-5.8.i386.rpm
9e9245aceb7cb8d4422f91798ee47fcf  kdebase-devel-3.1.3-5.8.ia64.rpm
3ff097e232c2c1ecd0a8684c8b526581  kdelibs-3.1.3-6.9.ia64.rpm
1b9bf6cfbedde310068e7b47ec43dab0  kdelibs-3.1.3-6.9.i386.rpm
155776d1b23d3c1c881f805416ecc9fa  kdelibs-devel-3.1.3-6.9.ia64.rpm

x86_64:
85c1ebcce8e37502e4c57ac5666bd5b6  kdebase-3.1.3-5.8.x86_64.rpm
559c33d7383e7c81f2642f02c5aed26a  kdebase-3.1.3-5.8.i386.rpm
cc159d0af68f93775029e72c98fa67cd  kdebase-devel-3.1.3-5.8.x86_64.rpm
ea4f3a20b3b90e64c065dd1a43047f01  kdelibs-3.1.3-6.9.x86_64.rpm
1b9bf6cfbedde310068e7b47ec43dab0  kdelibs-3.1.3-6.9.i386.rpm
8c99f2100c9f3e5b03efff7165eff15c  kdelibs-devel-3.1.3-6.9.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/kdebase-3.1.3-5.8.src.rpm
82bd5517a6dc195ca5c7a4fcf4cc3fcf  kdebase-3.1.3-5.8.src.rpm
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/kdelibs-3.1.3-6.9.src.rpm
6b5b2aba61ac2ced6df5689de2721a71  kdelibs-3.1.3-6.9.src.rpm

i386:
559c33d7383e7c81f2642f02c5aed26a  kdebase-3.1.3-5.8.i386.rpm
a66570d58774ae59253985e9089f7074  kdebase-devel-3.1.3-5.8.i386.rpm
1b9bf6cfbedde310068e7b47ec43dab0  kdelibs-3.1.3-6.9.i386.rpm
65ff2276ebd06a84363734aac1e819c2  kdelibs-devel-3.1.3-6.9.i386.rpm

ia64:
3fff6529152bac165097691689afd5ae  kdebase-3.1.3-5.8.ia64.rpm
559c33d7383e7c81f2642f02c5aed26a  kdebase-3.1.3-5.8.i386.rpm
9e9245aceb7cb8d4422f91798ee47fcf  kdebase-devel-3.1.3-5.8.ia64.rpm
3ff097e232c2c1ecd0a8684c8b526581  kdelibs-3.1.3-6.9.ia64.rpm
1b9bf6cfbedde310068e7b47ec43dab0  kdelibs-3.1.3-6.9.i386.rpm
155776d1b23d3c1c881f805416ecc9fa  kdelibs-devel-3.1.3-6.9.ia64.rpm

x86_64:
85c1ebcce8e37502e4c57ac5666bd5b6  kdebase-3.1.3-5.8.x86_64.rpm
559c33d7383e7c81f2642f02c5aed26a  kdebase-3.1.3-5.8.i386.rpm
cc159d0af68f93775029e72c98fa67cd  kdebase-devel-3.1.3-5.8.x86_64.rpm
ea4f3a20b3b90e64c065dd1a43047f01  kdelibs-3.1.3-6.9.x86_64.rpm
1b9bf6cfbedde310068e7b47ec43dab0  kdelibs-3.1.3-6.9.i386.rpm
8c99f2100c9f3e5b03efff7165eff15c  kdelibs-devel-3.1.3-6.9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://www.kde.org/info/security/advisory-20041213-1.txt
http://www.kde.org/info/security/advisory-20050101-1.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1158
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0078

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Pirate Bay founder guilty in historic hacker case
Parallels CTO: Linux container security is not the problem
Advisory says to assume all Drupal 7 websites are compromised
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.