- ---------------------------------------------------------------------                   Red Hat Security Advisory

Synopsis:          Low: kdebase security fix
Advisory ID:       RHSA-2006:0582-01
Advisory URL:      https://access.redhat.com/errata/RHSA-2006:0582.html
Issue date:        2006-08-10
Updated on:        2006-08-10
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2005-2494 
- ---------------------------------------------------------------------1. Summary:

Updated kdebase packages that resolve several bugs are now available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

The kdebase packages provide the core applications for KDE, the K Desktop
Environment. These core packages include the file manager Konqueror.

Ilja van Sprundel discovered a lock file handling flaw in kcheckpass.  If
the directory /var/lock is writable by a user who is allowed to run
kcheckpass, that user could gain root privileges.  In Red Hat Enterprise
Linux, the /var/lock directory is not writable by users and therefore this
flaw could only have been exploited if the permissions on that directory
have been badly configured.  A patch to block this issue has been included
in this update.  (CVE-2005-2494)

The following bugs have also been addressed:

- - kstart --tosystray does not send the window to the system tray in Kicker

- - When the customer enters or selects URLs in Firefox's address field, the
desktop freezes for a couple of seconds

- - fish kioslave is broken on 64-bit systems

All users of kdebase should upgrade to these updated packages, which
contain patches to resolve these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

166995 - CVE-2005-2494 kcheckpass privilege escalation

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
30a7dc95f125733b10dc0bf84095fd7f  kdebase-3.3.1-5.13.src.rpm

i386:
a683a46db550b17cd26cd6bc074e0a06  kdebase-3.3.1-5.13.i386.rpm
08d0dd20b5ed386ac670df6ed40a0fdd  kdebase-debuginfo-3.3.1-5.13.i386.rpm
6d94c8d2219b392fd88089668c7f7010  kdebase-devel-3.3.1-5.13.i386.rpm

ia64:
a683a46db550b17cd26cd6bc074e0a06  kdebase-3.3.1-5.13.i386.rpm
da03501559c51979e3f7e630e80e8e25  kdebase-3.3.1-5.13.ia64.rpm
08d0dd20b5ed386ac670df6ed40a0fdd  kdebase-debuginfo-3.3.1-5.13.i386.rpm
ac7454132a75eb2ca8cb610e243545f5  kdebase-debuginfo-3.3.1-5.13.ia64.rpm
96cc50480f9e8a7256fd9bf8e02fafab  kdebase-devel-3.3.1-5.13.ia64.rpm

ppc:
0e13fd2c7d50c005c01b777256361e97  kdebase-3.3.1-5.13.ppc.rpm
33fdc248c7e8f284eee9df46c6fd074f  kdebase-3.3.1-5.13.ppc64.rpm
490924ff9919c2e0e48a00980b80de3b  kdebase-debuginfo-3.3.1-5.13.ppc.rpm
0acaf800331abdbad452afd455474f6f  kdebase-debuginfo-3.3.1-5.13.ppc64.rpm
73e9a088e803778702ccd92bf579933c  kdebase-devel-3.3.1-5.13.ppc.rpm

s390:
a3716cdb289ea6a81039b9be606587c8  kdebase-3.3.1-5.13.s390.rpm
52958dbdeaf025c114238ba777f46039  kdebase-debuginfo-3.3.1-5.13.s390.rpm
4200af840ddda1504e5fe28dbd721a9a  kdebase-devel-3.3.1-5.13.s390.rpm

s390x:
a3716cdb289ea6a81039b9be606587c8  kdebase-3.3.1-5.13.s390.rpm
dfe54aae8c9b764927f1f3de7be19519  kdebase-3.3.1-5.13.s390x.rpm
52958dbdeaf025c114238ba777f46039  kdebase-debuginfo-3.3.1-5.13.s390.rpm
8b046a450015d422e732374230e616e1  kdebase-debuginfo-3.3.1-5.13.s390x.rpm
075565f82bdd59bb2ff7082f4abf9b81  kdebase-devel-3.3.1-5.13.s390x.rpm

x86_64:
a683a46db550b17cd26cd6bc074e0a06  kdebase-3.3.1-5.13.i386.rpm
a2db1aad4a320cd604efdf130d6b8db2  kdebase-3.3.1-5.13.x86_64.rpm
08d0dd20b5ed386ac670df6ed40a0fdd  kdebase-debuginfo-3.3.1-5.13.i386.rpm
9a12bd500bf18f6b411dad460ad94ae0  kdebase-debuginfo-3.3.1-5.13.x86_64.rpm
e2ddabc84ca64088a6fc9817756f7911  kdebase-devel-3.3.1-5.13.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
30a7dc95f125733b10dc0bf84095fd7f  kdebase-3.3.1-5.13.src.rpm

i386:
a683a46db550b17cd26cd6bc074e0a06  kdebase-3.3.1-5.13.i386.rpm
08d0dd20b5ed386ac670df6ed40a0fdd  kdebase-debuginfo-3.3.1-5.13.i386.rpm
6d94c8d2219b392fd88089668c7f7010  kdebase-devel-3.3.1-5.13.i386.rpm

x86_64:
a683a46db550b17cd26cd6bc074e0a06  kdebase-3.3.1-5.13.i386.rpm
a2db1aad4a320cd604efdf130d6b8db2  kdebase-3.3.1-5.13.x86_64.rpm
08d0dd20b5ed386ac670df6ed40a0fdd  kdebase-debuginfo-3.3.1-5.13.i386.rpm
9a12bd500bf18f6b411dad460ad94ae0  kdebase-debuginfo-3.3.1-5.13.x86_64.rpm
e2ddabc84ca64088a6fc9817756f7911  kdebase-devel-3.3.1-5.13.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
30a7dc95f125733b10dc0bf84095fd7f  kdebase-3.3.1-5.13.src.rpm

i386:
a683a46db550b17cd26cd6bc074e0a06  kdebase-3.3.1-5.13.i386.rpm
08d0dd20b5ed386ac670df6ed40a0fdd  kdebase-debuginfo-3.3.1-5.13.i386.rpm
6d94c8d2219b392fd88089668c7f7010  kdebase-devel-3.3.1-5.13.i386.rpm

ia64:
a683a46db550b17cd26cd6bc074e0a06  kdebase-3.3.1-5.13.i386.rpm
da03501559c51979e3f7e630e80e8e25  kdebase-3.3.1-5.13.ia64.rpm
08d0dd20b5ed386ac670df6ed40a0fdd  kdebase-debuginfo-3.3.1-5.13.i386.rpm
ac7454132a75eb2ca8cb610e243545f5  kdebase-debuginfo-3.3.1-5.13.ia64.rpm
96cc50480f9e8a7256fd9bf8e02fafab  kdebase-devel-3.3.1-5.13.ia64.rpm

x86_64:
a683a46db550b17cd26cd6bc074e0a06  kdebase-3.3.1-5.13.i386.rpm
a2db1aad4a320cd604efdf130d6b8db2  kdebase-3.3.1-5.13.x86_64.rpm
08d0dd20b5ed386ac670df6ed40a0fdd  kdebase-debuginfo-3.3.1-5.13.i386.rpm
9a12bd500bf18f6b411dad460ad94ae0  kdebase-debuginfo-3.3.1-5.13.x86_64.rpm
e2ddabc84ca64088a6fc9817756f7911  kdebase-devel-3.3.1-5.13.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
30a7dc95f125733b10dc0bf84095fd7f  kdebase-3.3.1-5.13.src.rpm

i386:
a683a46db550b17cd26cd6bc074e0a06  kdebase-3.3.1-5.13.i386.rpm
08d0dd20b5ed386ac670df6ed40a0fdd  kdebase-debuginfo-3.3.1-5.13.i386.rpm
6d94c8d2219b392fd88089668c7f7010  kdebase-devel-3.3.1-5.13.i386.rpm

ia64:
a683a46db550b17cd26cd6bc074e0a06  kdebase-3.3.1-5.13.i386.rpm
da03501559c51979e3f7e630e80e8e25  kdebase-3.3.1-5.13.ia64.rpm
08d0dd20b5ed386ac670df6ed40a0fdd  kdebase-debuginfo-3.3.1-5.13.i386.rpm
ac7454132a75eb2ca8cb610e243545f5  kdebase-debuginfo-3.3.1-5.13.ia64.rpm
96cc50480f9e8a7256fd9bf8e02fafab  kdebase-devel-3.3.1-5.13.ia64.rpm

x86_64:
a683a46db550b17cd26cd6bc074e0a06  kdebase-3.3.1-5.13.i386.rpm
a2db1aad4a320cd604efdf130d6b8db2  kdebase-3.3.1-5.13.x86_64.rpm
08d0dd20b5ed386ac670df6ed40a0fdd  kdebase-debuginfo-3.3.1-5.13.i386.rpm
9a12bd500bf18f6b411dad460ad94ae0  kdebase-debuginfo-3.3.1-5.13.x86_64.rpm
e2ddabc84ca64088a6fc9817756f7911  kdebase-devel-3.3.1-5.13.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2494
http://www.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.

RedHat: Low: kdebase security fix

Updated kdebase packages that resolve several bugs are now available

Summary



Summary

The kdebase packages provide the core applications for KDE, the K Desktop Environment. These core packages include the file manager Konqueror. Ilja van Sprundel discovered a lock file handling flaw in kcheckpass. If the directory /var/lock is writable by a user who is allowed to run kcheckpass, that user could gain root privileges. In Red Hat Enterprise Linux, the /var/lock directory is not writable by users and therefore this flaw could only have been exploited if the permissions on that directory have been badly configured. A patch to block this issue has been included in this update. (CVE-2005-2494) The following bugs have also been addressed: - - kstart --tosystray does not send the window to the system tray in Kicker - - When the customer enters or selects URLs in Firefox's address field, the desktop freezes for a couple of seconds - - fish kioslave is broken on 64-bit systems All users of kdebase should upgrade to these updated packages, which contain patches to resolve these issues.


Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/):
166995 - CVE-2005-2494 kcheckpass privilege escalation
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS: 30a7dc95f125733b10dc0bf84095fd7f kdebase-3.3.1-5.13.src.rpm
i386: a683a46db550b17cd26cd6bc074e0a06 kdebase-3.3.1-5.13.i386.rpm 08d0dd20b5ed386ac670df6ed40a0fdd kdebase-debuginfo-3.3.1-5.13.i386.rpm 6d94c8d2219b392fd88089668c7f7010 kdebase-devel-3.3.1-5.13.i386.rpm
ia64: a683a46db550b17cd26cd6bc074e0a06 kdebase-3.3.1-5.13.i386.rpm da03501559c51979e3f7e630e80e8e25 kdebase-3.3.1-5.13.ia64.rpm 08d0dd20b5ed386ac670df6ed40a0fdd kdebase-debuginfo-3.3.1-5.13.i386.rpm ac7454132a75eb2ca8cb610e243545f5 kdebase-debuginfo-3.3.1-5.13.ia64.rpm 96cc50480f9e8a7256fd9bf8e02fafab kdebase-devel-3.3.1-5.13.ia64.rpm
ppc: 0e13fd2c7d50c005c01b777256361e97 kdebase-3.3.1-5.13.ppc.rpm 33fdc248c7e8f284eee9df46c6fd074f kdebase-3.3.1-5.13.ppc64.rpm 490924ff9919c2e0e48a00980b80de3b kdebase-debuginfo-3.3.1-5.13.ppc.rpm 0acaf800331abdbad452afd455474f6f kdebase-debuginfo-3.3.1-5.13.ppc64.rpm 73e9a088e803778702ccd92bf579933c kdebase-devel-3.3.1-5.13.ppc.rpm
s390: a3716cdb289ea6a81039b9be606587c8 kdebase-3.3.1-5.13.s390.rpm 52958dbdeaf025c114238ba777f46039 kdebase-debuginfo-3.3.1-5.13.s390.rpm 4200af840ddda1504e5fe28dbd721a9a kdebase-devel-3.3.1-5.13.s390.rpm
s390x: a3716cdb289ea6a81039b9be606587c8 kdebase-3.3.1-5.13.s390.rpm dfe54aae8c9b764927f1f3de7be19519 kdebase-3.3.1-5.13.s390x.rpm 52958dbdeaf025c114238ba777f46039 kdebase-debuginfo-3.3.1-5.13.s390.rpm 8b046a450015d422e732374230e616e1 kdebase-debuginfo-3.3.1-5.13.s390x.rpm 075565f82bdd59bb2ff7082f4abf9b81 kdebase-devel-3.3.1-5.13.s390x.rpm
x86_64: a683a46db550b17cd26cd6bc074e0a06 kdebase-3.3.1-5.13.i386.rpm a2db1aad4a320cd604efdf130d6b8db2 kdebase-3.3.1-5.13.x86_64.rpm 08d0dd20b5ed386ac670df6ed40a0fdd kdebase-debuginfo-3.3.1-5.13.i386.rpm 9a12bd500bf18f6b411dad460ad94ae0 kdebase-debuginfo-3.3.1-5.13.x86_64.rpm e2ddabc84ca64088a6fc9817756f7911 kdebase-devel-3.3.1-5.13.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS: 30a7dc95f125733b10dc0bf84095fd7f kdebase-3.3.1-5.13.src.rpm
i386: a683a46db550b17cd26cd6bc074e0a06 kdebase-3.3.1-5.13.i386.rpm 08d0dd20b5ed386ac670df6ed40a0fdd kdebase-debuginfo-3.3.1-5.13.i386.rpm 6d94c8d2219b392fd88089668c7f7010 kdebase-devel-3.3.1-5.13.i386.rpm
x86_64: a683a46db550b17cd26cd6bc074e0a06 kdebase-3.3.1-5.13.i386.rpm a2db1aad4a320cd604efdf130d6b8db2 kdebase-3.3.1-5.13.x86_64.rpm 08d0dd20b5ed386ac670df6ed40a0fdd kdebase-debuginfo-3.3.1-5.13.i386.rpm 9a12bd500bf18f6b411dad460ad94ae0 kdebase-debuginfo-3.3.1-5.13.x86_64.rpm e2ddabc84ca64088a6fc9817756f7911 kdebase-devel-3.3.1-5.13.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS: 30a7dc95f125733b10dc0bf84095fd7f kdebase-3.3.1-5.13.src.rpm
i386: a683a46db550b17cd26cd6bc074e0a06 kdebase-3.3.1-5.13.i386.rpm 08d0dd20b5ed386ac670df6ed40a0fdd kdebase-debuginfo-3.3.1-5.13.i386.rpm 6d94c8d2219b392fd88089668c7f7010 kdebase-devel-3.3.1-5.13.i386.rpm
ia64: a683a46db550b17cd26cd6bc074e0a06 kdebase-3.3.1-5.13.i386.rpm da03501559c51979e3f7e630e80e8e25 kdebase-3.3.1-5.13.ia64.rpm 08d0dd20b5ed386ac670df6ed40a0fdd kdebase-debuginfo-3.3.1-5.13.i386.rpm ac7454132a75eb2ca8cb610e243545f5 kdebase-debuginfo-3.3.1-5.13.ia64.rpm 96cc50480f9e8a7256fd9bf8e02fafab kdebase-devel-3.3.1-5.13.ia64.rpm
x86_64: a683a46db550b17cd26cd6bc074e0a06 kdebase-3.3.1-5.13.i386.rpm a2db1aad4a320cd604efdf130d6b8db2 kdebase-3.3.1-5.13.x86_64.rpm 08d0dd20b5ed386ac670df6ed40a0fdd kdebase-debuginfo-3.3.1-5.13.i386.rpm 9a12bd500bf18f6b411dad460ad94ae0 kdebase-debuginfo-3.3.1-5.13.x86_64.rpm e2ddabc84ca64088a6fc9817756f7911 kdebase-devel-3.3.1-5.13.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS: 30a7dc95f125733b10dc0bf84095fd7f kdebase-3.3.1-5.13.src.rpm
i386: a683a46db550b17cd26cd6bc074e0a06 kdebase-3.3.1-5.13.i386.rpm 08d0dd20b5ed386ac670df6ed40a0fdd kdebase-debuginfo-3.3.1-5.13.i386.rpm 6d94c8d2219b392fd88089668c7f7010 kdebase-devel-3.3.1-5.13.i386.rpm
ia64: a683a46db550b17cd26cd6bc074e0a06 kdebase-3.3.1-5.13.i386.rpm da03501559c51979e3f7e630e80e8e25 kdebase-3.3.1-5.13.ia64.rpm 08d0dd20b5ed386ac670df6ed40a0fdd kdebase-debuginfo-3.3.1-5.13.i386.rpm ac7454132a75eb2ca8cb610e243545f5 kdebase-debuginfo-3.3.1-5.13.ia64.rpm 96cc50480f9e8a7256fd9bf8e02fafab kdebase-devel-3.3.1-5.13.ia64.rpm
x86_64: a683a46db550b17cd26cd6bc074e0a06 kdebase-3.3.1-5.13.i386.rpm a2db1aad4a320cd604efdf130d6b8db2 kdebase-3.3.1-5.13.x86_64.rpm 08d0dd20b5ed386ac670df6ed40a0fdd kdebase-debuginfo-3.3.1-5.13.i386.rpm 9a12bd500bf18f6b411dad460ad94ae0 kdebase-debuginfo-3.3.1-5.13.x86_64.rpm e2ddabc84ca64088a6fc9817756f7911 kdebase-devel-3.3.1-5.13.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2494 http://www.redhat.com/security/updates/classification/#low

Package List


Severity
Advisory ID: RHSA-2006:0582-01
Advisory URL: https://access.redhat.com/errata/RHSA-2006:0582.html
Issued Date: : 2006-08-10
Updated on: 2006-08-10
Product: Red Hat Enterprise Linux
CVE Names: CVE-2005-2494 Updated kdebase packages that resolve several bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team.

Topic


Topic


 

Relevant Releases Architectures

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64

Red Hat Enterprise Linux Desktop version 4 - i386, x86_64

Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64

Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64


Bugs Fixed


Related News

4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved