LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: August 15th, 2014
Linux Advisory Watch: August 8th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: Low: kdebase security fix Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
RedHat Linux Updated kdebase packages that resolve several bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team.
- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Low: kdebase security fix
Advisory ID:       RHSA-2006:0582-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2006-0582.html
Issue date:        2006-08-10
Updated on:        2006-08-10
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2005-2494 
- ---------------------------------------------------------------------

1. Summary:

Updated kdebase packages that resolve several bugs are now available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

The kdebase packages provide the core applications for KDE, the K Desktop
Environment. These core packages include the file manager Konqueror.

Ilja van Sprundel discovered a lock file handling flaw in kcheckpass.  If
the directory /var/lock is writable by a user who is allowed to run
kcheckpass, that user could gain root privileges.  In Red Hat Enterprise
Linux, the /var/lock directory is not writable by users and therefore this
flaw could only have been exploited if the permissions on that directory
have been badly configured.  A patch to block this issue has been included
in this update.  (CVE-2005-2494)

The following bugs have also been addressed:

- - kstart --tosystray does not send the window to the system tray in Kicker

- - When the customer enters or selects URLs in Firefox's address field, the
desktop freezes for a couple of seconds

- - fish kioslave is broken on 64-bit systems

All users of kdebase should upgrade to these updated packages, which
contain patches to resolve these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

166995 - CVE-2005-2494 kcheckpass privilege escalation

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kdebase-3.3.1-5.13.src.rpm
30a7dc95f125733b10dc0bf84095fd7f  kdebase-3.3.1-5.13.src.rpm

i386:
a683a46db550b17cd26cd6bc074e0a06  kdebase-3.3.1-5.13.i386.rpm
08d0dd20b5ed386ac670df6ed40a0fdd  kdebase-debuginfo-3.3.1-5.13.i386.rpm
6d94c8d2219b392fd88089668c7f7010  kdebase-devel-3.3.1-5.13.i386.rpm

ia64:
a683a46db550b17cd26cd6bc074e0a06  kdebase-3.3.1-5.13.i386.rpm
da03501559c51979e3f7e630e80e8e25  kdebase-3.3.1-5.13.ia64.rpm
08d0dd20b5ed386ac670df6ed40a0fdd  kdebase-debuginfo-3.3.1-5.13.i386.rpm
ac7454132a75eb2ca8cb610e243545f5  kdebase-debuginfo-3.3.1-5.13.ia64.rpm
96cc50480f9e8a7256fd9bf8e02fafab  kdebase-devel-3.3.1-5.13.ia64.rpm

ppc:
0e13fd2c7d50c005c01b777256361e97  kdebase-3.3.1-5.13.ppc.rpm
33fdc248c7e8f284eee9df46c6fd074f  kdebase-3.3.1-5.13.ppc64.rpm
490924ff9919c2e0e48a00980b80de3b  kdebase-debuginfo-3.3.1-5.13.ppc.rpm
0acaf800331abdbad452afd455474f6f  kdebase-debuginfo-3.3.1-5.13.ppc64.rpm
73e9a088e803778702ccd92bf579933c  kdebase-devel-3.3.1-5.13.ppc.rpm

s390:
a3716cdb289ea6a81039b9be606587c8  kdebase-3.3.1-5.13.s390.rpm
52958dbdeaf025c114238ba777f46039  kdebase-debuginfo-3.3.1-5.13.s390.rpm
4200af840ddda1504e5fe28dbd721a9a  kdebase-devel-3.3.1-5.13.s390.rpm

s390x:
a3716cdb289ea6a81039b9be606587c8  kdebase-3.3.1-5.13.s390.rpm
dfe54aae8c9b764927f1f3de7be19519  kdebase-3.3.1-5.13.s390x.rpm
52958dbdeaf025c114238ba777f46039  kdebase-debuginfo-3.3.1-5.13.s390.rpm
8b046a450015d422e732374230e616e1  kdebase-debuginfo-3.3.1-5.13.s390x.rpm
075565f82bdd59bb2ff7082f4abf9b81  kdebase-devel-3.3.1-5.13.s390x.rpm

x86_64:
a683a46db550b17cd26cd6bc074e0a06  kdebase-3.3.1-5.13.i386.rpm
a2db1aad4a320cd604efdf130d6b8db2  kdebase-3.3.1-5.13.x86_64.rpm
08d0dd20b5ed386ac670df6ed40a0fdd  kdebase-debuginfo-3.3.1-5.13.i386.rpm
9a12bd500bf18f6b411dad460ad94ae0  kdebase-debuginfo-3.3.1-5.13.x86_64.rpm
e2ddabc84ca64088a6fc9817756f7911  kdebase-devel-3.3.1-5.13.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kdebase-3.3.1-5.13.src.rpm
30a7dc95f125733b10dc0bf84095fd7f  kdebase-3.3.1-5.13.src.rpm

i386:
a683a46db550b17cd26cd6bc074e0a06  kdebase-3.3.1-5.13.i386.rpm
08d0dd20b5ed386ac670df6ed40a0fdd  kdebase-debuginfo-3.3.1-5.13.i386.rpm
6d94c8d2219b392fd88089668c7f7010  kdebase-devel-3.3.1-5.13.i386.rpm

x86_64:
a683a46db550b17cd26cd6bc074e0a06  kdebase-3.3.1-5.13.i386.rpm
a2db1aad4a320cd604efdf130d6b8db2  kdebase-3.3.1-5.13.x86_64.rpm
08d0dd20b5ed386ac670df6ed40a0fdd  kdebase-debuginfo-3.3.1-5.13.i386.rpm
9a12bd500bf18f6b411dad460ad94ae0  kdebase-debuginfo-3.3.1-5.13.x86_64.rpm
e2ddabc84ca64088a6fc9817756f7911  kdebase-devel-3.3.1-5.13.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kdebase-3.3.1-5.13.src.rpm
30a7dc95f125733b10dc0bf84095fd7f  kdebase-3.3.1-5.13.src.rpm

i386:
a683a46db550b17cd26cd6bc074e0a06  kdebase-3.3.1-5.13.i386.rpm
08d0dd20b5ed386ac670df6ed40a0fdd  kdebase-debuginfo-3.3.1-5.13.i386.rpm
6d94c8d2219b392fd88089668c7f7010  kdebase-devel-3.3.1-5.13.i386.rpm

ia64:
a683a46db550b17cd26cd6bc074e0a06  kdebase-3.3.1-5.13.i386.rpm
da03501559c51979e3f7e630e80e8e25  kdebase-3.3.1-5.13.ia64.rpm
08d0dd20b5ed386ac670df6ed40a0fdd  kdebase-debuginfo-3.3.1-5.13.i386.rpm
ac7454132a75eb2ca8cb610e243545f5  kdebase-debuginfo-3.3.1-5.13.ia64.rpm
96cc50480f9e8a7256fd9bf8e02fafab  kdebase-devel-3.3.1-5.13.ia64.rpm

x86_64:
a683a46db550b17cd26cd6bc074e0a06  kdebase-3.3.1-5.13.i386.rpm
a2db1aad4a320cd604efdf130d6b8db2  kdebase-3.3.1-5.13.x86_64.rpm
08d0dd20b5ed386ac670df6ed40a0fdd  kdebase-debuginfo-3.3.1-5.13.i386.rpm
9a12bd500bf18f6b411dad460ad94ae0  kdebase-debuginfo-3.3.1-5.13.x86_64.rpm
e2ddabc84ca64088a6fc9817756f7911  kdebase-devel-3.3.1-5.13.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kdebase-3.3.1-5.13.src.rpm
30a7dc95f125733b10dc0bf84095fd7f  kdebase-3.3.1-5.13.src.rpm

i386:
a683a46db550b17cd26cd6bc074e0a06  kdebase-3.3.1-5.13.i386.rpm
08d0dd20b5ed386ac670df6ed40a0fdd  kdebase-debuginfo-3.3.1-5.13.i386.rpm
6d94c8d2219b392fd88089668c7f7010  kdebase-devel-3.3.1-5.13.i386.rpm

ia64:
a683a46db550b17cd26cd6bc074e0a06  kdebase-3.3.1-5.13.i386.rpm
da03501559c51979e3f7e630e80e8e25  kdebase-3.3.1-5.13.ia64.rpm
08d0dd20b5ed386ac670df6ed40a0fdd  kdebase-debuginfo-3.3.1-5.13.i386.rpm
ac7454132a75eb2ca8cb610e243545f5  kdebase-debuginfo-3.3.1-5.13.ia64.rpm
96cc50480f9e8a7256fd9bf8e02fafab  kdebase-devel-3.3.1-5.13.ia64.rpm

x86_64:
a683a46db550b17cd26cd6bc074e0a06  kdebase-3.3.1-5.13.i386.rpm
a2db1aad4a320cd604efdf130d6b8db2  kdebase-3.3.1-5.13.x86_64.rpm
08d0dd20b5ed386ac670df6ed40a0fdd  kdebase-debuginfo-3.3.1-5.13.i386.rpm
9a12bd500bf18f6b411dad460ad94ae0  kdebase-debuginfo-3.3.1-5.13.x86_64.rpm
e2ddabc84ca64088a6fc9817756f7911  kdebase-devel-3.3.1-5.13.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2494
http://www.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Google Fixes 12 Vulnerabilities in Chrome 36
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.