LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: August 25th, 2014
Linux Advisory Watch: August 15th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Fedora 10 Update: kdelibs-4.3.1-3.fc10 Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Fedora This updates KDE to 4.3.1, the latest upstream bugfix release. The main improvements are: * KDE 4.3 is now also available in Croatian. * A crash when editing toolbar setup has been fixed. * Support for transferring files through SSH using KIO::Fish has been fixed. * A number of bugs in KWin, KDE's window and compositing manager has been fixed. * A large number of bugs in KMail, KDE's email client are now gone. See http://kde.org/announcements/announce-4.3.1.php for more information. In addition, this update: * fixes a potential security issue (CVE-2009-2702) with certificate validation in the KIO KSSL code. It is believed that the affected code is not actually used (the code in Qt, for which a security update was already issued, is) and thus the issue is only potential, but KSSL is being patched just in case, * splits PolicyKit-kde out of kdebase-workspace again to avoid forcing it onto GNOME-based setups, where PolicyKit-gnome is desired instead (#519654).
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-9427
2009-09-09 00:48:07
--------------------------------------------------------------------------------

Name        : kdelibs
Product     : Fedora 10
Version     : 4.3.1
Release     : 3.fc10
URL         : http://www.kde.org/
Summary     : K Desktop Environment 4 - Libraries
Description :
Libraries for the K Desktop Environment 4.

--------------------------------------------------------------------------------
Update Information:

This updates KDE to 4.3.1, the latest upstream bugfix release. The main
improvements are:  * KDE 4.3 is now also available in Croatian.  * A crash when
editing toolbar setup has been fixed.  * Support for transferring files through
SSH using KIO::Fish has been fixed.  * A number of bugs in KWin, KDE's window
and compositing manager has been fixed.  * A large number of bugs in KMail,
KDE's email client are now gone.    See
http://kde.org/announcements/announce-4.3.1.php for more information.    In
addition, this update:  * fixes a potential security issue (CVE-2009-2702) with
certificate validation in the KIO KSSL code. It is believed that the affected
code is not actually used (the code in Qt, for which a security update was
already issued, is) and thus the issue is only potential, but KSSL is being
patched just in case,  * splits PolicyKit-kde out of kdebase-workspace again to
avoid forcing it onto GNOME-based setups, where PolicyKit-gnome is desired
instead (#519654).
--------------------------------------------------------------------------------
ChangeLog:

* Fri Sep  4 2009 Than Ngo  - 4.3.1-3
- security fix for -CVE-2009-2702
* Wed Sep  2 2009 Ben Boeckel  - 4.3.1-2
- Patch for kde#160679
* Fri Aug 28 2009 Than Ngo  - 4.3.1-1
- 4.3.1
- openssl-1.0 build fixes
* Wed Aug 26 2009 Rex Dieter  - 4.3.0-8
- BR: xz-devel
* Sun Aug 23 2009 Rex Dieter  - 4.3.0-7
- buildsys_phonon patch (to be compatible with newer kde-qt.git qt builds)
* Wed Aug 19 2009 Lukáš Tinkl  - 4.3.0-6
- fix crash when editting toolbars (kdebug:200815)
* Tue Aug 18 2009 Lukáš Tinkl  - 4.3.0.5
- fix KDE bug #19538, copy file after rename uses old file name
* Mon Aug 17 2009 Lukáš Tinkl  - 4.3.0-4
- fix unmounting devices
- fix copying URLs to clipboard (kdebug:170608)
* Fri Aug 14 2009 Rex Dieter  - 4.3.0-3
- kde4.(sh|csh): drop KDE_IS_PRELINKED for now (workaround bug #515539)
* Wed Aug  5 2009 Rex Dieter  - 4.3.0-2
- microblog crashes plasma on show friends toggle (kdebug#202550)
- khtml crasher (kdebug#199557)
* Thu Jul 30 2009 Than Ngo  - 4.3.0-1
- 4.3.0
* Wed Jul 29 2009 Rex Dieter  - 4.2.98-4
- -devel: Conflicts: kdebase-runtime < 4.2.90, kdebase-workspace-devel < 4.2.90
* Sun Jul 26 2009 Kevin Kofler  - 4.2.98-3
- fix CVE-2009-2537 - select length DoS
- fix CVE-2009-1725 - crash, possible ACE in numeric character references
- fix CVE-2009-1687 - possible ACE in KJS (FIXME: now aborts, so still crashes)
- fix CVE-2009-1698 - crash, possible ACE in CSS style attribute handling
- fix minimum strigi version (0.7, not 0.7.0, RPM thinks 0.7 < 0.7.0)
* Fri Jul 24 2009 Lukáš Tinkl  - 4.2.98-2
- respun tarball, to fix KIO HTTP redirects
- fix phonon/strigi versions
* Wed Jul 22 2009 Than Ngo  - 4.2.98-1
- 4.3rc3
* Thu Jul 16 2009 Rex Dieter  - 4.2.96-2
- soprano_ver 2.3.0
- License: LGPLv2+
* Fri Jul 10 2009 Than Ngo  - 4.2.96-1
- 4.3rc2
* Wed Jul  8 2009 Kevin Kofler  - 4.2.95-4
- fix CMake dependency in parallel_devel patch (#510259, CHIKAMA Masaki)
* Fri Jul  3 2009 Rex Dieter  - 4.2.95-3
- plasma animation crasher (kdebug#198338)
* Fri Jul  3 2009 Rex Dieter  - 4.2.95-2
- up min versions, phonon, strigi, soprano (#509511)
* Thu Jun 25 2009 Than Ngo  - 4.2.95-1
- 4.3 rc1
* Wed Jun  3 2009 Rex Dieter  4.2.90-1
- KDE-4.3 beta2 (4.2.90)
* Tue May 12 2009 Than Ngo  4.2.85-1
- KDE-4.3 beta1 (4.2.85)
- kde4.(sh|csh): drop QT_PLUGINS_PATH munging, kde4-config call (#498809)
* Wed Apr 29 2009 Rex Dieter  - 4.2.2-14
- -devel: Provides: kdelibs4-devel%{?_isa} ...
* Tue Apr 28 2009 Lukáš Tinkl  - 4.2.2-13
- upstream patch to fix GCC4.4 crashes in kjs
  (kdebug:189809)
* Fri Apr 24 2009 Kevin Kofler  - 4.2.2-12
- drop the PopupApplet configuration backports (#495998) for now, kconf_update
  does not work as expected for Plasma
* Thu Apr 23 2009 Kevin Kofler  - 4.2.2-11
- fix the kconf_update scriptlet for #495998 again (missing DELETEGROUP)
* Thu Apr 23 2009 Kevin Kofler  - 4.2.2-10
- fix the kconf_update scriptlet for #495998 (broken .upd syntax)
* Tue Apr 21 2009 Than Ngo  - 4.2.2-9
- don't let plasma appear over screensaver
* Mon Apr 20 2009 Kevin Kofler  4.2.2-8
- fix Plasma PopupApplet configuration interfering with weather applet (#495998)
* Sun Apr 19 2009 Rex Dieter  4.2.2-7
- fix and simplify the child struct disposal (kde#180785)
* Sat Apr 18 2009 Rex Dieter  4.2.2-6
- squash leaky file descriptors in kdeinit (kde#180785,rhbz#484370)
* Fri Apr 10 2009 Rex Dieter  4.2.2-5
- fix bidi-related hangs in khtml (kde#189161)
* Wed Apr  8 2009 Than Ngo  - 4.2.2-4
- upstream patch fix ReadOnlyPart crash for non-local file
* Tue Apr  7 2009 Than Ngo  - 4.2.2-3
- fix kickoff focus issue
* Tue Apr  7 2009 Than Ngo  - 4.2.2-2
- upstream patch to fix kio_http issue
* Wed Apr  1 2009 Lukáš Tinkl  - 4.2.2-1
- KDE 4.2.2
* Mon Mar 23 2009 Rex Dieter  - 4.2.1-9
- scriptlet optimization
* Thu Mar 19 2009 Rex Dieter  - 4.2.1-8
- Provides: kdelibs4%{?_isa} ... (#491082)
* Wed Mar 18 2009 Rex Dieter  4.2.1-7
- Provides: kross(javascript) kross(qtscript)  (#490586)
* Thu Mar 12 2009 Than Ngo  - 4.2.1-6
- apply patch to fix encoding for Qt-4.5.0
* Mon Mar  9 2009 Than Ngo  - 4.2.1-5
- apply patch to fix issue in CSS style that causes konqueror shows a blank page
* Thu Mar  5 2009 Rex Dieter  - 4.2.1-4 
- move designer plugins to main/runtime (#487622)
* Sun Mar  1 2009 Than Ngo  - 4.2.1-2
- respin
* Fri Feb 27 2009 Than Ngo  - 4.2.1-1
- 4.2.1
* Thu Feb 26 2009 Than Ngo  4.2.0-17
- fix build issue against gcc44
* Wed Feb 25 2009 Than Ngo  - 4.2.0-16
- fix files conflicts with 3.5.x
* Tue Feb 24 2009 Kevin Kofler  - 4.2.0-15
- fix crash in ~KMainWindow triggered by sending messages in KNode (kde#182322)
* Mon Feb 23 2009 Rex Dieter  - 4.2.0-14
- (Build)Req: soprano(-devel) >= 2.2
- devel: drop Req: zlib-devel libutempter-devel
* Wed Feb 18 2009 Kevin Kofler  - 4.2.0-13
- disable strict aliasing in kjs/dtoa.cpp (GCC 4.4 x86_64 crash) (#485968)
* Thu Feb 12 2009 Than Ngo  - 4.2.0-11
- make plasma work better with Qt 4.5 (when built against Qt 4.5)
- add gcc44-workaround
* Fri Feb  6 2009 Than Ngo  - 4.2.0-10
- Fix duplicated applications in the K menu and in keditfiletype
* Thu Feb  5 2009 Rex Dieter  4.2.0-9
- ssl/proxy patch (kde#179934)
* Sat Jan 31 2009 Rex Dieter  4.2.0-8
- unowned dirs (#483315,#483318)
* Fri Jan 30 2009 Rex Dieter  4.2.0-7
- kded/kdirwatch patch (kde#182472)
* Fri Jan 30 2009 Lukáš Tinkl  4.2.0-6
- Emit the correct FilesRemoved signal if the job was aborted in the middle of its operation, 
  otherwise it can result in confusion and data loss (overwriting files with files
  that don't exist). kdebug:118593
- Fix "klauncher hangs when kdeinit4 dies" -- this happened because
  klauncher was doing a blocking read forever.
- Repair klauncher support for unique-applications like konsole.
  kdebug:162729, kdebug:75492
* Fri Jan 30 2009 Kevin Kofler  - 4.2.0-5
- reenable PolicyKit and NTFS workarounds
* Mon Jan 26 2009 Rex Dieter  - 4.2.0-4
- revert Requires: qt4%{_isa}
* Mon Jan 26 2009 Rex Dieter  - 4.2.0-3
- respun tarball
* Mon Jan 26 2009 Rex Dieter  - 4.2.0-2
- plasma-on-screensaver-security patch
- (Build)Req: automoc4 >= 0.9.88, phonon(-devel) >= 4.3.0
- Requires: strigi-libs >= 0.6.3
- use %{?_isa} to avoid potential multilib heartbreak
* Thu Jan 22 2009 Than Ngo  - 4.2.0-1
- 4.2.0
* Fri Jan 16 2009 Than Ngo  - 4.1.96-9
- drop kdelibs-4.1.85-plasma-default-wallpaper.patch, it's not needed
  since new plasma allows to define default wallpaper, new kde-setting
  is required
- backport fix from trunk to allow symlinks in wallpaper theme
* Fri Jan 16 2009 Kevin Kofler  - 4.1.96-8
- rebuild for new OpenSSL
* Mon Jan 12 2009 Rex Dieter  - 4.1.96-7
- Slight speedup to profile.d/kde.sh (#465370)
- (Build)Req: strigi(-devel) >= 0.6.3
* Mon Jan 12 2009 Than Ngo  - 4.1.96-6
- fix a crash (appearing in KSMServer)
* Sat Jan 10 2009 Than Ngo  - 4.1.96-5
- kdeworkspace cmake files in correct place
* Fri Jan  9 2009 Rex Dieter  - 4.1.96-4
- bump min deps (cmake, kde-filesystem, phonon)
- kde.(sh|csh): cleanup QT_PLUGIN_PATH handling (#477095)
- Requires: coreutils grep
* Fri Jan  9 2009 Than Ngo  - 4.1.96-3
- BR soprano >= 2.1.64
* Thu Jan  8 2009 Than Ngo  - 4.1.96-2
- kdepim cmake files in correct place
* Wed Jan  7 2009 Than Ngo  - 4.1.96-1
- 4.2rc1
* Fri Dec 19 2008 Kevin Kofler  4.1.85-6
- add plasma-default-wallpaper libplasma patch from kdebase-workspace-4.1
* Tue Dec 16 2008 Rex Dieter  4.1.85-5
- respun tarball, integrates kde-l10n-systemsettings patch
* Tue Dec 16 2008 Than Ngo  - 4.1.85-4
- add missing ENTITY systemsettings in pt, that fixes kde-l10
  build breakage
* Mon Dec 15 2008 Than Ngo  - 4.1.85-3
- add missing ENTITY systemsettings in ru/gl/es/pt, that fixes kde-l10
  build breakage
- rename suffix .xxcmake to avoid install .cmake
* Sun Dec 14 2008 Kevin Kofler  - 4.1.85-2
- tweak parallel_devel patch to get a -L flag for the symlink directory
* Thu Dec 11 2008 Than Ngo  -  4.1.85-1
- 4.2beta2
* Tue Dec  9 2008 Lorenzo Villani  - 6:4.1.82-2
- rebase parallel devel patch and kde149705 patch
* Mon Dec  8 2008 Lorenzo Villani  - 6:4.1.82-1
- 4.1.82
* Tue Nov 25 2008 Kevin Kofler  4.1.80-5
- remove workaround BR on phonon-backend-gstreamer, it's ineffective since
  phonon now explicitly Requires: phonon-backend-xine and the dependency is no
  longer circular anyway
- update parallel_devel patch
- fix minimum strigi version (only 0.5.9 needed)
* Tue Nov 25 2008 Than Ngo  4.1.80-4
- respin
* Thu Nov 20 2008 Rex Dieter  4.1.80-3
- -devel: Provides: plasma-devel
* Thu Nov 20 2008 Than Ngo  4.1.80-2
- merged
* Thu Nov 20 2008 Lorenzo Villani  - 6:4.1.80-1
- 4.1.80
- BR strigi 0.60
- BR cmake 2.6
- make install/fast
- rebase policykit patch
- rebase cmake patch
- rebase a couple of patches and drop _default_patch_fuzz 2
* Wed Nov 12 2008 Than Ngo  4.1.3-1
- 4.1.3
* Fri Nov  7 2008 Rex Dieter  4.1.2-6
- backport http_cache_cleaner fix (kdebug:172182)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #520661 - CVE-2009-2702 kdelibs: kssl incorrect verification of SSL certificate with NUL in subjectAltName
        https://bugzilla.redhat.com/show_bug.cgi?id=520661
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update kdelibs' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

_______________________________________________
Fedora-package-announce mailing list
Fedora-package-announce@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-package-announce
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.