Security Advisory Updated KDE packages fix security issue

Advisory: RHSA-2003:235-11
Type: Security Advisory
Severity: N/A
Issued on: 2003-08-11
Last updated on: 2003-08-11
Affected Products: Red Hat Linux 7.1
Red Hat Linux 7.2
Red Hat Linux 7.3
Red Hat Linux 8.0
Red Hat Linux 9
OVAL: N/A
CVEs (cve.mitre.org): CVE-2003-0459

Details

This erratum provides updated KDE packages that resolve a security issue in
Konquerer.

KDE is a graphical desktop environment for the X Window System.
Konqueror is the file manager for the K Desktop Environment.

George Staikos reported that Konqueror may inadvertently send
authentication credentials to websites other than the intended website in
clear text via the HTTP-referer header. This can occur when authentication
credentials are passed as part of a URL in the form http://user:password@host/

Users of Konqueror are advised to upgrade to these erratum packages, which
contain a backported security patch correcting this issue.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Linux 7.1
SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/kdelibs-2.2.2-0.71.4.src.rpm
Missing file		     2ef6b0ba6eb7a4733ab3ccc6e2bdbfe5
 
IA-32:
ftp://updates.redhat.com/7.1/en/os/i386/arts-2.2.2-0.71.4.i386.rpm
Missing file		     e9e6dfb03b5488631307db65e543a723
ftp://updates.redhat.com/7.1/en/os/i386/kdelibs-2.2.2-0.71.4.i386.rpm
Missing file		     cbe0e9ee4824f27e60dfb2dd3db7e666
ftp://updates.redhat.com/7.1/en/os/i386/kdelibs-devel-2.2.2-0.71.4.i386.rpm
Missing file		     8d11f202c36e2e52a3254c03d2541b33
ftp://updates.redhat.com/7.1/en/os/i386/kdelibs-sound-2.2.2-0.71.4.i386.rpm
Missing file		     fa6f8ca69fca7c5757acac15587e956e
ftp://updates.redhat.com/7.1/en/os/i386/kdelibs-sound-devel-2.2.2-0.71.4.i386.rpm
Missing file		     70501f524501f8fd7d0d5d96f17df8e4
 
Red Hat Linux 7.2
SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/kdelibs-2.2.2-9.src.rpm
Missing file		     f0e606206f10a86c06abbf626a9a1e32
 
IA-32:
ftp://updates.redhat.com/7.2/en/os/i386/arts-2.2.2-9.i386.rpm
Missing file		     abf35ed90bb162a14d96e0e3ed80ce5c
ftp://updates.redhat.com/7.2/en/os/i386/kdelibs-2.2.2-9.i386.rpm
Missing file		     407f8a272a2858718527fe1adeb73f7c
ftp://updates.redhat.com/7.2/en/os/i386/kdelibs-devel-2.2.2-9.i386.rpm
Missing file		     09ef114a24c28843a81fd3a93d06def9
ftp://updates.redhat.com/7.2/en/os/i386/kdelibs-sound-2.2.2-9.i386.rpm
Missing file		     5a951b1aba97b6b363918e31aac793b8
ftp://updates.redhat.com/7.2/en/os/i386/kdelibs-sound-devel-2.2.2-9.i386.rpm
Missing file		     eeee618053e1b54a7a802b3c824f8a79
 
IA-64:
ftp://updates.redhat.com/7.2/en/os/ia64/arts-2.2.2-9.ia64.rpm
Missing file		     1b3acc69dcc82c8da42510ba6ff820e6
ftp://updates.redhat.com/7.2/en/os/ia64/kdelibs-2.2.2-9.ia64.rpm
Missing file		     4172adfd6f35319b7e340952c3c51ba0
ftp://updates.redhat.com/7.2/en/os/ia64/kdelibs-devel-2.2.2-9.ia64.rpm
Missing file		     20fb1ceb572442e36b91e55c7f29d25d
ftp://updates.redhat.com/7.2/en/os/ia64/kdelibs-sound-2.2.2-9.ia64.rpm
Missing file		     b7348ef4c58931909887a3423c165934
ftp://updates.redhat.com/7.2/en/os/ia64/kdelibs-sound-devel-2.2.2-9.ia64.rpm
Missing file		     0fa84d0a287a99e21e868f9083bbea06
 
Red Hat Linux 7.3
SRPMS:
ftp://updates.redhat.com/7.3/en/os/SRPMS/kdelibs-3.0.5a-0.73.2.src.rpm
Missing file		     ddef1b344b16cdb584059f97e821c333
 
IA-32:
ftp://updates.redhat.com/7.3/en/os/i386/kdelibs-3.0.5a-0.73.2.i386.rpm
Missing file		     6e0cbe8a3e8b33f623c4d501b7d26877
ftp://updates.redhat.com/7.3/en/os/i386/kdelibs-devel-3.0.5a-0.73.2.i386.rpm
Missing file		     0e97182a28611de9ea0119103f479905
 
Red Hat Linux 8.0
SRPMS:
ftp://updates.redhat.com/8.0/en/os/SRPMS/kdebase-3.0.5a-7.src.rpm
Missing file		     38301d9a86c7cfa7b3306b611723ca3e
ftp://updates.redhat.com/8.0/en/os/SRPMS/kdelibs-3.0.5a-5.src.rpm
Missing file		     009c6d4ffe443db08a5fcc5c0f04b97a
 
IA-32:
kdebase-3.0.5a-7.i386.rpm
File outdated by:  RHSA-2003:269		     334fa6eb3219f54369c5dc8db9e388e6
kdebase-devel-3.0.5a-7.i386.rpm
File outdated by:  RHSA-2003:269		     4948edc5074c44fc8e4c72f2b993eafb
ftp://updates.redhat.com/8.0/en/os/i386/kdelibs-3.0.5a-5.i386.rpm
Missing file		     99ff88d8aa0637fbf937a9f382c37be9
ftp://updates.redhat.com/8.0/en/os/i386/kdelibs-devel-3.0.5a-5.i386.rpm
Missing file		     b21289b88103a05045176d91e069cc7b
 
Red Hat Linux 9
SRPMS:
kdelibs-3.1-12.src.rpm
File outdated by:  RHSA-2004:075		     217bc64be32a3cc02015ceb951866e09
 
IA-32:
kdelibs-3.1-12.i386.rpm
File outdated by:  RHSA-2004:075		     3b91bd88d333cdd13f1dcdafec446041
kdelibs-devel-3.1-12.i386.rpm
File outdated by:  RHSA-2004:075		     178ea05e34d179c16543fe7cec939257
 

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0459
http://www.kde.org/info/security/advisory-20030729-1.txt

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/