Security Advisory kdelibs security update

Advisory: RHSA-2003:236-08
Type: Security Advisory
Severity: Moderate
Issued on: 2003-07-30
Last updated on: 2003-07-30
Affected Products: Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
OVAL: N/A
CVEs (cve.mitre.org): CVE-2003-0459

Details

This erratum provides updated KDE packages that resolve a security issue in
Konquerer.

KDE is a graphical desktop environment for the X Window System.
Konqueror is the file manager for the K Desktop Environment.

George Staikos reported that Konqueror may inadvertently send
authentication credentials to websites other than the intended website in
clear text via the HTTP-referer header. This can occur when authentication
credentials are passed as part of a URL in the form http://user:password@host/

Users of Konqueror are advised to upgrade to these erratum packages, which
contain a backported security patch correcting this issue.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Enterprise Linux AS (v. 2.1)
SRPMS:
kdelibs-2.2.2-9.src.rpm     f0e606206f10a86c06abbf626a9a1e32
 
IA-32:
arts-2.2.2-9.i386.rpm
File outdated by:  RHSA-2006:0720		     abf35ed90bb162a14d96e0e3ed80ce5c
kdelibs-2.2.2-9.i386.rpm
File outdated by:  RHSA-2006:0720		     407f8a272a2858718527fe1adeb73f7c
kdelibs-devel-2.2.2-9.i386.rpm
File outdated by:  RHSA-2006:0720		     09ef114a24c28843a81fd3a93d06def9
kdelibs-sound-2.2.2-9.i386.rpm
File outdated by:  RHSA-2006:0720		     5a951b1aba97b6b363918e31aac793b8
kdelibs-sound-devel-2.2.2-9.i386.rpm
File outdated by:  RHSA-2006:0720		     eeee618053e1b54a7a802b3c824f8a79
 
IA-64:
arts-2.2.2-9.ia64.rpm
File outdated by:  RHSA-2006:0720		     1b3acc69dcc82c8da42510ba6ff820e6
kdelibs-2.2.2-9.ia64.rpm
File outdated by:  RHSA-2006:0720		     4172adfd6f35319b7e340952c3c51ba0
kdelibs-devel-2.2.2-9.ia64.rpm
File outdated by:  RHSA-2006:0720		     20fb1ceb572442e36b91e55c7f29d25d
kdelibs-sound-2.2.2-9.ia64.rpm
File outdated by:  RHSA-2006:0720		     b7348ef4c58931909887a3423c165934
kdelibs-sound-devel-2.2.2-9.ia64.rpm
File outdated by:  RHSA-2006:0720		     0fa84d0a287a99e21e868f9083bbea06
 
Red Hat Enterprise Linux ES (v. 2.1)
SRPMS:
kdelibs-2.2.2-9.src.rpm     f0e606206f10a86c06abbf626a9a1e32
 
IA-32:
arts-2.2.2-9.i386.rpm
File outdated by:  RHSA-2006:0720		     abf35ed90bb162a14d96e0e3ed80ce5c
kdelibs-2.2.2-9.i386.rpm
File outdated by:  RHSA-2006:0720		     407f8a272a2858718527fe1adeb73f7c
kdelibs-devel-2.2.2-9.i386.rpm
File outdated by:  RHSA-2006:0720		     09ef114a24c28843a81fd3a93d06def9
kdelibs-sound-2.2.2-9.i386.rpm
File outdated by:  RHSA-2006:0720		     5a951b1aba97b6b363918e31aac793b8
kdelibs-sound-devel-2.2.2-9.i386.rpm
File outdated by:  RHSA-2006:0720		     eeee618053e1b54a7a802b3c824f8a79
 
Red Hat Enterprise Linux WS (v. 2.1)
SRPMS:
kdelibs-2.2.2-9.src.rpm     f0e606206f10a86c06abbf626a9a1e32
 
IA-32:
arts-2.2.2-9.i386.rpm
File outdated by:  RHSA-2006:0720		     abf35ed90bb162a14d96e0e3ed80ce5c
kdelibs-2.2.2-9.i386.rpm
File outdated by:  RHSA-2006:0720		     407f8a272a2858718527fe1adeb73f7c
kdelibs-devel-2.2.2-9.i386.rpm
File outdated by:  RHSA-2006:0720		     09ef114a24c28843a81fd3a93d06def9
kdelibs-sound-2.2.2-9.i386.rpm
File outdated by:  RHSA-2006:0720		     5a951b1aba97b6b363918e31aac793b8
kdelibs-sound-devel-2.2.2-9.i386.rpm
File outdated by:  RHSA-2006:0720		     eeee618053e1b54a7a802b3c824f8a79
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
SRPMS:
kdelibs-2.2.2-9.src.rpm     f0e606206f10a86c06abbf626a9a1e32
 
IA-64:
arts-2.2.2-9.ia64.rpm
File outdated by:  RHSA-2006:0720		     1b3acc69dcc82c8da42510ba6ff820e6
kdelibs-2.2.2-9.ia64.rpm
File outdated by:  RHSA-2006:0720		     4172adfd6f35319b7e340952c3c51ba0
kdelibs-devel-2.2.2-9.ia64.rpm
File outdated by:  RHSA-2006:0720		     20fb1ceb572442e36b91e55c7f29d25d
kdelibs-sound-2.2.2-9.ia64.rpm
File outdated by:  RHSA-2006:0720		     b7348ef4c58931909887a3423c165934
kdelibs-sound-devel-2.2.2-9.ia64.rpm
File outdated by:  RHSA-2006:0720		     0fa84d0a287a99e21e868f9083bbea06
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

99089 - CAN-2003-0459 Konqueror information leak via referer header


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0459
http://www.kde.org/info/security/advisory-20030729-1.txt

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/