Skip to navigation

Security Advisory kdelibs security update

Advisory: RHSA-2004:222-11
Type: Security Advisory
Severity: Important
Issued on: 2004-05-17
Last updated on: 2004-05-17
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2004-0411

Details

Updated kdelibs packages that fix telnet URI handler and mailto URI handler
file vulnerabilities are now available.

The kdelibs packages include libraries for the K Desktop Environment.

KDE Libraries include: kdecore (KDE core library), kdeui (user interface),
kfm (file manager), khtmlw (HTML widget), kio (Input/Output, networking),
kspell (spelling checker), jscript (javascript), kab (addressbook), kimgio
(image manipulation). Konqueror is a file manager and Web browser for the
K Desktop Environment (KDE).

iDEFENSE identified a vulnerability in the Opera web browser that could
allow remote attackers to create or truncate arbitrary files. The KDE team
has found two similar vulnerabilities that also exist in KDE.

A flaw in the telnet URI handler may allow options to be passed to the
telnet program, resulting in creation or replacement of files. An attacker
could create a carefully crafted link such that when opened by a victim it
creates or overwrites a file with the victim's permissions.

A flaw in the mailto URI handler may allow options to be passed to the
kmail program. These options could cause kmail to write to the file system
or to run on a remote X display. An attacker could create a carefully
crafted link in such a way that access may be obtained to run arbitrary
code as the victim.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0411 to these issues.

Note: Red Hat Enterprise Linux 2.1 is only vulnerable to the mailto URI
flaw as a previous update shipped without a telnet.protocol file.

All users of KDE are advised to upgrade to these erratum packages, which
contain a backported patch for these issues.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

If up2date fails to connect to Red Hat Network due to SSL
Certificate Errors, you need to install a version of the
up2date client with an updated certificate. The latest version of
up2date is available from the Red Hat FTP site and may also be
downloaded directly from the RHN website:

https://rhn.redhat.com/help/latest-up2date.pxt

Updated packages

Red Hat Desktop (v. 3)

SRPMS:
kdelibs-3.1.3-6.4.src.rpm
File outdated by:  RHSA-2009:1128
    MD5: 5a8bcb4feb3e4fa9a2cc646eb6321c83
kdelibs-3.1.3-6.4.src.rpm
File outdated by:  RHSA-2009:1128
    MD5: 5a8bcb4feb3e4fa9a2cc646eb6321c83
 
IA-32:
kdelibs-3.1.3-6.4.i386.rpm
File outdated by:  RHSA-2009:1128
    MD5: 710fb1f4089e86101e95292564625387
kdelibs-devel-3.1.3-6.4.i386.rpm
File outdated by:  RHSA-2009:1128
    MD5: 5a7c254d028fa2ec3a3e4bf1cc7ee989
 
x86_64:
kdelibs-3.1.3-6.4.x86_64.rpm
File outdated by:  RHSA-2009:1128
    MD5: 7561fc225c179a046e7a2fbe85e56123
kdelibs-devel-3.1.3-6.4.x86_64.rpm
File outdated by:  RHSA-2009:1128
    MD5: 2d9da6a96c40c2d0956ed5692860b2ca
 
Red Hat Enterprise Linux AS (v. 2.1)

SRPMS:
kdelibs-2.2.2-11.src.rpm
File outdated by:  RHSA-2006:0720
    MD5: e4f2075b6f80f7dc855d786816634e44
kdelibs-2.2.2-11.src.rpm
File outdated by:  RHSA-2006:0720
    MD5: e4f2075b6f80f7dc855d786816634e44
 
IA-32:
arts-2.2.2-11.i386.rpm
File outdated by:  RHSA-2006:0720
    MD5: 240c6505acec2356220b76477de9cfe9
kdelibs-2.2.2-11.i386.rpm
File outdated by:  RHSA-2006:0720
    MD5: c7d1747dea5001e2de47ed6a278def66
kdelibs-devel-2.2.2-11.i386.rpm
File outdated by:  RHSA-2006:0720
    MD5: f0c464c5cbca39beada246396d90adc8
kdelibs-sound-2.2.2-11.i386.rpm
File outdated by:  RHSA-2006:0720
    MD5: 24767eda2c7bc7c3dedec88ab1cef637
kdelibs-sound-devel-2.2.2-11.i386.rpm
File outdated by:  RHSA-2006:0720
    MD5: 305b3988acb971e46d0cfc76d41efbdf
 
IA-64:
arts-2.2.2-11.ia64.rpm
File outdated by:  RHSA-2006:0720
    MD5: 45647631fb31fccd8de357dfb7285a69
kdelibs-2.2.2-11.ia64.rpm
File outdated by:  RHSA-2006:0720
    MD5: aadc9d79bddbaac5e8c0adf287b06405
kdelibs-devel-2.2.2-11.ia64.rpm
File outdated by:  RHSA-2006:0720
    MD5: 54546bdd2f2d9849119533ca1bb0cfcf
kdelibs-sound-2.2.2-11.ia64.rpm
File outdated by:  RHSA-2006:0720
    MD5: a6a516b72e2666a246c657868b31cdc4
kdelibs-sound-devel-2.2.2-11.ia64.rpm
File outdated by:  RHSA-2006:0720
    MD5: 7e65d97bf1f95241d21a7f2bd853d5ec
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
kdelibs-3.1.3-6.4.src.rpm
File outdated by:  RHSA-2009:1128
    MD5: 5a8bcb4feb3e4fa9a2cc646eb6321c83
kdelibs-3.1.3-6.4.src.rpm
File outdated by:  RHSA-2009:1128
    MD5: 5a8bcb4feb3e4fa9a2cc646eb6321c83
 
IA-32:
kdelibs-3.1.3-6.4.i386.rpm
File outdated by:  RHSA-2009:1128
    MD5: 710fb1f4089e86101e95292564625387
kdelibs-devel-3.1.3-6.4.i386.rpm
File outdated by:  RHSA-2009:1128
    MD5: 5a7c254d028fa2ec3a3e4bf1cc7ee989
 
IA-64:
kdelibs-3.1.3-6.4.ia64.rpm
File outdated by:  RHSA-2009:1128
    MD5: 438ef0cd01e512e1822eb819cde5f405
kdelibs-devel-3.1.3-6.4.ia64.rpm
File outdated by:  RHSA-2009:1128
    MD5: 57ba2bdf60aa052d1fb0ca4df4295580
 
PPC:
kdelibs-3.1.3-6.4.ppc.rpm
File outdated by:  RHSA-2009:1128
    MD5: 6b9095e86b9698606d1def4b24c1c7af
kdelibs-devel-3.1.3-6.4.ppc.rpm
File outdated by:  RHSA-2009:1128
    MD5: beb3ebde3ba83c40d5991b3d57e0434b
 
s390:
kdelibs-3.1.3-6.4.s390.rpm
File outdated by:  RHSA-2009:1128
    MD5: d43e989c92cf19ff5cf5ea84f13937f1
kdelibs-devel-3.1.3-6.4.s390.rpm
File outdated by:  RHSA-2009:1128
    MD5: 38e2c6995f70cecec99e2460d76aeb30
 
s390x:
kdelibs-3.1.3-6.4.s390x.rpm
File outdated by:  RHSA-2009:1128
    MD5: 0abe3254d8fcd1f55bd6dea9bb32b4f1
kdelibs-devel-3.1.3-6.4.s390x.rpm
File outdated by:  RHSA-2009:1128
    MD5: 7d45ff3567e12259f58f1a082d5a4ad4
 
x86_64:
kdelibs-3.1.3-6.4.x86_64.rpm
File outdated by:  RHSA-2009:1128
    MD5: 7561fc225c179a046e7a2fbe85e56123
kdelibs-devel-3.1.3-6.4.x86_64.rpm
File outdated by:  RHSA-2009:1128
    MD5: 2d9da6a96c40c2d0956ed5692860b2ca
 
Red Hat Enterprise Linux ES (v. 2.1)

SRPMS:
kdelibs-2.2.2-11.src.rpm
File outdated by:  RHSA-2006:0720
    MD5: e4f2075b6f80f7dc855d786816634e44
kdelibs-2.2.2-11.src.rpm
File outdated by:  RHSA-2006:0720
    MD5: e4f2075b6f80f7dc855d786816634e44
 
IA-32:
arts-2.2.2-11.i386.rpm
File outdated by:  RHSA-2006:0720
    MD5: 240c6505acec2356220b76477de9cfe9
kdelibs-2.2.2-11.i386.rpm
File outdated by:  RHSA-2006:0720
    MD5: c7d1747dea5001e2de47ed6a278def66
kdelibs-devel-2.2.2-11.i386.rpm
File outdated by:  RHSA-2006:0720
    MD5: f0c464c5cbca39beada246396d90adc8
kdelibs-sound-2.2.2-11.i386.rpm
File outdated by:  RHSA-2006:0720
    MD5: 24767eda2c7bc7c3dedec88ab1cef637
kdelibs-sound-devel-2.2.2-11.i386.rpm
File outdated by:  RHSA-2006:0720
    MD5: 305b3988acb971e46d0cfc76d41efbdf
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
kdelibs-3.1.3-6.4.src.rpm
File outdated by:  RHSA-2009:1128
    MD5: 5a8bcb4feb3e4fa9a2cc646eb6321c83
kdelibs-3.1.3-6.4.src.rpm
File outdated by:  RHSA-2009:1128
    MD5: 5a8bcb4feb3e4fa9a2cc646eb6321c83
 
IA-32:
kdelibs-3.1.3-6.4.i386.rpm
File outdated by:  RHSA-2009:1128
    MD5: 710fb1f4089e86101e95292564625387
kdelibs-devel-3.1.3-6.4.i386.rpm
File outdated by:  RHSA-2009:1128
    MD5: 5a7c254d028fa2ec3a3e4bf1cc7ee989
 
IA-64:
kdelibs-3.1.3-6.4.ia64.rpm
File outdated by:  RHSA-2009:1128
    MD5: 438ef0cd01e512e1822eb819cde5f405
kdelibs-devel-3.1.3-6.4.ia64.rpm
File outdated by:  RHSA-2009:1128
    MD5: 57ba2bdf60aa052d1fb0ca4df4295580
 
x86_64:
kdelibs-3.1.3-6.4.x86_64.rpm
File outdated by:  RHSA-2009:1128
    MD5: 7561fc225c179a046e7a2fbe85e56123
kdelibs-devel-3.1.3-6.4.x86_64.rpm
File outdated by:  RHSA-2009:1128
    MD5: 2d9da6a96c40c2d0956ed5692860b2ca
 
Red Hat Enterprise Linux WS (v. 2.1)

SRPMS:
kdelibs-2.2.2-11.src.rpm
File outdated by:  RHSA-2006:0720
    MD5: e4f2075b6f80f7dc855d786816634e44
kdelibs-2.2.2-11.src.rpm
File outdated by:  RHSA-2006:0720
    MD5: e4f2075b6f80f7dc855d786816634e44
 
IA-32:
arts-2.2.2-11.i386.rpm
File outdated by:  RHSA-2006:0720
    MD5: 240c6505acec2356220b76477de9cfe9
kdelibs-2.2.2-11.i386.rpm
File outdated by:  RHSA-2006:0720
    MD5: c7d1747dea5001e2de47ed6a278def66
kdelibs-devel-2.2.2-11.i386.rpm
File outdated by:  RHSA-2006:0720
    MD5: f0c464c5cbca39beada246396d90adc8
kdelibs-sound-2.2.2-11.i386.rpm
File outdated by:  RHSA-2006:0720
    MD5: 24767eda2c7bc7c3dedec88ab1cef637
kdelibs-sound-devel-2.2.2-11.i386.rpm
File outdated by:  RHSA-2006:0720
    MD5: 305b3988acb971e46d0cfc76d41efbdf
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
kdelibs-3.1.3-6.4.src.rpm
File outdated by:  RHSA-2009:1128
    MD5: 5a8bcb4feb3e4fa9a2cc646eb6321c83
kdelibs-3.1.3-6.4.src.rpm
File outdated by:  RHSA-2009:1128
    MD5: 5a8bcb4feb3e4fa9a2cc646eb6321c83
 
IA-32:
kdelibs-3.1.3-6.4.i386.rpm
File outdated by:  RHSA-2009:1128
    MD5: 710fb1f4089e86101e95292564625387
kdelibs-devel-3.1.3-6.4.i386.rpm
File outdated by:  RHSA-2009:1128
    MD5: 5a7c254d028fa2ec3a3e4bf1cc7ee989
 
IA-64:
kdelibs-3.1.3-6.4.ia64.rpm
File outdated by:  RHSA-2009:1128
    MD5: 438ef0cd01e512e1822eb819cde5f405
kdelibs-devel-3.1.3-6.4.ia64.rpm
File outdated by:  RHSA-2009:1128
    MD5: 57ba2bdf60aa052d1fb0ca4df4295580
 
x86_64:
kdelibs-3.1.3-6.4.x86_64.rpm
File outdated by:  RHSA-2009:1128
    MD5: 7561fc225c179a046e7a2fbe85e56123
kdelibs-devel-3.1.3-6.4.x86_64.rpm
File outdated by:  RHSA-2009:1128
    MD5: 2d9da6a96c40c2d0956ed5692860b2ca
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor

SRPMS:
kdelibs-2.2.2-11.src.rpm
File outdated by:  RHSA-2006:0720
    MD5: e4f2075b6f80f7dc855d786816634e44
kdelibs-2.2.2-11.src.rpm
File outdated by:  RHSA-2006:0720
    MD5: e4f2075b6f80f7dc855d786816634e44
 
IA-64:
arts-2.2.2-11.ia64.rpm
File outdated by:  RHSA-2006:0720
    MD5: 45647631fb31fccd8de357dfb7285a69
kdelibs-2.2.2-11.ia64.rpm
File outdated by:  RHSA-2006:0720
    MD5: aadc9d79bddbaac5e8c0adf287b06405
kdelibs-devel-2.2.2-11.ia64.rpm
File outdated by:  RHSA-2006:0720
    MD5: 54546bdd2f2d9849119533ca1bb0cfcf
kdelibs-sound-2.2.2-11.ia64.rpm
File outdated by:  RHSA-2006:0720
    MD5: a6a516b72e2666a246c657868b31cdc4
kdelibs-sound-devel-2.2.2-11.ia64.rpm
File outdated by:  RHSA-2006:0720
    MD5: 7e65d97bf1f95241d21a7f2bd853d5ec
 

Bugs fixed (see bugzilla for more information)

123232 - CAN-2004-0411 URI filtering vulnerability


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/