Security Advisory kdelibs security update

Advisory: RHSA-2005:612-07
Type: Security Advisory
Severity: Moderate
Issued on: 2005-07-27
Last updated on: 2005-07-27
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
OVAL: N/A
CVEs (cve.mitre.org): CVE-2005-1920

Details

Updated kdelibs packages are now available for Red Hat Enterprise Linux 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

kdelibs contains libraries for the K Desktop Environment.

A flaw was discovered affecting Kate, the KDE advanced text editor, and
Kwrite. Depending on system settings, it may be possible for a local user
to read the backup files created by Kate or Kwrite. The Common
Vulnerabilities and Exposures project assigned the name CAN-2005-1920 to
this issue.

Please note this issue does not affect Red Hat Enterprise Linux 3 or 2.1.

Users of Kate or Kwrite should update to these errata packages which
contains a backported patch from the KDE security team correcting this issue.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Desktop (v. 4)
SRPMS:
kdelibs-3.3.1-3.11.src.rpm
File outdated by:  RHSA-2009:1601		     7ede6e2ce67ea07acfa48f5606221f86
 
IA-32:
kdelibs-3.3.1-3.11.i386.rpm
File outdated by:  RHSA-2009:1601		     c77e6bdb35366f70784e6aa9216bc8bc
kdelibs-devel-3.3.1-3.11.i386.rpm
File outdated by:  RHSA-2009:1601		     6d78e7103dea7680d8e3f12df426ef02
 
x86_64:
kdelibs-3.3.1-3.11.i386.rpm
File outdated by:  RHSA-2009:1601		     c77e6bdb35366f70784e6aa9216bc8bc
kdelibs-3.3.1-3.11.x86_64.rpm
File outdated by:  RHSA-2009:1601		     a7a1caf8c40aafd865f9b8c74b286fc9
kdelibs-devel-3.3.1-3.11.x86_64.rpm
File outdated by:  RHSA-2009:1601		     8ec6fe4ead529b3388468f089731de57
 
Red Hat Enterprise Linux AS (v. 4)
SRPMS:
kdelibs-3.3.1-3.11.src.rpm
File outdated by:  RHSA-2009:1601		     7ede6e2ce67ea07acfa48f5606221f86
 
IA-32:
kdelibs-3.3.1-3.11.i386.rpm
File outdated by:  RHSA-2009:1601		     c77e6bdb35366f70784e6aa9216bc8bc
kdelibs-devel-3.3.1-3.11.i386.rpm
File outdated by:  RHSA-2009:1601		     6d78e7103dea7680d8e3f12df426ef02
 
IA-64:
kdelibs-3.3.1-3.11.i386.rpm
File outdated by:  RHSA-2009:1601		     c77e6bdb35366f70784e6aa9216bc8bc
kdelibs-3.3.1-3.11.ia64.rpm
File outdated by:  RHSA-2009:1601		     0b8b9aca15d8208b84f86bb1bb69c2f0
kdelibs-devel-3.3.1-3.11.ia64.rpm
File outdated by:  RHSA-2009:1601		     978969c1cea859331a148ea684b4545d
 
PPC:
kdelibs-3.3.1-3.11.ppc.rpm
File outdated by:  RHSA-2009:1601		     5944e019680a511a7a70b9a62f4308ea
kdelibs-3.3.1-3.11.ppc64.rpm
File outdated by:  RHSA-2009:1601		     aa8c1691accf4259008ccae4ca1bc2ff
kdelibs-devel-3.3.1-3.11.ppc.rpm
File outdated by:  RHSA-2009:1601		     3b7221663806e81c258b51573386b77f
 
s390:
kdelibs-3.3.1-3.11.s390.rpm
File outdated by:  RHSA-2009:1601		     0a0980c4be1e48695672baef885a17f8
kdelibs-devel-3.3.1-3.11.s390.rpm
File outdated by:  RHSA-2009:1601		     d5e64cea7aa588eeef77860ef7017b64
 
s390x:
kdelibs-3.3.1-3.11.s390.rpm
File outdated by:  RHSA-2009:1601		     0a0980c4be1e48695672baef885a17f8
kdelibs-3.3.1-3.11.s390x.rpm
File outdated by:  RHSA-2009:1601		     fc55eedb0682632e4358b3c93a891ff7
kdelibs-devel-3.3.1-3.11.s390x.rpm
File outdated by:  RHSA-2009:1601		     5d095f1dd6703d6265da51d27167cdfa
 
x86_64:
kdelibs-3.3.1-3.11.i386.rpm
File outdated by:  RHSA-2009:1601		     c77e6bdb35366f70784e6aa9216bc8bc
kdelibs-3.3.1-3.11.x86_64.rpm
File outdated by:  RHSA-2009:1601		     a7a1caf8c40aafd865f9b8c74b286fc9
kdelibs-devel-3.3.1-3.11.x86_64.rpm
File outdated by:  RHSA-2009:1601		     8ec6fe4ead529b3388468f089731de57
 
Red Hat Enterprise Linux ES (v. 4)
SRPMS:
kdelibs-3.3.1-3.11.src.rpm
File outdated by:  RHSA-2009:1601		     7ede6e2ce67ea07acfa48f5606221f86
 
IA-32:
kdelibs-3.3.1-3.11.i386.rpm
File outdated by:  RHSA-2009:1601		     c77e6bdb35366f70784e6aa9216bc8bc
kdelibs-devel-3.3.1-3.11.i386.rpm
File outdated by:  RHSA-2009:1601		     6d78e7103dea7680d8e3f12df426ef02
 
IA-64:
kdelibs-3.3.1-3.11.i386.rpm
File outdated by:  RHSA-2009:1601		     c77e6bdb35366f70784e6aa9216bc8bc
kdelibs-3.3.1-3.11.ia64.rpm
File outdated by:  RHSA-2009:1601		     0b8b9aca15d8208b84f86bb1bb69c2f0
kdelibs-devel-3.3.1-3.11.ia64.rpm
File outdated by:  RHSA-2009:1601		     978969c1cea859331a148ea684b4545d
 
x86_64:
kdelibs-3.3.1-3.11.i386.rpm
File outdated by:  RHSA-2009:1601		     c77e6bdb35366f70784e6aa9216bc8bc
kdelibs-3.3.1-3.11.x86_64.rpm
File outdated by:  RHSA-2009:1601		     a7a1caf8c40aafd865f9b8c74b286fc9
kdelibs-devel-3.3.1-3.11.x86_64.rpm
File outdated by:  RHSA-2009:1601		     8ec6fe4ead529b3388468f089731de57
 
Red Hat Enterprise Linux WS (v. 4)
SRPMS:
kdelibs-3.3.1-3.11.src.rpm
File outdated by:  RHSA-2009:1601		     7ede6e2ce67ea07acfa48f5606221f86
 
IA-32:
kdelibs-3.3.1-3.11.i386.rpm
File outdated by:  RHSA-2009:1601		     c77e6bdb35366f70784e6aa9216bc8bc
kdelibs-devel-3.3.1-3.11.i386.rpm
File outdated by:  RHSA-2009:1601		     6d78e7103dea7680d8e3f12df426ef02
 
IA-64:
kdelibs-3.3.1-3.11.i386.rpm
File outdated by:  RHSA-2009:1601		     c77e6bdb35366f70784e6aa9216bc8bc
kdelibs-3.3.1-3.11.ia64.rpm
File outdated by:  RHSA-2009:1601		     0b8b9aca15d8208b84f86bb1bb69c2f0
kdelibs-devel-3.3.1-3.11.ia64.rpm
File outdated by:  RHSA-2009:1601		     978969c1cea859331a148ea684b4545d
 
x86_64:
kdelibs-3.3.1-3.11.i386.rpm
File outdated by:  RHSA-2009:1601		     c77e6bdb35366f70784e6aa9216bc8bc
kdelibs-3.3.1-3.11.x86_64.rpm
File outdated by:  RHSA-2009:1601		     a7a1caf8c40aafd865f9b8c74b286fc9
kdelibs-devel-3.3.1-3.11.x86_64.rpm
File outdated by:  RHSA-2009:1601		     8ec6fe4ead529b3388468f089731de57
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

163130 - CAN-2005-1920 Kate backup file permissions leak


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1920
http://www.kde.org/info/security/advisory-20050718-1.txt

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/