Security Advisory kdelibs security update

Advisory: RHSA-2006:0720-5
Type: Security Advisory
Severity: Critical
Issued on: 2006-10-18
Last updated on: 2006-10-18
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
OVAL: N/A
CVEs (cve.mitre.org): CVE-2006-4811

Details

Updated kdelibs packages that correct an integer overflow flaw are now
available.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

The kdelibs package provides libraries for the K Desktop Environment (KDE).
Qt is a GUI software toolkit for the X Window System.

An integer overflow flaw was found in the way Qt handled pixmap images.
The KDE khtml library uses Qt in such a way that untrusted parameters could
be passed to Qt, triggering the overflow. An attacker could for example
create a malicious web page that when viewed by a victim in the Konqueror
browser would cause Konqueror to crash or possibly execute arbitrary code
with the privileges of the victim. (CVE-2006-4811)

Users of KDE should upgrade to these updated packages, which contain a
backported patch to correct this issue.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Desktop (v. 3)

SRPMS:
kdelibs-3.1.3-6.12.src.rpm     cdeb513ec6b326e719373afb39420b92
 
IA-32:
kdelibs-3.1.3-6.12.i386.rpm     403f8d641cfeda9efd11a3c977b8afe7
kdelibs-devel-3.1.3-6.12.i386.rpm     1d572edb05e3c2fe8c5d77941a568cb8
 
x86_64:
kdelibs-3.1.3-6.12.i386.rpm     403f8d641cfeda9efd11a3c977b8afe7
kdelibs-3.1.3-6.12.x86_64.rpm     05cddb98cc096807430e17eab725d811
kdelibs-devel-3.1.3-6.12.x86_64.rpm     2ec6fcb91b8cf102e915755dd08632bd
 
Red Hat Desktop (v. 4)

SRPMS:
kdelibs-3.3.1-6.RHEL4.src.rpm
File outdated by:  RHBA-2008:0670
    d07aedc884e8060bb5cbadce17445170
 
IA-32:
kdelibs-3.3.1-6.RHEL4.i386.rpm
File outdated by:  RHBA-2008:0670
    39ca7148c5937f9884163764ade919c6
kdelibs-devel-3.3.1-6.RHEL4.i386.rpm
File outdated by:  RHBA-2008:0670
    d86a20d022f4ea51d8875b487c1c75da
 
x86_64:
kdelibs-3.3.1-6.RHEL4.i386.rpm
File outdated by:  RHBA-2008:0670
    39ca7148c5937f9884163764ade919c6
kdelibs-3.3.1-6.RHEL4.x86_64.rpm
File outdated by:  RHBA-2008:0670
    84bbed7e29aaab4bba60154ff934985c
kdelibs-devel-3.3.1-6.RHEL4.x86_64.rpm
File outdated by:  RHBA-2008:0670
    cde349bab7f05a191e2d8cdbd150be65
 
Red Hat Enterprise Linux AS (v. 2.1)

SRPMS:
kdelibs-2.2.2-21.EL2.src.rpm     7bb39d081bee9bfa1413e78c9ff0f2b3
 
IA-32:
arts-2.2.2-21.EL2.i386.rpm     e0ee638b0a77beb375bc060bfaca2641
kdelibs-2.2.2-21.EL2.i386.rpm     03967e80022cf2761be284aa53261e20
kdelibs-devel-2.2.2-21.EL2.i386.rpm     53a1ce03e3f18ef2cd2ebea9ed7435b7
kdelibs-sound-2.2.2-21.EL2.i386.rpm     2c25355a146310d01eef70852d00339a
kdelibs-sound-devel-2.2.2-21.EL2.i386.rpm     47e69160a42afe9e96ea35ac0eac4c24
 
IA-64:
arts-2.2.2-21.EL2.ia64.rpm     f380e28d6a7d8fe6a9ad2b85db431afe
kdelibs-2.2.2-21.EL2.ia64.rpm     d36cf8ece25170b621ec363fdaf1c4d7
kdelibs-devel-2.2.2-21.EL2.ia64.rpm     00d5b7cea3e8180f4b75d12162939ffb
kdelibs-sound-2.2.2-21.EL2.ia64.rpm     d6df99d11aec63bd41fd1c4729500f33
kdelibs-sound-devel-2.2.2-21.EL2.ia64.rpm     294cbf6d4556abe209000a77fe7158c9
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
kdelibs-3.1.3-6.12.src.rpm     cdeb513ec6b326e719373afb39420b92
 
IA-32:
kdelibs-3.1.3-6.12.i386.rpm     403f8d641cfeda9efd11a3c977b8afe7
kdelibs-devel-3.1.3-6.12.i386.rpm     1d572edb05e3c2fe8c5d77941a568cb8
 
IA-64:
kdelibs-3.1.3-6.12.i386.rpm     403f8d641cfeda9efd11a3c977b8afe7
kdelibs-3.1.3-6.12.ia64.rpm     e82d1157966f70ecc76b52b24daf0e4e
kdelibs-devel-3.1.3-6.12.ia64.rpm     53b498e76562c78677ecba5849c8fe1d
 
PPC:
kdelibs-3.1.3-6.12.ppc.rpm     21d58199f68c8397123a2588353804d4
kdelibs-3.1.3-6.12.ppc64.rpm     648937ed5e2debab9a20c359fd98366e
kdelibs-devel-3.1.3-6.12.ppc.rpm     a42a48b95f9a99818162c5935126b095
 
s390:
kdelibs-3.1.3-6.12.s390.rpm     56c438a932ba65b4cd8cb5eb762c13e2
kdelibs-devel-3.1.3-6.12.s390.rpm     a0d89f77b3bbea0645dd4a647fd54418
 
s390x:
kdelibs-3.1.3-6.12.s390.rpm     56c438a932ba65b4cd8cb5eb762c13e2
kdelibs-3.1.3-6.12.s390x.rpm     95a04b9f581838eeb9a5a460888b395d
kdelibs-devel-3.1.3-6.12.s390x.rpm     4900daf824ed5a24a7be87951abc7e46
 
x86_64:
kdelibs-3.1.3-6.12.i386.rpm     403f8d641cfeda9efd11a3c977b8afe7
kdelibs-3.1.3-6.12.x86_64.rpm     05cddb98cc096807430e17eab725d811
kdelibs-devel-3.1.3-6.12.x86_64.rpm     2ec6fcb91b8cf102e915755dd08632bd
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
kdelibs-3.3.1-6.RHEL4.src.rpm
File outdated by:  RHBA-2008:0670
    d07aedc884e8060bb5cbadce17445170
 
IA-32:
kdelibs-3.3.1-6.RHEL4.i386.rpm
File outdated by:  RHBA-2008:0670
    39ca7148c5937f9884163764ade919c6
kdelibs-devel-3.3.1-6.RHEL4.i386.rpm
File outdated by:  RHBA-2008:0670
    d86a20d022f4ea51d8875b487c1c75da
 
IA-64:
kdelibs-3.3.1-6.RHEL4.i386.rpm
File outdated by:  RHBA-2008:0670
    39ca7148c5937f9884163764ade919c6
kdelibs-3.3.1-6.RHEL4.ia64.rpm
File outdated by:  RHBA-2008:0670
    e123583a0a21fb489563815c9c9d1868
kdelibs-devel-3.3.1-6.RHEL4.ia64.rpm
File outdated by:  RHBA-2008:0670
    44fa4375f7b78e612f9b04b11d8bf8f5
 
PPC:
kdelibs-3.3.1-6.RHEL4.ppc.rpm
File outdated by:  RHBA-2008:0670
    c18280f098ff9b6d99dd58ad51782041
kdelibs-3.3.1-6.RHEL4.ppc64.rpm
File outdated by:  RHBA-2008:0670
    1c334f023c58a14d572454e9b45f1b2b
kdelibs-devel-3.3.1-6.RHEL4.ppc.rpm
File outdated by:  RHBA-2008:0670
    095995d375aa9760e4a4c1bdb9388634
 
s390:
kdelibs-3.3.1-6.RHEL4.s390.rpm
File outdated by:  RHBA-2008:0670
    85f41346ff63f6d21f39dd3febbec970
kdelibs-devel-3.3.1-6.RHEL4.s390.rpm
File outdated by:  RHBA-2008:0670
    8ec078b136feb262c48b44ed36c5dc2e
 
s390x:
kdelibs-3.3.1-6.RHEL4.s390.rpm
File outdated by:  RHBA-2008:0670
    85f41346ff63f6d21f39dd3febbec970
kdelibs-3.3.1-6.RHEL4.s390x.rpm
File outdated by:  RHBA-2008:0670
    9e610b0137cce3c69aa0e07a937171e1
kdelibs-devel-3.3.1-6.RHEL4.s390x.rpm
File outdated by:  RHBA-2008:0670
    f9cbe45ea627ac1239568ec1a71052fb
 
x86_64:
kdelibs-3.3.1-6.RHEL4.i386.rpm
File outdated by:  RHBA-2008:0670
    39ca7148c5937f9884163764ade919c6
kdelibs-3.3.1-6.RHEL4.x86_64.rpm
File outdated by:  RHBA-2008:0670
    84bbed7e29aaab4bba60154ff934985c
kdelibs-devel-3.3.1-6.RHEL4.x86_64.rpm
File outdated by:  RHBA-2008:0670
    cde349bab7f05a191e2d8cdbd150be65
 
Red Hat Enterprise Linux ES (v. 2.1)

SRPMS:
kdelibs-2.2.2-21.EL2.src.rpm     7bb39d081bee9bfa1413e78c9ff0f2b3
 
IA-32:
arts-2.2.2-21.EL2.i386.rpm     e0ee638b0a77beb375bc060bfaca2641
kdelibs-2.2.2-21.EL2.i386.rpm     03967e80022cf2761be284aa53261e20
kdelibs-devel-2.2.2-21.EL2.i386.rpm     53a1ce03e3f18ef2cd2ebea9ed7435b7
kdelibs-sound-2.2.2-21.EL2.i386.rpm     2c25355a146310d01eef70852d00339a
kdelibs-sound-devel-2.2.2-21.EL2.i386.rpm     47e69160a42afe9e96ea35ac0eac4c24
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
kdelibs-3.1.3-6.12.src.rpm     cdeb513ec6b326e719373afb39420b92
 
IA-32:
kdelibs-3.1.3-6.12.i386.rpm     403f8d641cfeda9efd11a3c977b8afe7
kdelibs-devel-3.1.3-6.12.i386.rpm     1d572edb05e3c2fe8c5d77941a568cb8
 
IA-64:
kdelibs-3.1.3-6.12.i386.rpm     403f8d641cfeda9efd11a3c977b8afe7
kdelibs-3.1.3-6.12.ia64.rpm     e82d1157966f70ecc76b52b24daf0e4e
kdelibs-devel-3.1.3-6.12.ia64.rpm     53b498e76562c78677ecba5849c8fe1d
 
x86_64:
kdelibs-3.1.3-6.12.i386.rpm     403f8d641cfeda9efd11a3c977b8afe7
kdelibs-3.1.3-6.12.x86_64.rpm     05cddb98cc096807430e17eab725d811
kdelibs-devel-3.1.3-6.12.x86_64.rpm     2ec6fcb91b8cf102e915755dd08632bd
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
kdelibs-3.3.1-6.RHEL4.src.rpm
File outdated by:  RHBA-2008:0670
    d07aedc884e8060bb5cbadce17445170
 
IA-32:
kdelibs-3.3.1-6.RHEL4.i386.rpm
File outdated by:  RHBA-2008:0670
    39ca7148c5937f9884163764ade919c6
kdelibs-devel-3.3.1-6.RHEL4.i386.rpm
File outdated by:  RHBA-2008:0670
    d86a20d022f4ea51d8875b487c1c75da
 
IA-64:
kdelibs-3.3.1-6.RHEL4.i386.rpm
File outdated by:  RHBA-2008:0670
    39ca7148c5937f9884163764ade919c6
kdelibs-3.3.1-6.RHEL4.ia64.rpm
File outdated by:  RHBA-2008:0670
    e123583a0a21fb489563815c9c9d1868
kdelibs-devel-3.3.1-6.RHEL4.ia64.rpm
File outdated by:  RHBA-2008:0670
    44fa4375f7b78e612f9b04b11d8bf8f5
 
x86_64:
kdelibs-3.3.1-6.RHEL4.i386.rpm
File outdated by:  RHBA-2008:0670
    39ca7148c5937f9884163764ade919c6
kdelibs-3.3.1-6.RHEL4.x86_64.rpm
File outdated by:  RHBA-2008:0670
    84bbed7e29aaab4bba60154ff934985c
kdelibs-devel-3.3.1-6.RHEL4.x86_64.rpm
File outdated by:  RHBA-2008:0670
    cde349bab7f05a191e2d8cdbd150be65
 
Red Hat Enterprise Linux WS (v. 2.1)

SRPMS:
kdelibs-2.2.2-21.EL2.src.rpm     7bb39d081bee9bfa1413e78c9ff0f2b3
 
IA-32:
arts-2.2.2-21.EL2.i386.rpm     e0ee638b0a77beb375bc060bfaca2641
kdelibs-2.2.2-21.EL2.i386.rpm     03967e80022cf2761be284aa53261e20
kdelibs-devel-2.2.2-21.EL2.i386.rpm     53a1ce03e3f18ef2cd2ebea9ed7435b7
kdelibs-sound-2.2.2-21.EL2.i386.rpm     2c25355a146310d01eef70852d00339a
kdelibs-sound-devel-2.2.2-21.EL2.i386.rpm     47e69160a42afe9e96ea35ac0eac4c24
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
kdelibs-3.1.3-6.12.src.rpm     cdeb513ec6b326e719373afb39420b92
 
IA-32:
kdelibs-3.1.3-6.12.i386.rpm     403f8d641cfeda9efd11a3c977b8afe7
kdelibs-devel-3.1.3-6.12.i386.rpm     1d572edb05e3c2fe8c5d77941a568cb8
 
IA-64:
kdelibs-3.1.3-6.12.i386.rpm     403f8d641cfeda9efd11a3c977b8afe7
kdelibs-3.1.3-6.12.ia64.rpm     e82d1157966f70ecc76b52b24daf0e4e
kdelibs-devel-3.1.3-6.12.ia64.rpm     53b498e76562c78677ecba5849c8fe1d
 
x86_64:
kdelibs-3.1.3-6.12.i386.rpm     403f8d641cfeda9efd11a3c977b8afe7
kdelibs-3.1.3-6.12.x86_64.rpm     05cddb98cc096807430e17eab725d811
kdelibs-devel-3.1.3-6.12.x86_64.rpm     2ec6fcb91b8cf102e915755dd08632bd
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
kdelibs-3.3.1-6.RHEL4.src.rpm
File outdated by:  RHBA-2008:0670
    d07aedc884e8060bb5cbadce17445170
 
IA-32:
kdelibs-3.3.1-6.RHEL4.i386.rpm
File outdated by:  RHBA-2008:0670
    39ca7148c5937f9884163764ade919c6
kdelibs-devel-3.3.1-6.RHEL4.i386.rpm
File outdated by:  RHBA-2008:0670
    d86a20d022f4ea51d8875b487c1c75da
 
IA-64:
kdelibs-3.3.1-6.RHEL4.i386.rpm
File outdated by:  RHBA-2008:0670
    39ca7148c5937f9884163764ade919c6
kdelibs-3.3.1-6.RHEL4.ia64.rpm
File outdated by:  RHBA-2008:0670
    e123583a0a21fb489563815c9c9d1868
kdelibs-devel-3.3.1-6.RHEL4.ia64.rpm
File outdated by:  RHBA-2008:0670
    44fa4375f7b78e612f9b04b11d8bf8f5
 
x86_64:
kdelibs-3.3.1-6.RHEL4.i386.rpm
File outdated by:  RHBA-2008:0670
    39ca7148c5937f9884163764ade919c6
kdelibs-3.3.1-6.RHEL4.x86_64.rpm
File outdated by:  RHBA-2008:0670
    84bbed7e29aaab4bba60154ff934985c
kdelibs-devel-3.3.1-6.RHEL4.x86_64.rpm
File outdated by:  RHBA-2008:0670
    cde349bab7f05a191e2d8cdbd150be65
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor

SRPMS:
kdelibs-2.2.2-21.EL2.src.rpm     7bb39d081bee9bfa1413e78c9ff0f2b3
 
IA-64:
arts-2.2.2-21.EL2.ia64.rpm     f380e28d6a7d8fe6a9ad2b85db431afe
kdelibs-2.2.2-21.EL2.ia64.rpm     d36cf8ece25170b621ec363fdaf1c4d7
kdelibs-devel-2.2.2-21.EL2.ia64.rpm     00d5b7cea3e8180f4b75d12162939ffb
kdelibs-sound-2.2.2-21.EL2.ia64.rpm     d6df99d11aec63bd41fd1c4729500f33
kdelibs-sound-devel-2.2.2-21.EL2.ia64.rpm     294cbf6d4556abe209000a77fe7158c9
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

210742 - CVE-2006-4811 qt integer overflow


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/