Security Advisory Important: kdelibs security update

Advisory: RHSA-2009:1128-1
Type: Security Advisory
Severity: Important
Issued on: 2009-06-25
Last updated on: 2009-06-25
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 3)
OVAL: com.redhat.rhsa-20091128.xml
CVEs (cve.mitre.org): CVE-2009-1698

Details

Updated kdelibs packages that fix one security issue are now available for
Red Hat Enterprise Linux 3.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

The kdelibs packages provide libraries for the K Desktop Environment (KDE).

A flaw was found in the way the KDE CSS parser handled content for the
CSS "style" attribute. A remote attacker could create a specially-crafted
CSS equipped HTML page, which once visited by an unsuspecting user, could
cause a denial of service (Konqueror crash) or, potentially, execute
arbitrary code with the privileges of the user running Konqueror.
(CVE-2009-1698)

Users should upgrade to these updated packages, which contain a backported
patch to correct this issue. The desktop must be restarted (log out, then
log back in) for this update to take effect.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

Red Hat Desktop (v. 3)
SRPMS:
kdelibs-3.1.3-6.13.src.rpm     9631b2304937cee507abc031294aa44d
 
IA-32:
kdelibs-3.1.3-6.13.i386.rpm     ffa4146ac13aa9ec54bcfbf2d05c9e32
kdelibs-devel-3.1.3-6.13.i386.rpm     695941f3f174baef77bf034460256942
 
x86_64:
kdelibs-3.1.3-6.13.i386.rpm     ffa4146ac13aa9ec54bcfbf2d05c9e32
kdelibs-3.1.3-6.13.x86_64.rpm     1e6d7821d1f1b8db59115d04066b39a2
kdelibs-devel-3.1.3-6.13.x86_64.rpm     5500ba62f5a9010f143a47915388d6ee
 
Red Hat Enterprise Linux AS (v. 3)
SRPMS:
kdelibs-3.1.3-6.13.src.rpm     9631b2304937cee507abc031294aa44d
 
IA-32:
kdelibs-3.1.3-6.13.i386.rpm     ffa4146ac13aa9ec54bcfbf2d05c9e32
kdelibs-devel-3.1.3-6.13.i386.rpm     695941f3f174baef77bf034460256942
 
IA-64:
kdelibs-3.1.3-6.13.i386.rpm     ffa4146ac13aa9ec54bcfbf2d05c9e32
kdelibs-3.1.3-6.13.ia64.rpm     09dccac994c5365ef115b2b0c98579ad
kdelibs-devel-3.1.3-6.13.ia64.rpm     a5bb8a6f9e234d2c1a86bb7dd6491780
 
PPC:
kdelibs-3.1.3-6.13.ppc.rpm     374b303ecbb78896d9d78a1d80ab3da1
kdelibs-3.1.3-6.13.ppc64.rpm     19ff2cba9a91ac8395aa46089f542f88
kdelibs-devel-3.1.3-6.13.ppc.rpm     2da991ecb0bb56db5d482b17d6bd28da
 
s390:
kdelibs-3.1.3-6.13.s390.rpm     102cda1e897a2076d3d97ce89be14696
kdelibs-devel-3.1.3-6.13.s390.rpm     7ecb90d8abc787ae1ef47a2a3b5c112c
 
s390x:
kdelibs-3.1.3-6.13.s390.rpm     102cda1e897a2076d3d97ce89be14696
kdelibs-3.1.3-6.13.s390x.rpm     ec7f2719b7ae3938a5f5ad4b852d08f4
kdelibs-devel-3.1.3-6.13.s390x.rpm     d4c3247b6566eea4b5254505542eb95b
 
x86_64:
kdelibs-3.1.3-6.13.i386.rpm     ffa4146ac13aa9ec54bcfbf2d05c9e32
kdelibs-3.1.3-6.13.x86_64.rpm     1e6d7821d1f1b8db59115d04066b39a2
kdelibs-devel-3.1.3-6.13.x86_64.rpm     5500ba62f5a9010f143a47915388d6ee
 
Red Hat Enterprise Linux ES (v. 3)
SRPMS:
kdelibs-3.1.3-6.13.src.rpm     9631b2304937cee507abc031294aa44d
 
IA-32:
kdelibs-3.1.3-6.13.i386.rpm     ffa4146ac13aa9ec54bcfbf2d05c9e32
kdelibs-devel-3.1.3-6.13.i386.rpm     695941f3f174baef77bf034460256942
 
IA-64:
kdelibs-3.1.3-6.13.i386.rpm     ffa4146ac13aa9ec54bcfbf2d05c9e32
kdelibs-3.1.3-6.13.ia64.rpm     09dccac994c5365ef115b2b0c98579ad
kdelibs-devel-3.1.3-6.13.ia64.rpm     a5bb8a6f9e234d2c1a86bb7dd6491780
 
x86_64:
kdelibs-3.1.3-6.13.i386.rpm     ffa4146ac13aa9ec54bcfbf2d05c9e32
kdelibs-3.1.3-6.13.x86_64.rpm     1e6d7821d1f1b8db59115d04066b39a2
kdelibs-devel-3.1.3-6.13.x86_64.rpm     5500ba62f5a9010f143a47915388d6ee
 
Red Hat Enterprise Linux WS (v. 3)
SRPMS:
kdelibs-3.1.3-6.13.src.rpm     9631b2304937cee507abc031294aa44d
 
IA-32:
kdelibs-3.1.3-6.13.i386.rpm     ffa4146ac13aa9ec54bcfbf2d05c9e32
kdelibs-devel-3.1.3-6.13.i386.rpm     695941f3f174baef77bf034460256942
 
IA-64:
kdelibs-3.1.3-6.13.i386.rpm     ffa4146ac13aa9ec54bcfbf2d05c9e32
kdelibs-3.1.3-6.13.ia64.rpm     09dccac994c5365ef115b2b0c98579ad
kdelibs-devel-3.1.3-6.13.ia64.rpm     a5bb8a6f9e234d2c1a86bb7dd6491780
 
x86_64:
kdelibs-3.1.3-6.13.i386.rpm     ffa4146ac13aa9ec54bcfbf2d05c9e32
kdelibs-3.1.3-6.13.x86_64.rpm     1e6d7821d1f1b8db59115d04066b39a2
kdelibs-devel-3.1.3-6.13.x86_64.rpm     5500ba62f5a9010f143a47915388d6ee
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

506469 - CVE-2009-1698 kdelibs: KHTML CSS parser - incorrect handling CSS "style" attribute content (DoS, ACE)


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1698
http://www.redhat.com/security/updates/classification/#important

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/