Skip to navigation

Security Advisory kdegraphics security update

Advisory: RHSA-2005:021-09
Type: Security Advisory
Severity: Moderate
Issued on: 2005-04-12
Last updated on: 2005-04-12
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2004-0803
CVE-2004-0804
CVE-2004-0886
CVE-2004-1307
CVE-2004-1308

Details

Updated kdegraphics packages that resolve multiple security issues in kfax
are now available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team

The kdegraphics package contains graphics applications for the K Desktop
Environment.

During a source code audit, Chris Evans discovered a number of integer
overflow bugs that affect libtiff. The kfax application contains a copy of
the libtiff code used for parsing TIFF files and is therefore affected by
these bugs. An attacker who has the ability to trick a user into opening a
malicious TIFF file could cause kfax to crash or possibly execute arbitrary
code. The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CAN-2004-0886 and CAN-2004-0804 to these issues.

Additionally, a number of buffer overflow bugs that affect libtiff have
been found. The kfax application contains a copy of the libtiff code used
for parsing TIFF files and is therefore affected by these bugs. An attacker
who has the ability to trick a user into opening a malicious TIFF file
could cause kfax to crash or possibly execute arbitrary code. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0803 to this issue.

Users of kfax should upgrade to these updated packages, which contain
backported patches and are not vulnerable to this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Updated packages

Red Hat Desktop (v. 3)

SRPMS:
kdegraphics-3.1.3-3.7.src.rpm
File outdated by:  RHBA-2007:0453
    MD5: 098d4365a90e1ecd3fa326b4eaeafdf9
 
IA-32:
kdegraphics-3.1.3-3.7.i386.rpm
File outdated by:  RHBA-2007:0453
    MD5: a768939d2774477968e5bc9016455788
kdegraphics-devel-3.1.3-3.7.i386.rpm
File outdated by:  RHBA-2007:0453
    MD5: 2e4a2609ea06483c8636f375a2d93de3
 
x86_64:
kdegraphics-3.1.3-3.7.x86_64.rpm
File outdated by:  RHBA-2007:0453
    MD5: 4a9b219edbf5739ccdd46b78070098cc
kdegraphics-devel-3.1.3-3.7.x86_64.rpm
File outdated by:  RHBA-2007:0453
    MD5: 93f19316014856fc2fddf27c245363ec
 
Red Hat Enterprise Linux AS (v. 2.1)

IA-32:
kdegraphics-2.2.2-4.3.i386.rpm
File outdated by:  RHSA-2006:0648
    MD5: 7981553ce8dc8008f4082ec508d9c81b
kdegraphics-devel-2.2.2-4.3.i386.rpm
File outdated by:  RHSA-2006:0648
    MD5: ca21293d2cc1c94fed9cd80a657ccfcf
 
IA-64:
kdegraphics-2.2.2-4.3.ia64.rpm
File outdated by:  RHSA-2006:0648
    MD5: 3e5155a70b34ac63d2e8f78c36227c03
kdegraphics-devel-2.2.2-4.3.ia64.rpm
File outdated by:  RHSA-2006:0648
    MD5: 9048cccb8784a8fb03fea0be1c378c68
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
kdegraphics-3.1.3-3.7.src.rpm
File outdated by:  RHBA-2007:0453
    MD5: 098d4365a90e1ecd3fa326b4eaeafdf9
 
IA-32:
kdegraphics-3.1.3-3.7.i386.rpm
File outdated by:  RHBA-2007:0453
    MD5: a768939d2774477968e5bc9016455788
kdegraphics-devel-3.1.3-3.7.i386.rpm
File outdated by:  RHBA-2007:0453
    MD5: 2e4a2609ea06483c8636f375a2d93de3
 
IA-64:
kdegraphics-3.1.3-3.7.ia64.rpm
File outdated by:  RHBA-2007:0453
    MD5: 34eae83f27922303b9c286a21f881c75
kdegraphics-devel-3.1.3-3.7.ia64.rpm
File outdated by:  RHBA-2007:0453
    MD5: 37895d0ebd1a73d2b98fe400cf1af084
 
PPC:
kdegraphics-3.1.3-3.7.ppc.rpm
File outdated by:  RHBA-2007:0453
    MD5: 175a1cbb8a9301399e8b8392429f16b1
kdegraphics-devel-3.1.3-3.7.ppc.rpm
File outdated by:  RHBA-2007:0453
    MD5: a5a416457f1b3f528853f1912aab9d5c
 
s390:
kdegraphics-3.1.3-3.7.s390.rpm
File outdated by:  RHBA-2007:0453
    MD5: 5901640cbf50090ee322bd9344118178
kdegraphics-devel-3.1.3-3.7.s390.rpm
File outdated by:  RHBA-2007:0453
    MD5: 04c4183f594689db2f249b4a15334e36
 
s390x:
kdegraphics-3.1.3-3.7.s390x.rpm
File outdated by:  RHBA-2007:0453
    MD5: af23175c04e0f09065f40a868a1ba64a
kdegraphics-devel-3.1.3-3.7.s390x.rpm
File outdated by:  RHBA-2007:0453
    MD5: 2fe972d585215ebc13ac99d5c12941d4
 
x86_64:
kdegraphics-3.1.3-3.7.x86_64.rpm
File outdated by:  RHBA-2007:0453
    MD5: 4a9b219edbf5739ccdd46b78070098cc
kdegraphics-devel-3.1.3-3.7.x86_64.rpm
File outdated by:  RHBA-2007:0453
    MD5: 93f19316014856fc2fddf27c245363ec
 
Red Hat Enterprise Linux ES (v. 2.1)

IA-32:
kdegraphics-2.2.2-4.3.i386.rpm
File outdated by:  RHSA-2006:0648
    MD5: 7981553ce8dc8008f4082ec508d9c81b
kdegraphics-devel-2.2.2-4.3.i386.rpm
File outdated by:  RHSA-2006:0648
    MD5: ca21293d2cc1c94fed9cd80a657ccfcf
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
kdegraphics-3.1.3-3.7.src.rpm
File outdated by:  RHBA-2007:0453
    MD5: 098d4365a90e1ecd3fa326b4eaeafdf9
 
IA-32:
kdegraphics-3.1.3-3.7.i386.rpm
File outdated by:  RHBA-2007:0453
    MD5: a768939d2774477968e5bc9016455788
kdegraphics-devel-3.1.3-3.7.i386.rpm
File outdated by:  RHBA-2007:0453
    MD5: 2e4a2609ea06483c8636f375a2d93de3
 
IA-64:
kdegraphics-3.1.3-3.7.ia64.rpm
File outdated by:  RHBA-2007:0453
    MD5: 34eae83f27922303b9c286a21f881c75
kdegraphics-devel-3.1.3-3.7.ia64.rpm
File outdated by:  RHBA-2007:0453
    MD5: 37895d0ebd1a73d2b98fe400cf1af084
 
x86_64:
kdegraphics-3.1.3-3.7.x86_64.rpm
File outdated by:  RHBA-2007:0453
    MD5: 4a9b219edbf5739ccdd46b78070098cc
kdegraphics-devel-3.1.3-3.7.x86_64.rpm
File outdated by:  RHBA-2007:0453
    MD5: 93f19316014856fc2fddf27c245363ec
 
Red Hat Enterprise Linux WS (v. 2.1)

IA-32:
kdegraphics-2.2.2-4.3.i386.rpm
File outdated by:  RHSA-2006:0648
    MD5: 7981553ce8dc8008f4082ec508d9c81b
kdegraphics-devel-2.2.2-4.3.i386.rpm
File outdated by:  RHSA-2006:0648
    MD5: ca21293d2cc1c94fed9cd80a657ccfcf
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
kdegraphics-3.1.3-3.7.src.rpm
File outdated by:  RHBA-2007:0453
    MD5: 098d4365a90e1ecd3fa326b4eaeafdf9
 
IA-32:
kdegraphics-3.1.3-3.7.i386.rpm
File outdated by:  RHBA-2007:0453
    MD5: a768939d2774477968e5bc9016455788
kdegraphics-devel-3.1.3-3.7.i386.rpm
File outdated by:  RHBA-2007:0453
    MD5: 2e4a2609ea06483c8636f375a2d93de3
 
IA-64:
kdegraphics-3.1.3-3.7.ia64.rpm
File outdated by:  RHBA-2007:0453
    MD5: 34eae83f27922303b9c286a21f881c75
kdegraphics-devel-3.1.3-3.7.ia64.rpm
File outdated by:  RHBA-2007:0453
    MD5: 37895d0ebd1a73d2b98fe400cf1af084
 
x86_64:
kdegraphics-3.1.3-3.7.x86_64.rpm
File outdated by:  RHBA-2007:0453
    MD5: 4a9b219edbf5739ccdd46b78070098cc
kdegraphics-devel-3.1.3-3.7.x86_64.rpm
File outdated by:  RHBA-2007:0453
    MD5: 93f19316014856fc2fddf27c245363ec
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor

IA-64:
kdegraphics-2.2.2-4.3.ia64.rpm
File outdated by:  RHSA-2006:0648
    MD5: 3e5155a70b34ac63d2e8f78c36227c03
kdegraphics-devel-2.2.2-4.3.ia64.rpm
File outdated by:  RHSA-2006:0648
    MD5: 9048cccb8784a8fb03fea0be1c378c68
 

Bugs fixed (see bugzilla for more information)

135466 - CAN-2004-0803 buffer overflows in libtiff
135470 - CAN-2004-0886 multiple integer overflows in libtiff


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/