Skip to navigation

Security Advisory kdebase security update

Advisory: RHSA-2006:0548-5
Type: Security Advisory
Severity: Important
Issued on: 2006-06-14
Last updated on: 2006-06-26
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2006-2449

Details

Updated kdebase packages that correct a security flaw in kdm are now
available for Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

The kdebase packages provide the core applications for KDE, the K Desktop
Environment. These core packages include the KDE Display Manager (KDM).

Ludwig Nussel discovered a flaw in KDM. A malicious local KDM user could
use a symlink attack to read an arbitrary file that they would not normally
have permissions to read. (CVE-2006-2449)

Note: this issue does not affect the version of KDM as shipped with Red Hat
Enterprise Linux 2.1 or 3.

All users of KDM should upgrade to these updated packages which contain a
backported patch to correct this issue.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Desktop (v. 4)

SRPMS:
kdebase-3.3.1-5.12.src.rpm
File outdated by:  RHSA-2010:0348
    MD5: 493652aa8e8c177a5413507b2575f8c0
 
IA-32:
kdebase-3.3.1-5.12.i386.rpm
File outdated by:  RHSA-2010:0348
    MD5: 783d1f963e34f1e33bd25f708b399b99
kdebase-devel-3.3.1-5.12.i386.rpm
File outdated by:  RHSA-2010:0348
    MD5: 904d168f890da4f21508fe358d146b17
 
x86_64:
kdebase-3.3.1-5.12.i386.rpm
File outdated by:  RHSA-2010:0348
    MD5: 783d1f963e34f1e33bd25f708b399b99
kdebase-3.3.1-5.12.x86_64.rpm
File outdated by:  RHSA-2010:0348
    MD5: 12750a61fe65ddd1ecd7ab903bd0bc1a
kdebase-devel-3.3.1-5.12.x86_64.rpm
File outdated by:  RHSA-2010:0348
    MD5: e73c2b102519b66cbd03d612c1bdcef3
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
kdebase-3.3.1-5.12.src.rpm
File outdated by:  RHSA-2010:0348
    MD5: 493652aa8e8c177a5413507b2575f8c0
 
IA-32:
kdebase-3.3.1-5.12.i386.rpm
File outdated by:  RHSA-2010:0348
    MD5: 783d1f963e34f1e33bd25f708b399b99
kdebase-devel-3.3.1-5.12.i386.rpm
File outdated by:  RHSA-2010:0348
    MD5: 904d168f890da4f21508fe358d146b17
 
IA-64:
kdebase-3.3.1-5.12.i386.rpm
File outdated by:  RHSA-2010:0348
    MD5: 783d1f963e34f1e33bd25f708b399b99
kdebase-3.3.1-5.12.ia64.rpm
File outdated by:  RHSA-2010:0348
    MD5: 417c771330db7cc80278219112daa6cd
kdebase-devel-3.3.1-5.12.ia64.rpm
File outdated by:  RHSA-2010:0348
    MD5: 59ad6330dfa63d0eac17e250a976eb3c
 
PPC:
kdebase-3.3.1-5.12.ppc.rpm
File outdated by:  RHSA-2010:0348
    MD5: a5a61abe832e7bb9c124ad13b87ca1a9
kdebase-3.3.1-5.12.ppc64.rpm
File outdated by:  RHSA-2010:0348
    MD5: 23318ff73eaf52c1f578a01b4d939a02
kdebase-devel-3.3.1-5.12.ppc.rpm
File outdated by:  RHSA-2010:0348
    MD5: 3ed13abbd6dcdb4e22f2cc7f3c95e508
 
s390:
kdebase-3.3.1-5.12.s390.rpm
File outdated by:  RHSA-2010:0348
    MD5: 5d985202e89698cadb2fa5543538ec44
kdebase-devel-3.3.1-5.12.s390.rpm
File outdated by:  RHSA-2010:0348
    MD5: cf5021dbd08326f5b7880b98e4fd2d22
 
s390x:
kdebase-3.3.1-5.12.s390.rpm
File outdated by:  RHSA-2010:0348
    MD5: 5d985202e89698cadb2fa5543538ec44
kdebase-3.3.1-5.12.s390x.rpm
File outdated by:  RHSA-2010:0348
    MD5: fd7276e1c85fd2d14c1c2fa84a5c2958
kdebase-devel-3.3.1-5.12.s390x.rpm
File outdated by:  RHSA-2010:0348
    MD5: bb4347afbfd01e4a24acbf68579eb45c
 
x86_64:
kdebase-3.3.1-5.12.i386.rpm
File outdated by:  RHSA-2010:0348
    MD5: 783d1f963e34f1e33bd25f708b399b99
kdebase-3.3.1-5.12.x86_64.rpm
File outdated by:  RHSA-2010:0348
    MD5: 12750a61fe65ddd1ecd7ab903bd0bc1a
kdebase-devel-3.3.1-5.12.x86_64.rpm
File outdated by:  RHSA-2010:0348
    MD5: e73c2b102519b66cbd03d612c1bdcef3
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
kdebase-3.3.1-5.12.src.rpm
File outdated by:  RHSA-2010:0348
    MD5: 493652aa8e8c177a5413507b2575f8c0
 
IA-32:
kdebase-3.3.1-5.12.i386.rpm
File outdated by:  RHSA-2010:0348
    MD5: 783d1f963e34f1e33bd25f708b399b99
kdebase-devel-3.3.1-5.12.i386.rpm
File outdated by:  RHSA-2010:0348
    MD5: 904d168f890da4f21508fe358d146b17
 
IA-64:
kdebase-3.3.1-5.12.i386.rpm
File outdated by:  RHSA-2010:0348
    MD5: 783d1f963e34f1e33bd25f708b399b99
kdebase-3.3.1-5.12.ia64.rpm
File outdated by:  RHSA-2010:0348
    MD5: 417c771330db7cc80278219112daa6cd
kdebase-devel-3.3.1-5.12.ia64.rpm
File outdated by:  RHSA-2010:0348
    MD5: 59ad6330dfa63d0eac17e250a976eb3c
 
x86_64:
kdebase-3.3.1-5.12.i386.rpm
File outdated by:  RHSA-2010:0348
    MD5: 783d1f963e34f1e33bd25f708b399b99
kdebase-3.3.1-5.12.x86_64.rpm
File outdated by:  RHSA-2010:0348
    MD5: 12750a61fe65ddd1ecd7ab903bd0bc1a
kdebase-devel-3.3.1-5.12.x86_64.rpm
File outdated by:  RHSA-2010:0348
    MD5: e73c2b102519b66cbd03d612c1bdcef3
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
kdebase-3.3.1-5.12.src.rpm
File outdated by:  RHSA-2010:0348
    MD5: 493652aa8e8c177a5413507b2575f8c0
 
IA-32:
kdebase-3.3.1-5.12.i386.rpm
File outdated by:  RHSA-2010:0348
    MD5: 783d1f963e34f1e33bd25f708b399b99
kdebase-devel-3.3.1-5.12.i386.rpm
File outdated by:  RHSA-2010:0348
    MD5: 904d168f890da4f21508fe358d146b17
 
IA-64:
kdebase-3.3.1-5.12.i386.rpm
File outdated by:  RHSA-2010:0348
    MD5: 783d1f963e34f1e33bd25f708b399b99
kdebase-3.3.1-5.12.ia64.rpm
File outdated by:  RHSA-2010:0348
    MD5: 417c771330db7cc80278219112daa6cd
kdebase-devel-3.3.1-5.12.ia64.rpm
File outdated by:  RHSA-2010:0348
    MD5: 59ad6330dfa63d0eac17e250a976eb3c
 
x86_64:
kdebase-3.3.1-5.12.i386.rpm
File outdated by:  RHSA-2010:0348
    MD5: 783d1f963e34f1e33bd25f708b399b99
kdebase-3.3.1-5.12.x86_64.rpm
File outdated by:  RHSA-2010:0348
    MD5: 12750a61fe65ddd1ecd7ab903bd0bc1a
kdebase-devel-3.3.1-5.12.x86_64.rpm
File outdated by:  RHSA-2010:0348
    MD5: e73c2b102519b66cbd03d612c1bdcef3
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

194581 - CVE-2006-2449 kdm file disclosure


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/