Skip to navigation

Security Advisory kdebase security fix

Advisory: RHSA-2006:0582-7
Type: Security Advisory
Severity: Low
Issued on: 2006-08-10
Last updated on: 2006-08-10
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2005-2494

Details

Updated kdebase packages that resolve several bugs are now available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

The kdebase packages provide the core applications for KDE, the K Desktop
Environment. These core packages include the file manager Konqueror.

Ilja van Sprundel discovered a lock file handling flaw in kcheckpass. If
the directory /var/lock is writable by a user who is allowed to run
kcheckpass, that user could gain root privileges. In Red Hat Enterprise
Linux, the /var/lock directory is not writable by users and therefore this
flaw could only have been exploited if the permissions on that directory
have been badly configured. A patch to block this issue has been included
in this update. (CVE-2005-2494)

The following bugs have also been addressed:

- kstart --tosystray does not send the window to the system tray in Kicker

- When the customer enters or selects URLs in Firefox's address field, the
desktop freezes for a couple of seconds

- fish kioslave is broken on 64-bit systems

All users of kdebase should upgrade to these updated packages, which
contain patches to resolve these issues.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Desktop (v. 4)

SRPMS:
kdebase-3.3.1-5.13.src.rpm
File outdated by:  RHSA-2010:0348
    MD5: 30a7dc95f125733b10dc0bf84095fd7f
 
IA-32:
kdebase-3.3.1-5.13.i386.rpm
File outdated by:  RHSA-2010:0348
    MD5: a683a46db550b17cd26cd6bc074e0a06
kdebase-devel-3.3.1-5.13.i386.rpm
File outdated by:  RHSA-2010:0348
    MD5: 6d94c8d2219b392fd88089668c7f7010
 
x86_64:
kdebase-3.3.1-5.13.i386.rpm
File outdated by:  RHSA-2010:0348
    MD5: a683a46db550b17cd26cd6bc074e0a06
kdebase-3.3.1-5.13.x86_64.rpm
File outdated by:  RHSA-2010:0348
    MD5: a2db1aad4a320cd604efdf130d6b8db2
kdebase-devel-3.3.1-5.13.x86_64.rpm
File outdated by:  RHSA-2010:0348
    MD5: e2ddabc84ca64088a6fc9817756f7911
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
kdebase-3.3.1-5.13.src.rpm
File outdated by:  RHSA-2010:0348
    MD5: 30a7dc95f125733b10dc0bf84095fd7f
 
IA-32:
kdebase-3.3.1-5.13.i386.rpm
File outdated by:  RHSA-2010:0348
    MD5: a683a46db550b17cd26cd6bc074e0a06
kdebase-devel-3.3.1-5.13.i386.rpm
File outdated by:  RHSA-2010:0348
    MD5: 6d94c8d2219b392fd88089668c7f7010
 
IA-64:
kdebase-3.3.1-5.13.i386.rpm
File outdated by:  RHSA-2010:0348
    MD5: a683a46db550b17cd26cd6bc074e0a06
kdebase-3.3.1-5.13.ia64.rpm
File outdated by:  RHSA-2010:0348
    MD5: da03501559c51979e3f7e630e80e8e25
kdebase-devel-3.3.1-5.13.ia64.rpm
File outdated by:  RHSA-2010:0348
    MD5: 96cc50480f9e8a7256fd9bf8e02fafab
 
PPC:
kdebase-3.3.1-5.13.ppc.rpm
File outdated by:  RHSA-2010:0348
    MD5: 0e13fd2c7d50c005c01b777256361e97
kdebase-3.3.1-5.13.ppc64.rpm
File outdated by:  RHSA-2010:0348
    MD5: 33fdc248c7e8f284eee9df46c6fd074f
kdebase-devel-3.3.1-5.13.ppc.rpm
File outdated by:  RHSA-2010:0348
    MD5: 73e9a088e803778702ccd92bf579933c
 
s390:
kdebase-3.3.1-5.13.s390.rpm
File outdated by:  RHSA-2010:0348
    MD5: a3716cdb289ea6a81039b9be606587c8
kdebase-devel-3.3.1-5.13.s390.rpm
File outdated by:  RHSA-2010:0348
    MD5: 4200af840ddda1504e5fe28dbd721a9a
 
s390x:
kdebase-3.3.1-5.13.s390.rpm
File outdated by:  RHSA-2010:0348
    MD5: a3716cdb289ea6a81039b9be606587c8
kdebase-3.3.1-5.13.s390x.rpm
File outdated by:  RHSA-2010:0348
    MD5: dfe54aae8c9b764927f1f3de7be19519
kdebase-devel-3.3.1-5.13.s390x.rpm
File outdated by:  RHSA-2010:0348
    MD5: 075565f82bdd59bb2ff7082f4abf9b81
 
x86_64:
kdebase-3.3.1-5.13.i386.rpm
File outdated by:  RHSA-2010:0348
    MD5: a683a46db550b17cd26cd6bc074e0a06
kdebase-3.3.1-5.13.x86_64.rpm
File outdated by:  RHSA-2010:0348
    MD5: a2db1aad4a320cd604efdf130d6b8db2
kdebase-devel-3.3.1-5.13.x86_64.rpm
File outdated by:  RHSA-2010:0348
    MD5: e2ddabc84ca64088a6fc9817756f7911
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
kdebase-3.3.1-5.13.src.rpm
File outdated by:  RHSA-2010:0348
    MD5: 30a7dc95f125733b10dc0bf84095fd7f
 
IA-32:
kdebase-3.3.1-5.13.i386.rpm
File outdated by:  RHSA-2010:0348
    MD5: a683a46db550b17cd26cd6bc074e0a06
kdebase-devel-3.3.1-5.13.i386.rpm
File outdated by:  RHSA-2010:0348
    MD5: 6d94c8d2219b392fd88089668c7f7010
 
IA-64:
kdebase-3.3.1-5.13.i386.rpm
File outdated by:  RHSA-2010:0348
    MD5: a683a46db550b17cd26cd6bc074e0a06
kdebase-3.3.1-5.13.ia64.rpm
File outdated by:  RHSA-2010:0348
    MD5: da03501559c51979e3f7e630e80e8e25
kdebase-devel-3.3.1-5.13.ia64.rpm
File outdated by:  RHSA-2010:0348
    MD5: 96cc50480f9e8a7256fd9bf8e02fafab
 
x86_64:
kdebase-3.3.1-5.13.i386.rpm
File outdated by:  RHSA-2010:0348
    MD5: a683a46db550b17cd26cd6bc074e0a06
kdebase-3.3.1-5.13.x86_64.rpm
File outdated by:  RHSA-2010:0348
    MD5: a2db1aad4a320cd604efdf130d6b8db2
kdebase-devel-3.3.1-5.13.x86_64.rpm
File outdated by:  RHSA-2010:0348
    MD5: e2ddabc84ca64088a6fc9817756f7911
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
kdebase-3.3.1-5.13.src.rpm
File outdated by:  RHSA-2010:0348
    MD5: 30a7dc95f125733b10dc0bf84095fd7f
 
IA-32:
kdebase-3.3.1-5.13.i386.rpm
File outdated by:  RHSA-2010:0348
    MD5: a683a46db550b17cd26cd6bc074e0a06
kdebase-devel-3.3.1-5.13.i386.rpm
File outdated by:  RHSA-2010:0348
    MD5: 6d94c8d2219b392fd88089668c7f7010
 
IA-64:
kdebase-3.3.1-5.13.i386.rpm
File outdated by:  RHSA-2010:0348
    MD5: a683a46db550b17cd26cd6bc074e0a06
kdebase-3.3.1-5.13.ia64.rpm
File outdated by:  RHSA-2010:0348
    MD5: da03501559c51979e3f7e630e80e8e25
kdebase-devel-3.3.1-5.13.ia64.rpm
File outdated by:  RHSA-2010:0348
    MD5: 96cc50480f9e8a7256fd9bf8e02fafab
 
x86_64:
kdebase-3.3.1-5.13.i386.rpm
File outdated by:  RHSA-2010:0348
    MD5: a683a46db550b17cd26cd6bc074e0a06
kdebase-3.3.1-5.13.x86_64.rpm
File outdated by:  RHSA-2010:0348
    MD5: a2db1aad4a320cd604efdf130d6b8db2
kdebase-devel-3.3.1-5.13.x86_64.rpm
File outdated by:  RHSA-2010:0348
    MD5: e2ddabc84ca64088a6fc9817756f7911
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

166995 - CVE-2005-2494 kcheckpass privilege escalation


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/