Skip to navigation

Security Advisory Moderate: kdebase security update

Advisory: RHSA-2007:0905-4
Type: Security Advisory
Severity: Moderate
Issued on: 2007-10-08
Last updated on: 2007-10-08
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.5.z)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.5.z)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2007-3820
CVE-2007-4224
CVE-2007-4569

Details

Updated kdebase packages that resolve several security flaws are now
available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having moderate security impact by the Red Hat
Security Response Team.

The kdebase packages provide the core applications for KDE, the K Desktop
Environment. These core packages include Konqueror, the web browser and
file manager.

These updated packages address the following vulnerabilities:

Kees Huijgen found a flaw in the way KDM handled logins when autologin and
"shutdown with password" were enabled. A local user would have been able
to login via KDM as any user without requiring a password. (CVE-2007-4569)

Two Konqueror address spoofing flaws were discovered. A malicious web site
could spoof the Konqueror address bar, tricking a victim into believing the
page was from a different site. (CVE-2007-3820, CVE-2007-4224)

Users of KDE should upgrade to these updated packages, which contain
backported patches to correct these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
kdebase-3.5.4-15.el5.src.rpm
File outdated by:  RHBA-2012:1177
    MD5: aa0b359a47ff978b465d54bee7650895
 
IA-32:
kdebase-devel-3.5.4-15.el5.i386.rpm
File outdated by:  RHBA-2012:1177
    MD5: e67261c295813b9f51d3534de4617a46
 
x86_64:
kdebase-devel-3.5.4-15.el5.i386.rpm
File outdated by:  RHBA-2012:1177
    MD5: e67261c295813b9f51d3534de4617a46
kdebase-devel-3.5.4-15.el5.x86_64.rpm
File outdated by:  RHBA-2012:1177
    MD5: 5c0aef38590702d9b9c13cab87b4ba4e
 
Red Hat Desktop (v. 4)

SRPMS:
kdebase-3.3.1-6.el4.src.rpm
File outdated by:  RHSA-2010:0348
    MD5: 0e7a33a2e43f2cd507e2c699ed182e77
 
IA-32:
kdebase-3.3.1-6.el4.i386.rpm
File outdated by:  RHSA-2010:0348
    MD5: 4293f4d3f0e1168e29dfab6257655dd9
kdebase-devel-3.3.1-6.el4.i386.rpm
File outdated by:  RHSA-2010:0348
    MD5: 6ae3e11f0b1762380e73d91d8bd52805
 
x86_64:
kdebase-3.3.1-6.el4.i386.rpm
File outdated by:  RHSA-2010:0348
    MD5: 4293f4d3f0e1168e29dfab6257655dd9
kdebase-3.3.1-6.el4.x86_64.rpm
File outdated by:  RHSA-2010:0348
    MD5: 2e88800d1b84083080172915aa66e4b5
kdebase-devel-3.3.1-6.el4.x86_64.rpm
File outdated by:  RHSA-2010:0348
    MD5: ead5a943fd891d92cb7dc68bcef7826b
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
kdebase-3.5.4-15.el5.src.rpm
File outdated by:  RHBA-2012:1177
    MD5: aa0b359a47ff978b465d54bee7650895
 
IA-32:
kdebase-3.5.4-15.el5.i386.rpm
File outdated by:  RHBA-2012:1177
    MD5: bf677edbe1fdcf6a4ece9c584d93b8ef
kdebase-devel-3.5.4-15.el5.i386.rpm
File outdated by:  RHBA-2012:1177
    MD5: e67261c295813b9f51d3534de4617a46
 
IA-64:
kdebase-3.5.4-15.el5.ia64.rpm
File outdated by:  RHBA-2012:1177
    MD5: 94ddb56d1e0170014e7274211f0f5813
kdebase-devel-3.5.4-15.el5.ia64.rpm
File outdated by:  RHBA-2012:1177
    MD5: 842fc8df4d585792f2d03102385e8cef
 
PPC:
kdebase-3.5.4-15.el5.ppc.rpm
File outdated by:  RHBA-2012:1177
    MD5: a596dcc157092602ba35a6e926c196cf
kdebase-3.5.4-15.el5.ppc64.rpm
File outdated by:  RHBA-2012:1177
    MD5: d8f78019b7b79bdc75a44a1ae2089fac
kdebase-devel-3.5.4-15.el5.ppc.rpm
File outdated by:  RHBA-2012:1177
    MD5: d6ab4becd323dbfc9ca5bad7c6827e87
kdebase-devel-3.5.4-15.el5.ppc64.rpm
File outdated by:  RHBA-2012:1177
    MD5: acbe4ebcb7c6b4b9c2a858af9b314caa
 
s390x:
kdebase-3.5.4-15.el5.s390.rpm
File outdated by:  RHBA-2012:1177
    MD5: 3e9d1752110a82c727e41ffadf4c2cea
kdebase-3.5.4-15.el5.s390x.rpm
File outdated by:  RHBA-2012:1177
    MD5: 8fa7bf1d8ccb6a1646a0ee2c05e2c54d
kdebase-devel-3.5.4-15.el5.s390.rpm
File outdated by:  RHBA-2012:1177
    MD5: cc6726d7eebcd9e1cc9811cf2b8b8661
kdebase-devel-3.5.4-15.el5.s390x.rpm
File outdated by:  RHBA-2012:1177
    MD5: c6d4567f015a6d31010c3724060d1fcb
 
x86_64:
kdebase-3.5.4-15.el5.i386.rpm
File outdated by:  RHBA-2012:1177
    MD5: bf677edbe1fdcf6a4ece9c584d93b8ef
kdebase-3.5.4-15.el5.x86_64.rpm
File outdated by:  RHBA-2012:1177
    MD5: 333546f51e787502de426209747feb79
kdebase-devel-3.5.4-15.el5.i386.rpm
File outdated by:  RHBA-2012:1177
    MD5: e67261c295813b9f51d3534de4617a46
kdebase-devel-3.5.4-15.el5.x86_64.rpm
File outdated by:  RHBA-2012:1177
    MD5: 5c0aef38590702d9b9c13cab87b4ba4e
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
kdebase-3.3.1-6.el4.src.rpm
File outdated by:  RHSA-2010:0348
    MD5: 0e7a33a2e43f2cd507e2c699ed182e77
 
IA-32:
kdebase-3.3.1-6.el4.i386.rpm
File outdated by:  RHSA-2010:0348
    MD5: 4293f4d3f0e1168e29dfab6257655dd9
kdebase-devel-3.3.1-6.el4.i386.rpm
File outdated by:  RHSA-2010:0348
    MD5: 6ae3e11f0b1762380e73d91d8bd52805
 
IA-64:
kdebase-3.3.1-6.el4.i386.rpm
File outdated by:  RHSA-2010:0348
    MD5: 4293f4d3f0e1168e29dfab6257655dd9
kdebase-3.3.1-6.el4.ia64.rpm
File outdated by:  RHSA-2010:0348
    MD5: 4080c57c9d0eb829bba52d586050b9f7
kdebase-devel-3.3.1-6.el4.ia64.rpm
File outdated by:  RHSA-2010:0348
    MD5: bca85b0ad189043614ac62ce158cd9a1
 
PPC:
kdebase-3.3.1-6.el4.ppc.rpm
File outdated by:  RHSA-2010:0348
    MD5: 797edcbc95370892dd9de67764fcebff
kdebase-3.3.1-6.el4.ppc64.rpm
File outdated by:  RHSA-2010:0348
    MD5: d291ff830e08e407b915498c4d2bec11
kdebase-devel-3.3.1-6.el4.ppc.rpm
File outdated by:  RHSA-2010:0348
    MD5: 02d25dc71e3b286b9d70fb906547c1ee
 
s390:
kdebase-3.3.1-6.el4.s390.rpm
File outdated by:  RHSA-2010:0348
    MD5: a6259b08ab051eb436f5908fe14f5f24
kdebase-devel-3.3.1-6.el4.s390.rpm
File outdated by:  RHSA-2010:0348
    MD5: 6f74b509c6ba0e588d3006158dc9d51f
 
s390x:
kdebase-3.3.1-6.el4.s390.rpm
File outdated by:  RHSA-2010:0348
    MD5: a6259b08ab051eb436f5908fe14f5f24
kdebase-3.3.1-6.el4.s390x.rpm
File outdated by:  RHSA-2010:0348
    MD5: 9b24c7ebbe3757844be4afb6764f90ce
kdebase-devel-3.3.1-6.el4.s390x.rpm
File outdated by:  RHSA-2010:0348
    MD5: b488fe840b23130fcb83a964a632c04e
 
x86_64:
kdebase-3.3.1-6.el4.i386.rpm
File outdated by:  RHSA-2010:0348
    MD5: 4293f4d3f0e1168e29dfab6257655dd9
kdebase-3.3.1-6.el4.x86_64.rpm
File outdated by:  RHSA-2010:0348
    MD5: 2e88800d1b84083080172915aa66e4b5
kdebase-devel-3.3.1-6.el4.x86_64.rpm
File outdated by:  RHSA-2010:0348
    MD5: ead5a943fd891d92cb7dc68bcef7826b
 
Red Hat Enterprise Linux AS (v. 4.5.z)

SRPMS:
kdebase-3.3.1-6.el4.src.rpm
File outdated by:  RHSA-2010:0348
    MD5: 0e7a33a2e43f2cd507e2c699ed182e77
 
IA-32:
kdebase-3.3.1-6.el4.i386.rpm     MD5: 4293f4d3f0e1168e29dfab6257655dd9
kdebase-devel-3.3.1-6.el4.i386.rpm     MD5: 6ae3e11f0b1762380e73d91d8bd52805
 
IA-64:
kdebase-3.3.1-6.el4.i386.rpm     MD5: 4293f4d3f0e1168e29dfab6257655dd9
kdebase-3.3.1-6.el4.ia64.rpm     MD5: 4080c57c9d0eb829bba52d586050b9f7
kdebase-devel-3.3.1-6.el4.ia64.rpm     MD5: bca85b0ad189043614ac62ce158cd9a1
 
PPC:
kdebase-3.3.1-6.el4.ppc.rpm     MD5: 797edcbc95370892dd9de67764fcebff
kdebase-3.3.1-6.el4.ppc64.rpm     MD5: d291ff830e08e407b915498c4d2bec11
kdebase-devel-3.3.1-6.el4.ppc.rpm     MD5: 02d25dc71e3b286b9d70fb906547c1ee
 
s390:
kdebase-3.3.1-6.el4.s390.rpm     MD5: a6259b08ab051eb436f5908fe14f5f24
kdebase-devel-3.3.1-6.el4.s390.rpm     MD5: 6f74b509c6ba0e588d3006158dc9d51f
 
s390x:
kdebase-3.3.1-6.el4.s390.rpm     MD5: a6259b08ab051eb436f5908fe14f5f24
kdebase-3.3.1-6.el4.s390x.rpm     MD5: 9b24c7ebbe3757844be4afb6764f90ce
kdebase-devel-3.3.1-6.el4.s390x.rpm     MD5: b488fe840b23130fcb83a964a632c04e
 
x86_64:
kdebase-3.3.1-6.el4.i386.rpm     MD5: 4293f4d3f0e1168e29dfab6257655dd9
kdebase-3.3.1-6.el4.x86_64.rpm     MD5: 2e88800d1b84083080172915aa66e4b5
kdebase-devel-3.3.1-6.el4.x86_64.rpm     MD5: ead5a943fd891d92cb7dc68bcef7826b
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
kdebase-3.5.4-15.el5.src.rpm
File outdated by:  RHBA-2012:1177
    MD5: aa0b359a47ff978b465d54bee7650895
 
IA-32:
kdebase-3.5.4-15.el5.i386.rpm
File outdated by:  RHBA-2012:1177
    MD5: bf677edbe1fdcf6a4ece9c584d93b8ef
 
x86_64:
kdebase-3.5.4-15.el5.i386.rpm
File outdated by:  RHBA-2012:1177
    MD5: bf677edbe1fdcf6a4ece9c584d93b8ef
kdebase-3.5.4-15.el5.x86_64.rpm
File outdated by:  RHBA-2012:1177
    MD5: 333546f51e787502de426209747feb79
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
kdebase-3.3.1-6.el4.src.rpm
File outdated by:  RHSA-2010:0348
    MD5: 0e7a33a2e43f2cd507e2c699ed182e77
 
IA-32:
kdebase-3.3.1-6.el4.i386.rpm
File outdated by:  RHSA-2010:0348
    MD5: 4293f4d3f0e1168e29dfab6257655dd9
kdebase-devel-3.3.1-6.el4.i386.rpm
File outdated by:  RHSA-2010:0348
    MD5: 6ae3e11f0b1762380e73d91d8bd52805
 
IA-64:
kdebase-3.3.1-6.el4.i386.rpm
File outdated by:  RHSA-2010:0348
    MD5: 4293f4d3f0e1168e29dfab6257655dd9
kdebase-3.3.1-6.el4.ia64.rpm
File outdated by:  RHSA-2010:0348
    MD5: 4080c57c9d0eb829bba52d586050b9f7
kdebase-devel-3.3.1-6.el4.ia64.rpm
File outdated by:  RHSA-2010:0348
    MD5: bca85b0ad189043614ac62ce158cd9a1
 
x86_64:
kdebase-3.3.1-6.el4.i386.rpm
File outdated by:  RHSA-2010:0348
    MD5: 4293f4d3f0e1168e29dfab6257655dd9
kdebase-3.3.1-6.el4.x86_64.rpm
File outdated by:  RHSA-2010:0348
    MD5: 2e88800d1b84083080172915aa66e4b5
kdebase-devel-3.3.1-6.el4.x86_64.rpm
File outdated by:  RHSA-2010:0348
    MD5: ead5a943fd891d92cb7dc68bcef7826b
 
Red Hat Enterprise Linux ES (v. 4.5.z)

SRPMS:
kdebase-3.3.1-6.el4.src.rpm
File outdated by:  RHSA-2010:0348
    MD5: 0e7a33a2e43f2cd507e2c699ed182e77
 
IA-32:
kdebase-3.3.1-6.el4.i386.rpm     MD5: 4293f4d3f0e1168e29dfab6257655dd9
kdebase-devel-3.3.1-6.el4.i386.rpm     MD5: 6ae3e11f0b1762380e73d91d8bd52805
 
IA-64:
kdebase-3.3.1-6.el4.i386.rpm     MD5: 4293f4d3f0e1168e29dfab6257655dd9
kdebase-3.3.1-6.el4.ia64.rpm     MD5: 4080c57c9d0eb829bba52d586050b9f7
kdebase-devel-3.3.1-6.el4.ia64.rpm     MD5: bca85b0ad189043614ac62ce158cd9a1
 
x86_64:
kdebase-3.3.1-6.el4.i386.rpm     MD5: 4293f4d3f0e1168e29dfab6257655dd9
kdebase-3.3.1-6.el4.x86_64.rpm     MD5: 2e88800d1b84083080172915aa66e4b5
kdebase-devel-3.3.1-6.el4.x86_64.rpm     MD5: ead5a943fd891d92cb7dc68bcef7826b
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
kdebase-3.3.1-6.el4.src.rpm
File outdated by:  RHSA-2010:0348
    MD5: 0e7a33a2e43f2cd507e2c699ed182e77
 
IA-32:
kdebase-3.3.1-6.el4.i386.rpm
File outdated by:  RHSA-2010:0348
    MD5: 4293f4d3f0e1168e29dfab6257655dd9
kdebase-devel-3.3.1-6.el4.i386.rpm
File outdated by:  RHSA-2010:0348
    MD5: 6ae3e11f0b1762380e73d91d8bd52805
 
IA-64:
kdebase-3.3.1-6.el4.i386.rpm
File outdated by:  RHSA-2010:0348
    MD5: 4293f4d3f0e1168e29dfab6257655dd9
kdebase-3.3.1-6.el4.ia64.rpm
File outdated by:  RHSA-2010:0348
    MD5: 4080c57c9d0eb829bba52d586050b9f7
kdebase-devel-3.3.1-6.el4.ia64.rpm
File outdated by:  RHSA-2010:0348
    MD5: bca85b0ad189043614ac62ce158cd9a1
 
x86_64:
kdebase-3.3.1-6.el4.i386.rpm
File outdated by:  RHSA-2010:0348
    MD5: 4293f4d3f0e1168e29dfab6257655dd9
kdebase-3.3.1-6.el4.x86_64.rpm
File outdated by:  RHSA-2010:0348
    MD5: 2e88800d1b84083080172915aa66e4b5
kdebase-devel-3.3.1-6.el4.x86_64.rpm
File outdated by:  RHSA-2010:0348
    MD5: ead5a943fd891d92cb7dc68bcef7826b
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

248537 - CVE-2007-3820 Spoofing of URI possible in Konqueror's address bar
251708 - CVE-2007-4224 URL spoof in address bar
287311 - CVE-2007-4569 kdm password-less login vulnerability


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/