Skip to navigation

Security Advisory Important: kdenetwork security update

Advisory: RHSA-2011:0465-1
Type: Security Advisory
Severity: Important
Issued on: 2011-04-21
Last updated on: 2011-04-21
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server EUS (v. 6.0.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2011-1586

Details

Updated kdenetwork packages that fix one security issue are now available
for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The kdenetwork packages contain networking applications for the K Desktop
Environment (KDE).

A directory traversal flaw was found in the way KGet, a download manager,
handled the "file" element in Metalink files. An attacker could use this
flaw to create a specially-crafted Metalink file that, when opened, would
cause KGet to overwrite arbitrary files accessible to the user running
KGet. (CVE-2011-1586)

Users of kdenetwork should upgrade to these updated packages, which contain
a backported patch to resolve this issue. The desktop must be restarted
(log out, then log back in) for this update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
kdenetwork-4.3.4-11.el6_0.1.src.rpm     MD5: 691e5eced683204eccb426b07026cbe1
SHA-256: 6ea5ff6ed003e87ba27c0f571ffefc839250bfc2737ebe44ba84963e4a902c99
 
IA-32:
kdenetwork-4.3.4-11.el6_0.1.i686.rpm     MD5: a6f0d0819dccbfa54dde9d70903c2e99
SHA-256: 9333649b70fc97ecb19408bf162fc3b7606c7eb582700f367540f84db501b5a5
kdenetwork-debuginfo-4.3.4-11.el6_0.1.i686.rpm     MD5: dc157983b02318fb2929a31dbc6e7123
SHA-256: fa9306b0bf5a790bc649e917dd4d2cd0e341ca60ab5c2959c4bc4846bb9da8ba
kdenetwork-devel-4.3.4-11.el6_0.1.i686.rpm     MD5: 6ab68f188e0def094278d72f1bd31692
SHA-256: 01371fe5fc0a7865f77cbd5f104ef10a4eb69e94af251c8c3cbd2e7f8168422b
kdenetwork-libs-4.3.4-11.el6_0.1.i686.rpm     MD5: da396bbdf366b92511e786d569bcf33b
SHA-256: c5be0e56220204dbc4ec56eacb78258652a2715f703de5b5f409337ff9e9accf
 
x86_64:
kdenetwork-4.3.4-11.el6_0.1.x86_64.rpm     MD5: fc7bb92fa3cebe7bafa897cc2700516a
SHA-256: 1ec971fc7e0485d89b3446d1f029ff37535921ed80fb7d1baed1bde64d2317cc
kdenetwork-debuginfo-4.3.4-11.el6_0.1.i686.rpm     MD5: dc157983b02318fb2929a31dbc6e7123
SHA-256: fa9306b0bf5a790bc649e917dd4d2cd0e341ca60ab5c2959c4bc4846bb9da8ba
kdenetwork-debuginfo-4.3.4-11.el6_0.1.x86_64.rpm     MD5: 03249fea3e956c0c562c87336be409d6
SHA-256: a06f65b36c1921502da7d0f63c7716ab08f1da2d4798d9fc5f0119834e8452df
kdenetwork-devel-4.3.4-11.el6_0.1.i686.rpm     MD5: 6ab68f188e0def094278d72f1bd31692
SHA-256: 01371fe5fc0a7865f77cbd5f104ef10a4eb69e94af251c8c3cbd2e7f8168422b
kdenetwork-devel-4.3.4-11.el6_0.1.x86_64.rpm     MD5: b410d16ed69bf0b73522c016455a6e5a
SHA-256: 057b182f96af0770e8c8cdf038958884b7f1ac4173577cdc6fd8b6057c4c4c9e
kdenetwork-libs-4.3.4-11.el6_0.1.i686.rpm     MD5: da396bbdf366b92511e786d569bcf33b
SHA-256: c5be0e56220204dbc4ec56eacb78258652a2715f703de5b5f409337ff9e9accf
kdenetwork-libs-4.3.4-11.el6_0.1.x86_64.rpm     MD5: 438f6e96593f4b9711d756d7790c7914
SHA-256: e39b03f901be1c5d97a89ff336aa742b7daa964f12601bfce207f8a0277ab258
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
kdenetwork-4.3.4-11.el6_0.1.src.rpm     MD5: 691e5eced683204eccb426b07026cbe1
SHA-256: 6ea5ff6ed003e87ba27c0f571ffefc839250bfc2737ebe44ba84963e4a902c99
 
IA-32:
kdenetwork-4.3.4-11.el6_0.1.i686.rpm     MD5: a6f0d0819dccbfa54dde9d70903c2e99
SHA-256: 9333649b70fc97ecb19408bf162fc3b7606c7eb582700f367540f84db501b5a5
kdenetwork-debuginfo-4.3.4-11.el6_0.1.i686.rpm     MD5: dc157983b02318fb2929a31dbc6e7123
SHA-256: fa9306b0bf5a790bc649e917dd4d2cd0e341ca60ab5c2959c4bc4846bb9da8ba
kdenetwork-devel-4.3.4-11.el6_0.1.i686.rpm     MD5: 6ab68f188e0def094278d72f1bd31692
SHA-256: 01371fe5fc0a7865f77cbd5f104ef10a4eb69e94af251c8c3cbd2e7f8168422b
kdenetwork-libs-4.3.4-11.el6_0.1.i686.rpm     MD5: da396bbdf366b92511e786d569bcf33b
SHA-256: c5be0e56220204dbc4ec56eacb78258652a2715f703de5b5f409337ff9e9accf
 
PPC:
kdenetwork-4.3.4-11.el6_0.1.ppc64.rpm     MD5: 6f8ee26ce8a369dfc842702b92fbe7f9
SHA-256: 35f20ac257672cb1da5927226af28540ab049dc439059f07eb4eba9ae0ad88c4
kdenetwork-debuginfo-4.3.4-11.el6_0.1.ppc.rpm     MD5: 4635ebedaa34d09b96dadc6cddc2e75e
SHA-256: f94f170450b83835800e55e0c9eeddb32aa8b0ccd1725dd621f8448aec5e8028
kdenetwork-debuginfo-4.3.4-11.el6_0.1.ppc64.rpm     MD5: 2774790011e69193d61ff2b580c43205
SHA-256: 778256fa106c4cb5a7a2af1b982ede37ab4807261613486054d9ab81a014bc43
kdenetwork-devel-4.3.4-11.el6_0.1.ppc.rpm     MD5: 67fcf58b51cded50e6e1335fd10fb4ba
SHA-256: 350997c138e88029cf2ddba6be45ac7cddef131aaded40498684c5abd6037c69
kdenetwork-devel-4.3.4-11.el6_0.1.ppc64.rpm     MD5: 63a150ff2c0acb3f5935197bdeaa4677
SHA-256: 3e11b7683c66d911d93d41708dc8e47ebe88431bbfa35cfad37fba96c7187ac3
kdenetwork-libs-4.3.4-11.el6_0.1.ppc.rpm     MD5: 043b9aea57aa45fa5fa4e0d132df9814
SHA-256: 1a44ffa748cbc4df43b9835b16c2a7024d43c628385889111b4ad20f5a1a5925
kdenetwork-libs-4.3.4-11.el6_0.1.ppc64.rpm     MD5: 0683b9fa62ea436c5004e248ad525a29
SHA-256: 328ab4376109c850f986f7dba5e683fbd2b2623339c5fae1eb2b71d49905b939
 
s390x:
kdenetwork-4.3.4-11.el6_0.1.s390x.rpm     MD5: b2a88c74c72778813de3a0956dbe0c00
SHA-256: 1d58eba036d446e958a404be2086b19df953644b6a7c2251d55e54e1c3e2929c
kdenetwork-debuginfo-4.3.4-11.el6_0.1.s390.rpm     MD5: c376995db245950e2d8578d7f5ded4ec
SHA-256: e0cc82ea490f82b00f9b978ef6e10f3ba9667680293d4cd27c47075511a27d1d
kdenetwork-debuginfo-4.3.4-11.el6_0.1.s390x.rpm     MD5: 0f187c03fbd092c5ef3e245affcc1dcd
SHA-256: d69600ad226600dcbbadee7e46450e4bf9161a3ab6ebc8208c362b0814d6a2e4
kdenetwork-devel-4.3.4-11.el6_0.1.s390.rpm     MD5: 2f0b5e2d3dc926a2b80b16fff375bb81
SHA-256: 18f595b10bae27747f96f91f757a2f42ed4a219cd4e9b90bab81f85db0b0ac23
kdenetwork-devel-4.3.4-11.el6_0.1.s390x.rpm     MD5: e72cb03476d24a9fa62244c2b96903f4
SHA-256: 7cff59afc2791f198a3506bb0e60e07a031be5b3e997b5e0b4579c120a14c8f3
kdenetwork-libs-4.3.4-11.el6_0.1.s390.rpm     MD5: e716ca7ea9e007274c5ec90f7e9eda55
SHA-256: 9686c94e4d76158f86252a4e1b9b9dc6718ef012f323d35b3576eda1d731b6ed
kdenetwork-libs-4.3.4-11.el6_0.1.s390x.rpm     MD5: f576897e23a9f8037341145d19d7fbd6
SHA-256: 0c682e48ddfa8b11667e46277693c2d9ab92e3c7b3ff75a9bfdb6e38b3556144
 
x86_64:
kdenetwork-4.3.4-11.el6_0.1.x86_64.rpm     MD5: fc7bb92fa3cebe7bafa897cc2700516a
SHA-256: 1ec971fc7e0485d89b3446d1f029ff37535921ed80fb7d1baed1bde64d2317cc
kdenetwork-debuginfo-4.3.4-11.el6_0.1.i686.rpm     MD5: dc157983b02318fb2929a31dbc6e7123
SHA-256: fa9306b0bf5a790bc649e917dd4d2cd0e341ca60ab5c2959c4bc4846bb9da8ba
kdenetwork-debuginfo-4.3.4-11.el6_0.1.x86_64.rpm     MD5: 03249fea3e956c0c562c87336be409d6
SHA-256: a06f65b36c1921502da7d0f63c7716ab08f1da2d4798d9fc5f0119834e8452df
kdenetwork-devel-4.3.4-11.el6_0.1.i686.rpm     MD5: 6ab68f188e0def094278d72f1bd31692
SHA-256: 01371fe5fc0a7865f77cbd5f104ef10a4eb69e94af251c8c3cbd2e7f8168422b
kdenetwork-devel-4.3.4-11.el6_0.1.x86_64.rpm     MD5: b410d16ed69bf0b73522c016455a6e5a
SHA-256: 057b182f96af0770e8c8cdf038958884b7f1ac4173577cdc6fd8b6057c4c4c9e
kdenetwork-libs-4.3.4-11.el6_0.1.i686.rpm     MD5: da396bbdf366b92511e786d569bcf33b
SHA-256: c5be0e56220204dbc4ec56eacb78258652a2715f703de5b5f409337ff9e9accf
kdenetwork-libs-4.3.4-11.el6_0.1.x86_64.rpm     MD5: 438f6e96593f4b9711d756d7790c7914
SHA-256: e39b03f901be1c5d97a89ff336aa742b7daa964f12601bfce207f8a0277ab258
 
Red Hat Enterprise Linux Server EUS (v. 6.0.z)

SRPMS:
kdenetwork-4.3.4-11.el6_0.1.src.rpm     MD5: 691e5eced683204eccb426b07026cbe1
SHA-256: 6ea5ff6ed003e87ba27c0f571ffefc839250bfc2737ebe44ba84963e4a902c99
 
IA-32:
kdenetwork-4.3.4-11.el6_0.1.i686.rpm     MD5: a6f0d0819dccbfa54dde9d70903c2e99
SHA-256: 9333649b70fc97ecb19408bf162fc3b7606c7eb582700f367540f84db501b5a5
kdenetwork-debuginfo-4.3.4-11.el6_0.1.i686.rpm     MD5: dc157983b02318fb2929a31dbc6e7123
SHA-256: fa9306b0bf5a790bc649e917dd4d2cd0e341ca60ab5c2959c4bc4846bb9da8ba
kdenetwork-devel-4.3.4-11.el6_0.1.i686.rpm     MD5: 6ab68f188e0def094278d72f1bd31692
SHA-256: 01371fe5fc0a7865f77cbd5f104ef10a4eb69e94af251c8c3cbd2e7f8168422b
kdenetwork-libs-4.3.4-11.el6_0.1.i686.rpm     MD5: da396bbdf366b92511e786d569bcf33b
SHA-256: c5be0e56220204dbc4ec56eacb78258652a2715f703de5b5f409337ff9e9accf
 
PPC:
kdenetwork-4.3.4-11.el6_0.1.ppc64.rpm     MD5: 6f8ee26ce8a369dfc842702b92fbe7f9
SHA-256: 35f20ac257672cb1da5927226af28540ab049dc439059f07eb4eba9ae0ad88c4
kdenetwork-debuginfo-4.3.4-11.el6_0.1.ppc.rpm     MD5: 4635ebedaa34d09b96dadc6cddc2e75e
SHA-256: f94f170450b83835800e55e0c9eeddb32aa8b0ccd1725dd621f8448aec5e8028
kdenetwork-debuginfo-4.3.4-11.el6_0.1.ppc64.rpm     MD5: 2774790011e69193d61ff2b580c43205
SHA-256: 778256fa106c4cb5a7a2af1b982ede37ab4807261613486054d9ab81a014bc43
kdenetwork-devel-4.3.4-11.el6_0.1.ppc.rpm     MD5: 67fcf58b51cded50e6e1335fd10fb4ba
SHA-256: 350997c138e88029cf2ddba6be45ac7cddef131aaded40498684c5abd6037c69
kdenetwork-devel-4.3.4-11.el6_0.1.ppc64.rpm     MD5: 63a150ff2c0acb3f5935197bdeaa4677
SHA-256: 3e11b7683c66d911d93d41708dc8e47ebe88431bbfa35cfad37fba96c7187ac3
kdenetwork-libs-4.3.4-11.el6_0.1.ppc.rpm     MD5: 043b9aea57aa45fa5fa4e0d132df9814
SHA-256: 1a44ffa748cbc4df43b9835b16c2a7024d43c628385889111b4ad20f5a1a5925
kdenetwork-libs-4.3.4-11.el6_0.1.ppc64.rpm     MD5: 0683b9fa62ea436c5004e248ad525a29
SHA-256: 328ab4376109c850f986f7dba5e683fbd2b2623339c5fae1eb2b71d49905b939
 
s390x:
kdenetwork-4.3.4-11.el6_0.1.s390x.rpm     MD5: b2a88c74c72778813de3a0956dbe0c00
SHA-256: 1d58eba036d446e958a404be2086b19df953644b6a7c2251d55e54e1c3e2929c
kdenetwork-debuginfo-4.3.4-11.el6_0.1.s390.rpm     MD5: c376995db245950e2d8578d7f5ded4ec
SHA-256: e0cc82ea490f82b00f9b978ef6e10f3ba9667680293d4cd27c47075511a27d1d
kdenetwork-debuginfo-4.3.4-11.el6_0.1.s390x.rpm     MD5: 0f187c03fbd092c5ef3e245affcc1dcd
SHA-256: d69600ad226600dcbbadee7e46450e4bf9161a3ab6ebc8208c362b0814d6a2e4
kdenetwork-devel-4.3.4-11.el6_0.1.s390.rpm     MD5: 2f0b5e2d3dc926a2b80b16fff375bb81
SHA-256: 18f595b10bae27747f96f91f757a2f42ed4a219cd4e9b90bab81f85db0b0ac23
kdenetwork-devel-4.3.4-11.el6_0.1.s390x.rpm     MD5: e72cb03476d24a9fa62244c2b96903f4
SHA-256: 7cff59afc2791f198a3506bb0e60e07a031be5b3e997b5e0b4579c120a14c8f3
kdenetwork-libs-4.3.4-11.el6_0.1.s390.rpm     MD5: e716ca7ea9e007274c5ec90f7e9eda55
SHA-256: 9686c94e4d76158f86252a4e1b9b9dc6718ef012f323d35b3576eda1d731b6ed
kdenetwork-libs-4.3.4-11.el6_0.1.s390x.rpm     MD5: f576897e23a9f8037341145d19d7fbd6
SHA-256: 0c682e48ddfa8b11667e46277693c2d9ab92e3c7b3ff75a9bfdb6e38b3556144
 
x86_64:
kdenetwork-4.3.4-11.el6_0.1.x86_64.rpm     MD5: fc7bb92fa3cebe7bafa897cc2700516a
SHA-256: 1ec971fc7e0485d89b3446d1f029ff37535921ed80fb7d1baed1bde64d2317cc
kdenetwork-debuginfo-4.3.4-11.el6_0.1.i686.rpm     MD5: dc157983b02318fb2929a31dbc6e7123
SHA-256: fa9306b0bf5a790bc649e917dd4d2cd0e341ca60ab5c2959c4bc4846bb9da8ba
kdenetwork-debuginfo-4.3.4-11.el6_0.1.x86_64.rpm     MD5: 03249fea3e956c0c562c87336be409d6
SHA-256: a06f65b36c1921502da7d0f63c7716ab08f1da2d4798d9fc5f0119834e8452df
kdenetwork-devel-4.3.4-11.el6_0.1.i686.rpm     MD5: 6ab68f188e0def094278d72f1bd31692
SHA-256: 01371fe5fc0a7865f77cbd5f104ef10a4eb69e94af251c8c3cbd2e7f8168422b
kdenetwork-devel-4.3.4-11.el6_0.1.x86_64.rpm     MD5: b410d16ed69bf0b73522c016455a6e5a
SHA-256: 057b182f96af0770e8c8cdf038958884b7f1ac4173577cdc6fd8b6057c4c4c9e
kdenetwork-libs-4.3.4-11.el6_0.1.i686.rpm     MD5: da396bbdf366b92511e786d569bcf33b
SHA-256: c5be0e56220204dbc4ec56eacb78258652a2715f703de5b5f409337ff9e9accf
kdenetwork-libs-4.3.4-11.el6_0.1.x86_64.rpm     MD5: 438f6e96593f4b9711d756d7790c7914
SHA-256: e39b03f901be1c5d97a89ff336aa742b7daa964f12601bfce207f8a0277ab258
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
kdenetwork-4.3.4-11.el6_0.1.src.rpm     MD5: 691e5eced683204eccb426b07026cbe1
SHA-256: 6ea5ff6ed003e87ba27c0f571ffefc839250bfc2737ebe44ba84963e4a902c99
 
IA-32:
kdenetwork-4.3.4-11.el6_0.1.i686.rpm     MD5: a6f0d0819dccbfa54dde9d70903c2e99
SHA-256: 9333649b70fc97ecb19408bf162fc3b7606c7eb582700f367540f84db501b5a5
kdenetwork-debuginfo-4.3.4-11.el6_0.1.i686.rpm     MD5: dc157983b02318fb2929a31dbc6e7123
SHA-256: fa9306b0bf5a790bc649e917dd4d2cd0e341ca60ab5c2959c4bc4846bb9da8ba
kdenetwork-devel-4.3.4-11.el6_0.1.i686.rpm     MD5: 6ab68f188e0def094278d72f1bd31692
SHA-256: 01371fe5fc0a7865f77cbd5f104ef10a4eb69e94af251c8c3cbd2e7f8168422b
kdenetwork-libs-4.3.4-11.el6_0.1.i686.rpm     MD5: da396bbdf366b92511e786d569bcf33b
SHA-256: c5be0e56220204dbc4ec56eacb78258652a2715f703de5b5f409337ff9e9accf
 
x86_64:
kdenetwork-4.3.4-11.el6_0.1.x86_64.rpm     MD5: fc7bb92fa3cebe7bafa897cc2700516a
SHA-256: 1ec971fc7e0485d89b3446d1f029ff37535921ed80fb7d1baed1bde64d2317cc
kdenetwork-debuginfo-4.3.4-11.el6_0.1.i686.rpm     MD5: dc157983b02318fb2929a31dbc6e7123
SHA-256: fa9306b0bf5a790bc649e917dd4d2cd0e341ca60ab5c2959c4bc4846bb9da8ba
kdenetwork-debuginfo-4.3.4-11.el6_0.1.x86_64.rpm     MD5: 03249fea3e956c0c562c87336be409d6
SHA-256: a06f65b36c1921502da7d0f63c7716ab08f1da2d4798d9fc5f0119834e8452df
kdenetwork-devel-4.3.4-11.el6_0.1.i686.rpm     MD5: 6ab68f188e0def094278d72f1bd31692
SHA-256: 01371fe5fc0a7865f77cbd5f104ef10a4eb69e94af251c8c3cbd2e7f8168422b
kdenetwork-devel-4.3.4-11.el6_0.1.x86_64.rpm     MD5: b410d16ed69bf0b73522c016455a6e5a
SHA-256: 057b182f96af0770e8c8cdf038958884b7f1ac4173577cdc6fd8b6057c4c4c9e
kdenetwork-libs-4.3.4-11.el6_0.1.i686.rpm     MD5: da396bbdf366b92511e786d569bcf33b
SHA-256: c5be0e56220204dbc4ec56eacb78258652a2715f703de5b5f409337ff9e9accf
kdenetwork-libs-4.3.4-11.el6_0.1.x86_64.rpm     MD5: 438f6e96593f4b9711d756d7790c7914
SHA-256: e39b03f901be1c5d97a89ff336aa742b7daa964f12601bfce207f8a0277ab258
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

697042 - CVE-2011-1586 kdenetwork: incomplete fix for CVE-2010-1000


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/