| |||||||||||||
|
| |||||||||||||
Red Hat alert RHSA-2004:412-01 (kdelibs kdebase)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated kdelibs and kdebase packages correct security issues Advisory ID: RHSA-2004:412-01 Issue date: 2004-10-04 Updated on: 2004-10-04 Product: Red Hat Enterprise Linux CVE Names: CAN-2004-0689 CAN-2004-0746 CAN-2004-0721 - --------------------------------------------------------------------- 1. Summary: Updated kdelib and kdebase packages that resolve multiple security issues are now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64 Red Hat Linux Advanced Workstation 2.1 - ia64 Red Hat Enterprise Linux ES version 2.1 - i386 Red Hat Enterprise Linux WS version 2.1 - i386 Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: The kdelibs packages include libraries for the K Desktop Environment. The kdebase packages include core applications for the K Desktop Environment. Andrew Tuitt reported that versions of KDE up to and including 3.2.3 create temporary directories with predictable names. A local attacker could prevent KDE applications from functioning correctly, or overwrite files owned by other users by creating malicious symlinks. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-0689 to this issue. WESTPOINT internet reconnaissance services has discovered that the KDE web browser Konqueror allows websites to set cookies for certain country specific secondary top level domains. An attacker within one of the affected domains could construct a cookie which would be sent to all other websites within the domain leading to a session fixation attack. This issue does not affect popular domains such as .co.uk, .co.in, or .com. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-0721 to this issue. A frame injection spoofing vulnerability has been discovered in the Konqueror web browser. This issue could allow a malicious website to show arbitrary content in a named frame of a different browser window. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-0746 to this issue. All users of KDE are advised to upgrade to these erratum packages, which contain backported patches from the KDE team for these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info): 128693 - CAN-2004-0689 Predictable temporary filenames 128462 - CAN-2004-0721 Konqueror frame injection spoofing 6. RPMs required: Red Hat Enterprise Linux AS (Advanced Server) version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/kde... 34cd7c8777facff45a8e5eeed312b3b4 kdelibs-2.2.2-13.src.rpm i386: 2b9a999a24dd42549fac4e39790b8c17 arts-2.2.2-13.i386.rpm d6aebf57668023cb684b81236c32ce71 kdelibs-2.2.2-13.i386.rpm 20114a97ed08c90c3ecd41d1b462b6bf kdelibs-devel-2.2.2-13.i386.rpm 5ca2b715621e0cdec5e3cfc647739d3f kdelibs-sound-2.2.2-13.i386.rpm 65522ae63db9a60ec3b021099fa267ed kdelibs-sound-devel-2.2.2-13.i386.rpm ia64: 198791b6c87c082383e8824f744a8c41 arts-2.2.2-13.ia64.rpm f0c10dff06590e9b3d4470a4f8b1f624 kdelibs-2.2.2-13.ia64.rpm f8c9cebea143dcf5450cd8ca0105d724 kdelibs-devel-2.2.2-13.ia64.rpm e2218bf3c2da78612dcaf84775f2b940 kdelibs-sound-2.2.2-13.ia64.rpm 2172bffd9baeb6ba3919c9510a8f8c61 kdelibs-sound-devel-2.2.2-13.ia64.rpm Red Hat Linux Advanced Workstation 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/kde... 1b2d27e8c9b4fbcc6f14b8b5d8f211de kdebase-2.2.2-12.src.rpm ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/kde... 34cd7c8777facff45a8e5eeed312b3b4 kdelibs-2.2.2-13.src.rpm ia64: 198791b6c87c082383e8824f744a8c41 arts-2.2.2-13.ia64.rpm 95e7fac336a7858e13eb38f47ae5f135 kdebase-2.2.2-12.ia64.rpm 36592e521a13904f8c4c0f5341d39f95 kdebase-devel-2.2.2-12.ia64.rpm f0c10dff06590e9b3d4470a4f8b1f624 kdelibs-2.2.2-13.ia64.rpm f8c9cebea143dcf5450cd8ca0105d724 kdelibs-devel-2.2.2-13.ia64.rpm e2218bf3c2da78612dcaf84775f2b940 kdelibs-sound-2.2.2-13.ia64.rpm 2172bffd9baeb6ba3919c9510a8f8c61 kdelibs-sound-devel-2.2.2-13.ia64.rpm Red Hat Enterprise Linux ES version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/kde... 1b2d27e8c9b4fbcc6f14b8b5d8f211de kdebase-2.2.2-12.src.rpm ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/kde... 34cd7c8777facff45a8e5eeed312b3b4 kdelibs-2.2.2-13.src.rpm i386: 2b9a999a24dd42549fac4e39790b8c17 arts-2.2.2-13.i386.rpm 2e4e89ab276d4783fca6effbb86abd45 kdebase-2.2.2-12.i386.rpm 3b7bdc19f63b066f030b02de2fd36fe6 kdebase-devel-2.2.2-12.i386.rpm d6aebf57668023cb684b81236c32ce71 kdelibs-2.2.2-13.i386.rpm 20114a97ed08c90c3ecd41d1b462b6bf kdelibs-devel-2.2.2-13.i386.rpm 5ca2b715621e0cdec5e3cfc647739d3f kdelibs-sound-2.2.2-13.i386.rpm 65522ae63db9a60ec3b021099fa267ed kdelibs-sound-devel-2.2.2-13.i386.rpm Red Hat Enterprise Linux WS version 2.1: SRPMS: ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/kde... 1b2d27e8c9b4fbcc6f14b8b5d8f211de kdebase-2.2.2-12.src.rpm ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/kde... 34cd7c8777facff45a8e5eeed312b3b4 kdelibs-2.2.2-13.src.rpm i386: 2b9a999a24dd42549fac4e39790b8c17 arts-2.2.2-13.i386.rpm 2e4e89ab276d4783fca6effbb86abd45 kdebase-2.2.2-12.i386.rpm 3b7bdc19f63b066f030b02de2fd36fe6 kdebase-devel-2.2.2-12.i386.rpm d6aebf57668023cb684b81236c32ce71 kdelibs-2.2.2-13.i386.rpm 20114a97ed08c90c3ecd41d1b462b6bf kdelibs-devel-2.2.2-13.i386.rpm 5ca2b715621e0cdec5e3cfc647739d3f kdelibs-sound-2.2.2-13.i386.rpm 65522ae63db9a60ec3b021099fa267ed kdelibs-sound-devel-2.2.2-13.i386.rpm Red Hat Enterprise Linux AS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/kdeba... e4d4e63c66ce9c682c85dc250e1e679d kdebase-3.1.3-5.4.src.rpm ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/kdeli... 135f069e313d3cbf6483e08711958ee3 kdelibs-3.1.3-6.6.src.rpm i386: 6d952551a98d11f296032defd42392bc kdebase-3.1.3-5.4.i386.rpm 2693da75dd6670f631dab884775881cc kdebase-devel-3.1.3-5.4.i386.rpm 266c7d206975aaaeddf4a611674e866e kdelibs-3.1.3-6.6.i386.rpm bafda78112a389994916b0b0ced83ee2 kdelibs-devel-3.1.3-6.6.i386.rpm ia64: 841744faecd1ee54f3790a123395e999 kdebase-3.1.3-5.4.ia64.rpm ad4280e59a322ebda1801b5624a6bd2a kdebase-devel-3.1.3-5.4.ia64.rpm f939dede59e2b87af5f8d32fb41bd7f2 kdelibs-3.1.3-6.6.ia64.rpm 0ea7d0872f7b9aaec7343fab3214791e kdelibs-devel-3.1.3-6.6.ia64.rpm ppc: e658798e8a2b5b7e1c63261f4e401a0c kdebase-3.1.3-5.4.ppc.rpm 9fe876d61e6cbee4450eb1790d666b88 kdebase-devel-3.1.3-5.4.ppc.rpm 478bbcde19aa9dfd6047d775b9b3fd97 kdelibs-3.1.3-6.6.ppc.rpm d74c96bbdc599a943a0d73015487f1de kdelibs-devel-3.1.3-6.6.ppc.rpm s390: 62c50a1e7fa5950240cb2df7821a2cc1 kdebase-3.1.3-5.4.s390.rpm 6c19f7ec956aa49f2f5a2d425bd93da1 kdebase-devel-3.1.3-5.4.s390.rpm c41cb46b8353ab23344901df9eb7d813 kdelibs-3.1.3-6.6.s390.rpm e0fd226e4c616aa6f661184f837cbf26 kdelibs-devel-3.1.3-6.6.s390.rpm s390x: 59899ed9813ae1b6f23756f600322a86 kdebase-3.1.3-5.4.s390x.rpm 075a689d597dc89b3afea95cb16c7c69 kdebase-devel-3.1.3-5.4.s390x.rpm 759d0d56fb3837b3bbca0bf74c6edd9a kdelibs-3.1.3-6.6.s390x.rpm 8b26c56fcaa2bfa353a23ed80cf0de87 kdelibs-devel-3.1.3-6.6.s390x.rpm x86_64: 272944753852fad10e47b9aad38af42a kdebase-3.1.3-5.4.x86_64.rpm a9473976663eeecc906887e1c2dcfcb8 kdebase-devel-3.1.3-5.4.x86_64.rpm 57fb61c68d0aeca7b998d36cd6597541 kdelibs-3.1.3-6.6.x86_64.rpm 1b75fa2f076385cd5d9f0d977a921c03 kdelibs-devel-3.1.3-6.6.x86_64.rpm Red Hat Desktop version 3: SRPMS: ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/... e4d4e63c66ce9c682c85dc250e1e679d kdebase-3.1.3-5.4.src.rpm ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/... 135f069e313d3cbf6483e08711958ee3 kdelibs-3.1.3-6.6.src.rpm i386: 6d952551a98d11f296032defd42392bc kdebase-3.1.3-5.4.i386.rpm 2693da75dd6670f631dab884775881cc kdebase-devel-3.1.3-5.4.i386.rpm 266c7d206975aaaeddf4a611674e866e kdelibs-3.1.3-6.6.i386.rpm bafda78112a389994916b0b0ced83ee2 kdelibs-devel-3.1.3-6.6.i386.rpm x86_64: 272944753852fad10e47b9aad38af42a kdebase-3.1.3-5.4.x86_64.rpm a9473976663eeecc906887e1c2dcfcb8 kdebase-devel-3.1.3-5.4.x86_64.rpm 57fb61c68d0aeca7b998d36cd6597541 kdelibs-3.1.3-6.6.x86_64.rpm 1b75fa2f076385cd5d9f0d977a921c03 kdelibs-devel-3.1.3-6.6.x86_64.rpm Red Hat Enterprise Linux ES version 3: SRPMS: ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/kdeba... e4d4e63c66ce9c682c85dc250e1e679d kdebase-3.1.3-5.4.src.rpm ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/kdeli... 135f069e313d3cbf6483e08711958ee3 kdelibs-3.1.3-6.6.src.rpm i386: 6d952551a98d11f296032defd42392bc kdebase-3.1.3-5.4.i386.rpm 2693da75dd6670f631dab884775881cc kdebase-devel-3.1.3-5.4.i386.rpm 266c7d206975aaaeddf4a611674e866e kdelibs-3.1.3-6.6.i386.rpm bafda78112a389994916b0b0ced83ee2 kdelibs-devel-3.1.3-6.6.i386.rpm ia64: 841744faecd1ee54f3790a123395e999 kdebase-3.1.3-5.4.ia64.rpm ad4280e59a322ebda1801b5624a6bd2a kdebase-devel-3.1.3-5.4.ia64.rpm f939dede59e2b87af5f8d32fb41bd7f2 kdelibs-3.1.3-6.6.ia64.rpm 0ea7d0872f7b9aaec7343fab3214791e kdelibs-devel-3.1.3-6.6.ia64.rpm x86_64: 272944753852fad10e47b9aad38af42a kdebase-3.1.3-5.4.x86_64.rpm a9473976663eeecc906887e1c2dcfcb8 kdebase-devel-3.1.3-5.4.x86_64.rpm 57fb61c68d0aeca7b998d36cd6597541 kdelibs-3.1.3-6.6.x86_64.rpm 1b75fa2f076385cd5d9f0d977a921c03 kdelibs-devel-3.1.3-6.6.x86_64.rpm Red Hat Enterprise Linux WS version 3: SRPMS: ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/kdeba... e4d4e63c66ce9c682c85dc250e1e679d kdebase-3.1.3-5.4.src.rpm ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/kdeli... 135f069e313d3cbf6483e08711958ee3 kdelibs-3.1.3-6.6.src.rpm i386: 6d952551a98d11f296032defd42392bc kdebase-3.1.3-5.4.i386.rpm 2693da75dd6670f631dab884775881cc kdebase-devel-3.1.3-5.4.i386.rpm 266c7d206975aaaeddf4a611674e866e kdelibs-3.1.3-6.6.i386.rpm bafda78112a389994916b0b0ced83ee2 kdelibs-devel-3.1.3-6.6.i386.rpm ia64: 841744faecd1ee54f3790a123395e999 kdebase-3.1.3-5.4.ia64.rpm ad4280e59a322ebda1801b5624a6bd2a kdebase-devel-3.1.3-5.4.ia64.rpm f939dede59e2b87af5f8d32fb41bd7f2 kdelibs-3.1.3-6.6.ia64.rpm 0ea7d0872f7b9aaec7343fab3214791e kdelibs-devel-3.1.3-6.6.ia64.rpm x86_64: 272944753852fad10e47b9aad38af42a kdebase-3.1.3-5.4.x86_64.rpm a9473976663eeecc906887e1c2dcfcb8 kdebase-devel-3.1.3-5.4.x86_64.rpm 57fb61c68d0aeca7b998d36cd6597541 kdelibs-3.1.3-6.6.x86_64.rpm 1b75fa2f076385cd5d9f0d977a921c03 kdelibs-devel-3.1.3-6.6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key.html#package 7. References: http://secunia.com/multiple_browsers_frame_injection_vuln... http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0689 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0746 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0721 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact.html Copyright 2004 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFBYW78XlSAg2UNWIIRAkkiAJ9iuKmNQs5GZQ7+wfwucIs3wNQSYgCgmYal 4Boz0IrYVs6TlcZnARA+tvg= =5kp7 -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list Enterprise-watch-list@redhat.com https://www.redhat.com/mailman/listinfo/enterprise-watch-... (Log in to post comments)
|
|
||||||||||||