LWN.net Logo

Advertisement

ThinLinc Terminal Server

Advanced thin client solution for Linux, based on Open Source. Mix Windows and Linux, 10 licenses for free!

Advertise here

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for January 8, 2009

Btrfs aims for the mainline

The Android Dev Phone 1

LWN.net Weekly Edition for December 25, 2008

The Grumpy Editor's 2008 retrospective

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Red Hat alert RHSA-2007:0909-01 (kdelibs)



From:
    	      bugzilla@redhat.com


To:
    	      enterprise-watch-list@redhat.com


Subject:
    	      [RHSA-2007:0909-01] Moderate: kdelibs security update


Date:
    	      Mon, 8 Oct 2007 04:14:05 -0400


Message-ID:
    	      <200710080814.l988E5UA032465@pobox.devel.redhat.com>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: kdelibs security update
Advisory ID:       RHSA-2007:0909-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2007-0909.html
Issue date:        2007-10-08
Updated on:        2007-10-08
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2007-0242 CVE-2007-0537 CVE-2007-1308 
                   CVE-2007-1564 CVE-2007-3820 CVE-2007-4224 
- ---------------------------------------------------------------------

1. Summary:

Updated kdelibs packages that resolve several security flaws are
now available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Problem description:

The kdelibs package provides libraries for the K Desktop Environment (KDE).

Two cross-site-scripting flaws were found in the way Konqueror processes
certain HTML content. This could result in a malicious attacker presenting
misleading content to an unsuspecting user. (CVE-2007-0242, CVE-2007-0537)

A flaw was found in KDE JavaScript implementation.  A web page containing
malicious JavaScript code could cause Konqueror to crash. (CVE-2007-1308)

A flaw was found in the way Konqueror handled certain FTP PASV commands.
A malicious FTP server could use this flaw to perform a rudimentary
port-scan of machines behind a user's firewall. (CVE-2007-1564)

Two Konqueror address spoofing flaws have been discovered. It was
possible for a malicious website to cause the Konqueror address bar to
display information which could trick a user into believing they are at a 
different website than they actually are. (CVE-2007-3820, CVE-2007-4224)

Users of KDE should upgrade to these updated packages, which contain
backported patches to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

229606 - CVE-2007-0537 konqueror XSS
233592 - CVE-2007-1564 FTP protocol PASV design flaw affects konqueror
234633 - CVE-2007-0242 QT UTF8 improper character expansion
248537 - CVE-2007-3820 Spoofing of URI possible in Konqueror's address bar
251708 - CVE-2007-4224 URL spoof in address bar
299891 - CVE-2007-1308 kdelibs KDE JavaScript denial of service (crash)

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kdeli...
4bf1df171502ccaac9c4b9f4af27c5a4  kdelibs-3.3.1-9.el4.src.rpm

i386:
d3325980cb2e409fcb69641c9dd50fa6  kdelibs-3.3.1-9.el4.i386.rpm
fad8465ae0a18ee4a5b7c6b0fed6a5a9  kdelibs-debuginfo-3.3.1-9.el4.i386.rpm
48f2c42b62fe794d35580947197203f6  kdelibs-devel-3.3.1-9.el4.i386.rpm

ia64:
d3325980cb2e409fcb69641c9dd50fa6  kdelibs-3.3.1-9.el4.i386.rpm
3df7ac0ae7500ccc3ce57d6f34bf475a  kdelibs-3.3.1-9.el4.ia64.rpm
fad8465ae0a18ee4a5b7c6b0fed6a5a9  kdelibs-debuginfo-3.3.1-9.el4.i386.rpm
09be826e42e02f1127674a3a0a6c0a3a  kdelibs-debuginfo-3.3.1-9.el4.ia64.rpm
fe8fe5f994ab48ae8fab363832419204  kdelibs-devel-3.3.1-9.el4.ia64.rpm

ppc:
7b134aed54478415a8e4be498be8e919  kdelibs-3.3.1-9.el4.ppc.rpm
464d937764cf050cb37f213dc677ed8d  kdelibs-3.3.1-9.el4.ppc64.rpm
779363c80d7de0d18ccaf00281e39cea  kdelibs-debuginfo-3.3.1-9.el4.ppc.rpm
64d7f0d7f599f0fd79f2b255f2930731  kdelibs-debuginfo-3.3.1-9.el4.ppc64.rpm
d134d0d0233a59b060b3befd9f12ae14  kdelibs-devel-3.3.1-9.el4.ppc.rpm

s390:
f3655e6c3230a2afc0e24569b1226cf9  kdelibs-3.3.1-9.el4.s390.rpm
67679bb530d305e872c466d8756e4f2b  kdelibs-debuginfo-3.3.1-9.el4.s390.rpm
21c32310827a4e7572be6750bd16e6ca  kdelibs-devel-3.3.1-9.el4.s390.rpm

s390x:
f3655e6c3230a2afc0e24569b1226cf9  kdelibs-3.3.1-9.el4.s390.rpm
b79978750768f1786f90bbfb5fe50c88  kdelibs-3.3.1-9.el4.s390x.rpm
67679bb530d305e872c466d8756e4f2b  kdelibs-debuginfo-3.3.1-9.el4.s390.rpm
f8f34ccf13d54e3d7fa515546870eb96  kdelibs-debuginfo-3.3.1-9.el4.s390x.rpm
9f9d7f3481582d30eff7b9b826a14ebe  kdelibs-devel-3.3.1-9.el4.s390x.rpm

x86_64:
d3325980cb2e409fcb69641c9dd50fa6  kdelibs-3.3.1-9.el4.i386.rpm
45ff0822118c370120cffe8f4f438c95  kdelibs-3.3.1-9.el4.x86_64.rpm
fad8465ae0a18ee4a5b7c6b0fed6a5a9  kdelibs-debuginfo-3.3.1-9.el4.i386.rpm
f8fac72a4431ebfd82e863c565aba5d0  kdelibs-debuginfo-3.3.1-9.el4.x86_64.rpm
28d4cbc0fa36755077ade9d68253e6d3  kdelibs-devel-3.3.1-9.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/...
4bf1df171502ccaac9c4b9f4af27c5a4  kdelibs-3.3.1-9.el4.src.rpm

i386:
d3325980cb2e409fcb69641c9dd50fa6  kdelibs-3.3.1-9.el4.i386.rpm
fad8465ae0a18ee4a5b7c6b0fed6a5a9  kdelibs-debuginfo-3.3.1-9.el4.i386.rpm
48f2c42b62fe794d35580947197203f6  kdelibs-devel-3.3.1-9.el4.i386.rpm

x86_64:
d3325980cb2e409fcb69641c9dd50fa6  kdelibs-3.3.1-9.el4.i386.rpm
45ff0822118c370120cffe8f4f438c95  kdelibs-3.3.1-9.el4.x86_64.rpm
fad8465ae0a18ee4a5b7c6b0fed6a5a9  kdelibs-debuginfo-3.3.1-9.el4.i386.rpm
f8fac72a4431ebfd82e863c565aba5d0  kdelibs-debuginfo-3.3.1-9.el4.x86_64.rpm
28d4cbc0fa36755077ade9d68253e6d3  kdelibs-devel-3.3.1-9.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kdeli...
4bf1df171502ccaac9c4b9f4af27c5a4  kdelibs-3.3.1-9.el4.src.rpm

i386:
d3325980cb2e409fcb69641c9dd50fa6  kdelibs-3.3.1-9.el4.i386.rpm
fad8465ae0a18ee4a5b7c6b0fed6a5a9  kdelibs-debuginfo-3.3.1-9.el4.i386.rpm
48f2c42b62fe794d35580947197203f6  kdelibs-devel-3.3.1-9.el4.i386.rpm

ia64:
d3325980cb2e409fcb69641c9dd50fa6  kdelibs-3.3.1-9.el4.i386.rpm
3df7ac0ae7500ccc3ce57d6f34bf475a  kdelibs-3.3.1-9.el4.ia64.rpm
fad8465ae0a18ee4a5b7c6b0fed6a5a9  kdelibs-debuginfo-3.3.1-9.el4.i386.rpm
09be826e42e02f1127674a3a0a6c0a3a  kdelibs-debuginfo-3.3.1-9.el4.ia64.rpm
fe8fe5f994ab48ae8fab363832419204  kdelibs-devel-3.3.1-9.el4.ia64.rpm

x86_64:
d3325980cb2e409fcb69641c9dd50fa6  kdelibs-3.3.1-9.el4.i386.rpm
45ff0822118c370120cffe8f4f438c95  kdelibs-3.3.1-9.el4.x86_64.rpm
fad8465ae0a18ee4a5b7c6b0fed6a5a9  kdelibs-debuginfo-3.3.1-9.el4.i386.rpm
f8fac72a4431ebfd82e863c565aba5d0  kdelibs-debuginfo-3.3.1-9.el4.x86_64.rpm
28d4cbc0fa36755077ade9d68253e6d3  kdelibs-devel-3.3.1-9.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kdeli...
4bf1df171502ccaac9c4b9f4af27c5a4  kdelibs-3.3.1-9.el4.src.rpm

i386:
d3325980cb2e409fcb69641c9dd50fa6  kdelibs-3.3.1-9.el4.i386.rpm
fad8465ae0a18ee4a5b7c6b0fed6a5a9  kdelibs-debuginfo-3.3.1-9.el4.i386.rpm
48f2c42b62fe794d35580947197203f6  kdelibs-devel-3.3.1-9.el4.i386.rpm

ia64:
d3325980cb2e409fcb69641c9dd50fa6  kdelibs-3.3.1-9.el4.i386.rpm
3df7ac0ae7500ccc3ce57d6f34bf475a  kdelibs-3.3.1-9.el4.ia64.rpm
fad8465ae0a18ee4a5b7c6b0fed6a5a9  kdelibs-debuginfo-3.3.1-9.el4.i386.rpm
09be826e42e02f1127674a3a0a6c0a3a  kdelibs-debuginfo-3.3.1-9.el4.ia64.rpm
fe8fe5f994ab48ae8fab363832419204  kdelibs-devel-3.3.1-9.el4.ia64.rpm

x86_64:
d3325980cb2e409fcb69641c9dd50fa6  kdelibs-3.3.1-9.el4.i386.rpm
45ff0822118c370120cffe8f4f438c95  kdelibs-3.3.1-9.el4.x86_64.rpm
fad8465ae0a18ee4a5b7c6b0fed6a5a9  kdelibs-debuginfo-3.3.1-9.el4.i386.rpm
f8fac72a4431ebfd82e863c565aba5d0  kdelibs-debuginfo-3.3.1-9.el4.x86_64.rpm
28d4cbc0fa36755077ade9d68253e6d3  kdelibs-devel-3.3.1-9.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/...
e6ceb931f57d243382512a4e05987c66  kdelibs-3.5.4-13.el5.src.rpm

i386:
2cf541a483fe1fbda5f2894f429dd029  kdelibs-3.5.4-13.el5.i386.rpm
fcb32b8d69e5a8650a53b5d6ac347e66  kdelibs-apidocs-3.5.4-13.el5.i386.rpm
8141ec4f62dfc46e73e2d76f317599cc  kdelibs-debuginfo-3.5.4-13.el5.i386.rpm

x86_64:
2cf541a483fe1fbda5f2894f429dd029  kdelibs-3.5.4-13.el5.i386.rpm
68709b52718e0745e3dbd5bb7a04230b  kdelibs-3.5.4-13.el5.x86_64.rpm
3f8d019e0ecfcf919d5b3c55757e6101  kdelibs-apidocs-3.5.4-13.el5.x86_64.rpm
8141ec4f62dfc46e73e2d76f317599cc  kdelibs-debuginfo-3.5.4-13.el5.i386.rpm
173697bfc07630bc2828a8aec6adc138  kdelibs-debuginfo-3.5.4-13.el5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/...
e6ceb931f57d243382512a4e05987c66  kdelibs-3.5.4-13.el5.src.rpm

i386:
8141ec4f62dfc46e73e2d76f317599cc  kdelibs-debuginfo-3.5.4-13.el5.i386.rpm
222f3e3b226bae96dd7083e6e47c4350  kdelibs-devel-3.5.4-13.el5.i386.rpm

x86_64:
8141ec4f62dfc46e73e2d76f317599cc  kdelibs-debuginfo-3.5.4-13.el5.i386.rpm
173697bfc07630bc2828a8aec6adc138  kdelibs-debuginfo-3.5.4-13.el5.x86_64.rpm
222f3e3b226bae96dd7083e6e47c4350  kdelibs-devel-3.5.4-13.el5.i386.rpm
7beda8e6b585f62c52e032c6cdee89ea  kdelibs-devel-3.5.4-13.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/...
e6ceb931f57d243382512a4e05987c66  kdelibs-3.5.4-13.el5.src.rpm

i386:
2cf541a483fe1fbda5f2894f429dd029  kdelibs-3.5.4-13.el5.i386.rpm
fcb32b8d69e5a8650a53b5d6ac347e66  kdelibs-apidocs-3.5.4-13.el5.i386.rpm
8141ec4f62dfc46e73e2d76f317599cc  kdelibs-debuginfo-3.5.4-13.el5.i386.rpm
222f3e3b226bae96dd7083e6e47c4350  kdelibs-devel-3.5.4-13.el5.i386.rpm

ia64:
f5dbf1ec8eceebb294fb9d23b95b4364  kdelibs-3.5.4-13.el5.ia64.rpm
cc7710e3dc78bfdccf3ada21f8fbb9de  kdelibs-apidocs-3.5.4-13.el5.ia64.rpm
2b4c5c7219a48aea1834015035fccfbd  kdelibs-debuginfo-3.5.4-13.el5.ia64.rpm
e64135af218a2b089ce7005fed87a04b  kdelibs-devel-3.5.4-13.el5.ia64.rpm

ppc:
29bd915319ed22e56e0d137253cc852b  kdelibs-3.5.4-13.el5.ppc.rpm
46615b20f403cbeb477f86c46c67ac44  kdelibs-3.5.4-13.el5.ppc64.rpm
eecf5dc5a052e5defdd3a6816d5b9ae2  kdelibs-apidocs-3.5.4-13.el5.ppc.rpm
ea2e4697883a77d5bedfad55ed662ec9  kdelibs-debuginfo-3.5.4-13.el5.ppc.rpm
63065e25fd7d07a7650c21bc24ae285e  kdelibs-debuginfo-3.5.4-13.el5.ppc64.rpm
7c556ec7f4c29086ce2dcdee62f5fd14  kdelibs-devel-3.5.4-13.el5.ppc.rpm
2be63373a24d12f1206fe81de6e2c1e9  kdelibs-devel-3.5.4-13.el5.ppc64.rpm

s390x:
230dcdb2da9a862e102b32168c792885  kdelibs-3.5.4-13.el5.s390.rpm
0bfb7027d74d2e5d1d4128aa29673227  kdelibs-3.5.4-13.el5.s390x.rpm
e750100c621dcc5143b22c47a9e3ca0b  kdelibs-apidocs-3.5.4-13.el5.s390x.rpm
c7e610193fcb2219e344e6529f473570  kdelibs-debuginfo-3.5.4-13.el5.s390.rpm
ac0617c7269a39e793409db486e5a314  kdelibs-debuginfo-3.5.4-13.el5.s390x.rpm
612e4e315bbb301dfc449d9c270f293e  kdelibs-devel-3.5.4-13.el5.s390.rpm
e7937888bf5d32ba188396ee82bf2fd1  kdelibs-devel-3.5.4-13.el5.s390x.rpm

x86_64:
2cf541a483fe1fbda5f2894f429dd029  kdelibs-3.5.4-13.el5.i386.rpm
68709b52718e0745e3dbd5bb7a04230b  kdelibs-3.5.4-13.el5.x86_64.rpm
3f8d019e0ecfcf919d5b3c55757e6101  kdelibs-apidocs-3.5.4-13.el5.x86_64.rpm
8141ec4f62dfc46e73e2d76f317599cc  kdelibs-debuginfo-3.5.4-13.el5.i386.rpm
173697bfc07630bc2828a8aec6adc138  kdelibs-debuginfo-3.5.4-13.el5.x86_64.rpm
222f3e3b226bae96dd7083e6e47c4350  kdelibs-devel-3.5.4-13.el5.i386.rpm
7beda8e6b585f62c52e032c6cdee89ea  kdelibs-devel-3.5.4-13.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0537
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1308
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1564
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4224
http://www.redhat.com/security/updates/classification/#mo...

8. Contact:

The Red Hat security contact is <secalert@redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFHCebKXlSAg2UNWIIRAgG+AJ9AiWwUiSB+1AYF6gC4rFMZAlvzQgCgnvDw
GZzAI8Yhuu/XrZRWA4myHso=
=wJQp
-----END PGP SIGNATURE-----



-- 
Enterprise-watch-list mailing list
Enterprise-watch-list@redhat.com
https://www.redhat.com/mailman/listinfo/enterprise-watch-...
(Log in to post comments)

Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds