- Issued:
- 2005-02-15
- Updated:
- 2005-02-15
RHSA-2005:065 - Security Advisory
Synopsis
kdelibs security update
Type/Severity
Security Advisory: Important
Red Hat Lightspeed patch analysis
Identify and remediate systems affected by this advisory.
Topic
Updated kdelibs packages that resolve security issues in Konqueror are now
available for Red Hat Enterprise Linux 4.
This update has been rated as having important security impact by the
Red Hat Security Response Team.
Description
The kdelibs packages include libraries for the K Desktop Environment.
Two flaws were found in the sandbox environment used to run Java-applets in
the Konqueror web browser. If a user has Java enabled in Konqueror and
visits a malicious website, the website could run a carefully crafted
Java-applet and obtain escalated privileges allowing reading and writing of
arbitrary files with the privileges of the victim. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-1145 to this issue.
A flaw was discovered in the FTP kioslave. KDE applications such as
Konqueror could be forced to execute arbitrary FTP commands via a carefully
crafted ftp URL. The URL could also be crafted in such a way as to send an
arbitrary email via SMTP. An attacker could make use of this flaw if a
victim visits a malicious web site. The Common Vulnerabilities and
Exposures project has assigned the name CAN-2004-1165 to this issue.
Users should update to these erratum packages which contain backported
patches to correct these issues.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
Affected Products
- Red Hat Enterprise Linux Server 4 x86_64
- Red Hat Enterprise Linux Server 4 ia64
- Red Hat Enterprise Linux Server 4 i386
- Red Hat Enterprise Linux Workstation 4 x86_64
- Red Hat Enterprise Linux Workstation 4 ia64
- Red Hat Enterprise Linux Workstation 4 i386
- Red Hat Enterprise Linux Desktop 4 x86_64
- Red Hat Enterprise Linux Desktop 4 i386
- Red Hat Enterprise Linux for IBM z Systems 4 s390x
- Red Hat Enterprise Linux for IBM z Systems 4 s390
- Red Hat Enterprise Linux for Power, big endian 4 ppc
Fixes
- BZ - 144211 - CAN-2004-1145 Konqueror Java Vulnerability
- BZ - 145938 - CAN-2004-1165 kioslave command injection
Red Hat Enterprise Linux Server 4
| SRPM | |
|---|---|
| kdelibs-3.3.1-3.3.src.rpm | SHA-256: 145d098c794e9c232b60ec259af812a77b6ae80c484d51e3bd69353c5c8817b0 |
| x86_64 | |
| kdelibs-3.3.1-3.3.i386.rpm | SHA-256: 48f02f5b5d949f0b1d70f037166472fceb6e38aa4378a59a3d227b8c8a0c9fab |
| kdelibs-3.3.1-3.3.i386.rpm | SHA-256: 48f02f5b5d949f0b1d70f037166472fceb6e38aa4378a59a3d227b8c8a0c9fab |
| kdelibs-3.3.1-3.3.x86_64.rpm | SHA-256: 871494313b1e0d0e51a28cc703e4d11a071b57bfa9ec04791885e3aa80dc06c6 |
| kdelibs-3.3.1-3.3.x86_64.rpm | SHA-256: 871494313b1e0d0e51a28cc703e4d11a071b57bfa9ec04791885e3aa80dc06c6 |
| kdelibs-devel-3.3.1-3.3.x86_64.rpm | SHA-256: e726b039a6f9e3efefc315ec0cd46d90866e2b65152cc420043dec4650ab3da6 |
| kdelibs-devel-3.3.1-3.3.x86_64.rpm | SHA-256: e726b039a6f9e3efefc315ec0cd46d90866e2b65152cc420043dec4650ab3da6 |
| ia64 | |
| kdelibs-3.3.1-3.3.i386.rpm | SHA-256: 48f02f5b5d949f0b1d70f037166472fceb6e38aa4378a59a3d227b8c8a0c9fab |
| kdelibs-3.3.1-3.3.i386.rpm | SHA-256: 48f02f5b5d949f0b1d70f037166472fceb6e38aa4378a59a3d227b8c8a0c9fab |
| kdelibs-3.3.1-3.3.ia64.rpm | SHA-256: 678366afce820c9055a512720b31fe8e69b714ae07fa64954dcfeb45a491b233 |
| kdelibs-3.3.1-3.3.ia64.rpm | SHA-256: 678366afce820c9055a512720b31fe8e69b714ae07fa64954dcfeb45a491b233 |
| kdelibs-devel-3.3.1-3.3.ia64.rpm | SHA-256: 4285c2f9d22d14c4d4a1097e5a90d0df633ef4b8434fb00659a2b7502c1518f6 |
| kdelibs-devel-3.3.1-3.3.ia64.rpm | SHA-256: 4285c2f9d22d14c4d4a1097e5a90d0df633ef4b8434fb00659a2b7502c1518f6 |
| i386 | |
| kdelibs-3.3.1-3.3.i386.rpm | SHA-256: 48f02f5b5d949f0b1d70f037166472fceb6e38aa4378a59a3d227b8c8a0c9fab |
| kdelibs-3.3.1-3.3.i386.rpm | SHA-256: 48f02f5b5d949f0b1d70f037166472fceb6e38aa4378a59a3d227b8c8a0c9fab |
| kdelibs-devel-3.3.1-3.3.i386.rpm | SHA-256: b18659580cbfc584704821c0054d33e828f27ecc5de5667109382123e7a0d0da |
| kdelibs-devel-3.3.1-3.3.i386.rpm | SHA-256: b18659580cbfc584704821c0054d33e828f27ecc5de5667109382123e7a0d0da |
Red Hat Enterprise Linux Workstation 4
| SRPM | |
|---|---|
| kdelibs-3.3.1-3.3.src.rpm | SHA-256: 145d098c794e9c232b60ec259af812a77b6ae80c484d51e3bd69353c5c8817b0 |
| x86_64 | |
| kdelibs-3.3.1-3.3.i386.rpm | SHA-256: 48f02f5b5d949f0b1d70f037166472fceb6e38aa4378a59a3d227b8c8a0c9fab |
| kdelibs-3.3.1-3.3.x86_64.rpm | SHA-256: 871494313b1e0d0e51a28cc703e4d11a071b57bfa9ec04791885e3aa80dc06c6 |
| kdelibs-devel-3.3.1-3.3.x86_64.rpm | SHA-256: e726b039a6f9e3efefc315ec0cd46d90866e2b65152cc420043dec4650ab3da6 |
| ia64 | |
| kdelibs-3.3.1-3.3.i386.rpm | SHA-256: 48f02f5b5d949f0b1d70f037166472fceb6e38aa4378a59a3d227b8c8a0c9fab |
| kdelibs-3.3.1-3.3.ia64.rpm | SHA-256: 678366afce820c9055a512720b31fe8e69b714ae07fa64954dcfeb45a491b233 |
| kdelibs-devel-3.3.1-3.3.ia64.rpm | SHA-256: 4285c2f9d22d14c4d4a1097e5a90d0df633ef4b8434fb00659a2b7502c1518f6 |
| i386 | |
| kdelibs-3.3.1-3.3.i386.rpm | SHA-256: 48f02f5b5d949f0b1d70f037166472fceb6e38aa4378a59a3d227b8c8a0c9fab |
| kdelibs-devel-3.3.1-3.3.i386.rpm | SHA-256: b18659580cbfc584704821c0054d33e828f27ecc5de5667109382123e7a0d0da |
Red Hat Enterprise Linux Desktop 4
| SRPM | |
|---|---|
| kdelibs-3.3.1-3.3.src.rpm | SHA-256: 145d098c794e9c232b60ec259af812a77b6ae80c484d51e3bd69353c5c8817b0 |
| x86_64 | |
| kdelibs-3.3.1-3.3.i386.rpm | SHA-256: 48f02f5b5d949f0b1d70f037166472fceb6e38aa4378a59a3d227b8c8a0c9fab |
| kdelibs-3.3.1-3.3.x86_64.rpm | SHA-256: 871494313b1e0d0e51a28cc703e4d11a071b57bfa9ec04791885e3aa80dc06c6 |
| kdelibs-devel-3.3.1-3.3.x86_64.rpm | SHA-256: e726b039a6f9e3efefc315ec0cd46d90866e2b65152cc420043dec4650ab3da6 |
| i386 | |
| kdelibs-3.3.1-3.3.i386.rpm | SHA-256: 48f02f5b5d949f0b1d70f037166472fceb6e38aa4378a59a3d227b8c8a0c9fab |
| kdelibs-devel-3.3.1-3.3.i386.rpm | SHA-256: b18659580cbfc584704821c0054d33e828f27ecc5de5667109382123e7a0d0da |
Red Hat Enterprise Linux for IBM z Systems 4
| SRPM | |
|---|---|
| kdelibs-3.3.1-3.3.src.rpm | SHA-256: 145d098c794e9c232b60ec259af812a77b6ae80c484d51e3bd69353c5c8817b0 |
| s390x | |
| kdelibs-3.3.1-3.3.s390.rpm | SHA-256: 40e3be19535ea59d1c5c2cd64fb2ea67af139fa2390a03b28b82259774471b82 |
| kdelibs-3.3.1-3.3.s390x.rpm | SHA-256: 8cb45cedc65092adaa6571e6be598dcf58f61ed1b0cc8c93ae3da061ced96ce8 |
| kdelibs-devel-3.3.1-3.3.s390x.rpm | SHA-256: 95783818d912b7e5bb1c49e0e3aba70df933211467b5f677295bc8e8cc2a1a05 |
| s390 | |
| kdelibs-3.3.1-3.3.s390.rpm | SHA-256: 40e3be19535ea59d1c5c2cd64fb2ea67af139fa2390a03b28b82259774471b82 |
| kdelibs-devel-3.3.1-3.3.s390.rpm | SHA-256: 9fd477caf5a416f062b370568d205741807c2ff2913a5b0feb0632db1b1fce90 |
Red Hat Enterprise Linux for Power, big endian 4
| SRPM | |
|---|---|
| kdelibs-3.3.1-3.3.src.rpm | SHA-256: 145d098c794e9c232b60ec259af812a77b6ae80c484d51e3bd69353c5c8817b0 |
| ppc | |
| kdelibs-3.3.1-3.3.ppc.rpm | SHA-256: af65d7b47b4a45eab7aa02cf87c953f3e5a12024ad6d194825c2634a0887b414 |
| kdelibs-3.3.1-3.3.ppc64.rpm | SHA-256: 5642944e5926a7528d505bc07a592e27af2257cbebf43117fc26ee0a73bdc9a2 |
| kdelibs-devel-3.3.1-3.3.ppc.rpm | SHA-256: 00aa7a3bfaca3f02eb77615d5480c9a0f72f1df2ae5816dd73ff38e150881dc2 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
