Issued:
2005-02-15
Updated:
2005-02-15

RHSA-2005:065 - Security Advisory

Synopsis

kdelibs security update

Type/Severity

Security Advisory: Important

Topic

Updated kdelibs packages that resolve security issues in Konqueror are now
available for Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the
Red Hat Security Response Team.

Description

The kdelibs packages include libraries for the K Desktop Environment.

Two flaws were found in the sandbox environment used to run Java-applets in
the Konqueror web browser. If a user has Java enabled in Konqueror and
visits a malicious website, the website could run a carefully crafted
Java-applet and obtain escalated privileges allowing reading and writing of
arbitrary files with the privileges of the victim. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-1145 to this issue.

A flaw was discovered in the FTP kioslave. KDE applications such as
Konqueror could be forced to execute arbitrary FTP commands via a carefully
crafted ftp URL. The URL could also be crafted in such a way as to send an
arbitrary email via SMTP. An attacker could make use of this flaw if a
victim visits a malicious web site. The Common Vulnerabilities and
Exposures project has assigned the name CAN-2004-1165 to this issue.

Users should update to these erratum packages which contain backported
patches to correct these issues.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Affected Products

  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for Power, big endian 4 ppc

Fixes

  • BZ - 144211 - CAN-2004-1145 Konqueror Java Vulnerability
  • BZ - 145938 - CAN-2004-1165 kioslave command injection

CVEs

References

Red Hat Enterprise Linux Server 4

SRPM
kdelibs-3.3.1-3.3.src.rpm SHA-256: 145d098c794e9c232b60ec259af812a77b6ae80c484d51e3bd69353c5c8817b0
x86_64
kdelibs-3.3.1-3.3.i386.rpm SHA-256: 48f02f5b5d949f0b1d70f037166472fceb6e38aa4378a59a3d227b8c8a0c9fab
kdelibs-3.3.1-3.3.i386.rpm SHA-256: 48f02f5b5d949f0b1d70f037166472fceb6e38aa4378a59a3d227b8c8a0c9fab
kdelibs-3.3.1-3.3.x86_64.rpm SHA-256: 871494313b1e0d0e51a28cc703e4d11a071b57bfa9ec04791885e3aa80dc06c6
kdelibs-3.3.1-3.3.x86_64.rpm SHA-256: 871494313b1e0d0e51a28cc703e4d11a071b57bfa9ec04791885e3aa80dc06c6
kdelibs-devel-3.3.1-3.3.x86_64.rpm SHA-256: e726b039a6f9e3efefc315ec0cd46d90866e2b65152cc420043dec4650ab3da6
kdelibs-devel-3.3.1-3.3.x86_64.rpm SHA-256: e726b039a6f9e3efefc315ec0cd46d90866e2b65152cc420043dec4650ab3da6
ia64
kdelibs-3.3.1-3.3.i386.rpm SHA-256: 48f02f5b5d949f0b1d70f037166472fceb6e38aa4378a59a3d227b8c8a0c9fab
kdelibs-3.3.1-3.3.i386.rpm SHA-256: 48f02f5b5d949f0b1d70f037166472fceb6e38aa4378a59a3d227b8c8a0c9fab
kdelibs-3.3.1-3.3.ia64.rpm SHA-256: 678366afce820c9055a512720b31fe8e69b714ae07fa64954dcfeb45a491b233
kdelibs-3.3.1-3.3.ia64.rpm SHA-256: 678366afce820c9055a512720b31fe8e69b714ae07fa64954dcfeb45a491b233
kdelibs-devel-3.3.1-3.3.ia64.rpm SHA-256: 4285c2f9d22d14c4d4a1097e5a90d0df633ef4b8434fb00659a2b7502c1518f6
kdelibs-devel-3.3.1-3.3.ia64.rpm SHA-256: 4285c2f9d22d14c4d4a1097e5a90d0df633ef4b8434fb00659a2b7502c1518f6
i386
kdelibs-3.3.1-3.3.i386.rpm SHA-256: 48f02f5b5d949f0b1d70f037166472fceb6e38aa4378a59a3d227b8c8a0c9fab
kdelibs-3.3.1-3.3.i386.rpm SHA-256: 48f02f5b5d949f0b1d70f037166472fceb6e38aa4378a59a3d227b8c8a0c9fab
kdelibs-devel-3.3.1-3.3.i386.rpm SHA-256: b18659580cbfc584704821c0054d33e828f27ecc5de5667109382123e7a0d0da
kdelibs-devel-3.3.1-3.3.i386.rpm SHA-256: b18659580cbfc584704821c0054d33e828f27ecc5de5667109382123e7a0d0da

Red Hat Enterprise Linux Workstation 4

SRPM
kdelibs-3.3.1-3.3.src.rpm SHA-256: 145d098c794e9c232b60ec259af812a77b6ae80c484d51e3bd69353c5c8817b0
x86_64
kdelibs-3.3.1-3.3.i386.rpm SHA-256: 48f02f5b5d949f0b1d70f037166472fceb6e38aa4378a59a3d227b8c8a0c9fab
kdelibs-3.3.1-3.3.x86_64.rpm SHA-256: 871494313b1e0d0e51a28cc703e4d11a071b57bfa9ec04791885e3aa80dc06c6
kdelibs-devel-3.3.1-3.3.x86_64.rpm SHA-256: e726b039a6f9e3efefc315ec0cd46d90866e2b65152cc420043dec4650ab3da6
ia64
kdelibs-3.3.1-3.3.i386.rpm SHA-256: 48f02f5b5d949f0b1d70f037166472fceb6e38aa4378a59a3d227b8c8a0c9fab
kdelibs-3.3.1-3.3.ia64.rpm SHA-256: 678366afce820c9055a512720b31fe8e69b714ae07fa64954dcfeb45a491b233
kdelibs-devel-3.3.1-3.3.ia64.rpm SHA-256: 4285c2f9d22d14c4d4a1097e5a90d0df633ef4b8434fb00659a2b7502c1518f6
i386
kdelibs-3.3.1-3.3.i386.rpm SHA-256: 48f02f5b5d949f0b1d70f037166472fceb6e38aa4378a59a3d227b8c8a0c9fab
kdelibs-devel-3.3.1-3.3.i386.rpm SHA-256: b18659580cbfc584704821c0054d33e828f27ecc5de5667109382123e7a0d0da

Red Hat Enterprise Linux Desktop 4

SRPM
kdelibs-3.3.1-3.3.src.rpm SHA-256: 145d098c794e9c232b60ec259af812a77b6ae80c484d51e3bd69353c5c8817b0
x86_64
kdelibs-3.3.1-3.3.i386.rpm SHA-256: 48f02f5b5d949f0b1d70f037166472fceb6e38aa4378a59a3d227b8c8a0c9fab
kdelibs-3.3.1-3.3.x86_64.rpm SHA-256: 871494313b1e0d0e51a28cc703e4d11a071b57bfa9ec04791885e3aa80dc06c6
kdelibs-devel-3.3.1-3.3.x86_64.rpm SHA-256: e726b039a6f9e3efefc315ec0cd46d90866e2b65152cc420043dec4650ab3da6
i386
kdelibs-3.3.1-3.3.i386.rpm SHA-256: 48f02f5b5d949f0b1d70f037166472fceb6e38aa4378a59a3d227b8c8a0c9fab
kdelibs-devel-3.3.1-3.3.i386.rpm SHA-256: b18659580cbfc584704821c0054d33e828f27ecc5de5667109382123e7a0d0da

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
kdelibs-3.3.1-3.3.src.rpm SHA-256: 145d098c794e9c232b60ec259af812a77b6ae80c484d51e3bd69353c5c8817b0
s390x
kdelibs-3.3.1-3.3.s390.rpm SHA-256: 40e3be19535ea59d1c5c2cd64fb2ea67af139fa2390a03b28b82259774471b82
kdelibs-3.3.1-3.3.s390x.rpm SHA-256: 8cb45cedc65092adaa6571e6be598dcf58f61ed1b0cc8c93ae3da061ced96ce8
kdelibs-devel-3.3.1-3.3.s390x.rpm SHA-256: 95783818d912b7e5bb1c49e0e3aba70df933211467b5f677295bc8e8cc2a1a05
s390
kdelibs-3.3.1-3.3.s390.rpm SHA-256: 40e3be19535ea59d1c5c2cd64fb2ea67af139fa2390a03b28b82259774471b82
kdelibs-devel-3.3.1-3.3.s390.rpm SHA-256: 9fd477caf5a416f062b370568d205741807c2ff2913a5b0feb0632db1b1fce90

Red Hat Enterprise Linux for Power, big endian 4

SRPM
kdelibs-3.3.1-3.3.src.rpm SHA-256: 145d098c794e9c232b60ec259af812a77b6ae80c484d51e3bd69353c5c8817b0
ppc
kdelibs-3.3.1-3.3.ppc.rpm SHA-256: af65d7b47b4a45eab7aa02cf87c953f3e5a12024ad6d194825c2634a0887b414
kdelibs-3.3.1-3.3.ppc64.rpm SHA-256: 5642944e5926a7528d505bc07a592e27af2257cbebf43117fc26ee0a73bdc9a2
kdelibs-devel-3.3.1-3.3.ppc.rpm SHA-256: 00aa7a3bfaca3f02eb77615d5480c9a0f72f1df2ae5816dd73ff38e150881dc2

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.