Red Hat Product Errata RHSA-2006:0582 - Security Advisory
Issued:
2006-08-10
Updated:
2006-08-10

RHSA-2006:0582 - Security Advisory

Synopsis

kdebase security fix

Type/Severity

Security Advisory: Low

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated kdebase packages that resolve several bugs are now available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

Description

The kdebase packages provide the core applications for KDE, the K Desktop
Environment. These core packages include the file manager Konqueror.

Ilja van Sprundel discovered a lock file handling flaw in kcheckpass. If
the directory /var/lock is writable by a user who is allowed to run
kcheckpass, that user could gain root privileges. In Red Hat Enterprise
Linux, the /var/lock directory is not writable by users and therefore this
flaw could only have been exploited if the permissions on that directory
have been badly configured. A patch to block this issue has been included
in this update. (CVE-2005-2494)

The following bugs have also been addressed:

  • kstart --tosystray does not send the window to the system tray in Kicker
  • When the customer enters or selects URLs in Firefox's address field, the

desktop freezes for a couple of seconds

  • fish kioslave is broken on 64-bit systems

All users of kdebase should upgrade to these updated packages, which
contain patches to resolve these issues.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Affected Products

  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for Power, big endian 4 ppc

Fixes

  • BZ - 166995 - CVE-2005-2494 kcheckpass privilege escalation

Red Hat Enterprise Linux Server 4

SRPM
kdebase-3.3.1-5.13.src.rpm SHA-256: a0f649e780d174ced15c34d909cab1ab12b499aaa3a56d484f5ffe2420a31a70
x86_64
kdebase-3.3.1-5.13.i386.rpm SHA-256: 0219715faaaa65895a4acd0eae1417f3314e283d9138c6cdf34a466276f8e401
kdebase-3.3.1-5.13.i386.rpm SHA-256: 0219715faaaa65895a4acd0eae1417f3314e283d9138c6cdf34a466276f8e401
kdebase-3.3.1-5.13.x86_64.rpm SHA-256: a450eb533af1872c2488b176479e1e689887e0740a75027792beb642be44bd9d
kdebase-3.3.1-5.13.x86_64.rpm SHA-256: a450eb533af1872c2488b176479e1e689887e0740a75027792beb642be44bd9d
kdebase-devel-3.3.1-5.13.x86_64.rpm SHA-256: f7b7023205e6ac344f106aad492975826ee9cf937c6a3b929726f73fe4788dc4
kdebase-devel-3.3.1-5.13.x86_64.rpm SHA-256: f7b7023205e6ac344f106aad492975826ee9cf937c6a3b929726f73fe4788dc4
ia64
kdebase-3.3.1-5.13.i386.rpm SHA-256: 0219715faaaa65895a4acd0eae1417f3314e283d9138c6cdf34a466276f8e401
kdebase-3.3.1-5.13.i386.rpm SHA-256: 0219715faaaa65895a4acd0eae1417f3314e283d9138c6cdf34a466276f8e401
kdebase-3.3.1-5.13.ia64.rpm SHA-256: 64fbaaf4d98063ebe5739cf615de91e13252c9eb7fb85916ecf3c3688d465fce
kdebase-3.3.1-5.13.ia64.rpm SHA-256: 64fbaaf4d98063ebe5739cf615de91e13252c9eb7fb85916ecf3c3688d465fce
kdebase-devel-3.3.1-5.13.ia64.rpm SHA-256: c845769b7e5872f53e16a74f13821d94559145e37d1b2f9297f298b5f63dfcaa
kdebase-devel-3.3.1-5.13.ia64.rpm SHA-256: c845769b7e5872f53e16a74f13821d94559145e37d1b2f9297f298b5f63dfcaa
i386
kdebase-3.3.1-5.13.i386.rpm SHA-256: 0219715faaaa65895a4acd0eae1417f3314e283d9138c6cdf34a466276f8e401
kdebase-3.3.1-5.13.i386.rpm SHA-256: 0219715faaaa65895a4acd0eae1417f3314e283d9138c6cdf34a466276f8e401
kdebase-devel-3.3.1-5.13.i386.rpm SHA-256: e7abfc6c2665aa8ae7abc15a598787928fb63dfce1e903d66ab61de5c0044243
kdebase-devel-3.3.1-5.13.i386.rpm SHA-256: e7abfc6c2665aa8ae7abc15a598787928fb63dfce1e903d66ab61de5c0044243

Red Hat Enterprise Linux Workstation 4

SRPM
kdebase-3.3.1-5.13.src.rpm SHA-256: a0f649e780d174ced15c34d909cab1ab12b499aaa3a56d484f5ffe2420a31a70
x86_64
kdebase-3.3.1-5.13.i386.rpm SHA-256: 0219715faaaa65895a4acd0eae1417f3314e283d9138c6cdf34a466276f8e401
kdebase-3.3.1-5.13.x86_64.rpm SHA-256: a450eb533af1872c2488b176479e1e689887e0740a75027792beb642be44bd9d
kdebase-devel-3.3.1-5.13.x86_64.rpm SHA-256: f7b7023205e6ac344f106aad492975826ee9cf937c6a3b929726f73fe4788dc4
ia64
kdebase-3.3.1-5.13.i386.rpm SHA-256: 0219715faaaa65895a4acd0eae1417f3314e283d9138c6cdf34a466276f8e401
kdebase-3.3.1-5.13.ia64.rpm SHA-256: 64fbaaf4d98063ebe5739cf615de91e13252c9eb7fb85916ecf3c3688d465fce
kdebase-devel-3.3.1-5.13.ia64.rpm SHA-256: c845769b7e5872f53e16a74f13821d94559145e37d1b2f9297f298b5f63dfcaa
i386
kdebase-3.3.1-5.13.i386.rpm SHA-256: 0219715faaaa65895a4acd0eae1417f3314e283d9138c6cdf34a466276f8e401
kdebase-devel-3.3.1-5.13.i386.rpm SHA-256: e7abfc6c2665aa8ae7abc15a598787928fb63dfce1e903d66ab61de5c0044243

Red Hat Enterprise Linux Desktop 4

SRPM
kdebase-3.3.1-5.13.src.rpm SHA-256: a0f649e780d174ced15c34d909cab1ab12b499aaa3a56d484f5ffe2420a31a70
x86_64
kdebase-3.3.1-5.13.i386.rpm SHA-256: 0219715faaaa65895a4acd0eae1417f3314e283d9138c6cdf34a466276f8e401
kdebase-3.3.1-5.13.x86_64.rpm SHA-256: a450eb533af1872c2488b176479e1e689887e0740a75027792beb642be44bd9d
kdebase-devel-3.3.1-5.13.x86_64.rpm SHA-256: f7b7023205e6ac344f106aad492975826ee9cf937c6a3b929726f73fe4788dc4
i386
kdebase-3.3.1-5.13.i386.rpm SHA-256: 0219715faaaa65895a4acd0eae1417f3314e283d9138c6cdf34a466276f8e401
kdebase-devel-3.3.1-5.13.i386.rpm SHA-256: e7abfc6c2665aa8ae7abc15a598787928fb63dfce1e903d66ab61de5c0044243

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
kdebase-3.3.1-5.13.src.rpm SHA-256: a0f649e780d174ced15c34d909cab1ab12b499aaa3a56d484f5ffe2420a31a70
s390x
kdebase-3.3.1-5.13.s390.rpm SHA-256: 9a35b1db40e3a456269ce50b9b0533aa1dfcd691ab7711f9334394f7817d4d0b
kdebase-3.3.1-5.13.s390x.rpm SHA-256: b282b9e36ccde26ed66a65f18c005b53955e57ab5dca9e769712df92dde789fa
kdebase-devel-3.3.1-5.13.s390x.rpm SHA-256: 0e68942060adf065a90b966f76c55b45fc0b8b5bdc8fdce27bf6e1dc77e4da47
s390
kdebase-3.3.1-5.13.s390.rpm SHA-256: 9a35b1db40e3a456269ce50b9b0533aa1dfcd691ab7711f9334394f7817d4d0b
kdebase-devel-3.3.1-5.13.s390.rpm SHA-256: 8ad74fc2c88888b840db10e85e35589b5e68652a106d1ad044813fd133572356

Red Hat Enterprise Linux for Power, big endian 4

SRPM
kdebase-3.3.1-5.13.src.rpm SHA-256: a0f649e780d174ced15c34d909cab1ab12b499aaa3a56d484f5ffe2420a31a70
ppc
kdebase-3.3.1-5.13.ppc.rpm SHA-256: 2eccd86161c2cab20170f82307fd4d99a5101d41f74c88674515462a81402293
kdebase-3.3.1-5.13.ppc64.rpm SHA-256: d4694fc37e0f95739ee3dffe8b0d6f768eab122075b53da47c74c12ce139e8df
kdebase-devel-3.3.1-5.13.ppc.rpm SHA-256: b47578d8908a69732e8d2901a77f57460ff2c5aaa6b8bbfe7c78c12c35dfe4a5

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.