Red Hat Product Errata RHSA-2006:0582 - Security Advisory

Issued:: 2006-08-10
Updated:: 2006-08-10

RHSA-2006:0582 - Security Advisory

Overview
Updated Packages

Synopsis

kdebase security fix

Type/Severity

Security Advisory: Low

Topic

Updated kdebase packages that resolve several bugs are now available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

Description

The kdebase packages provide the core applications for KDE, the K Desktop
Environment. These core packages include the file manager Konqueror.

Ilja van Sprundel discovered a lock file handling flaw in kcheckpass. If
the directory /var/lock is writable by a user who is allowed to run
kcheckpass, that user could gain root privileges. In Red Hat Enterprise
Linux, the /var/lock directory is not writable by users and therefore this
flaw could only have been exploited if the permissions on that directory
have been badly configured. A patch to block this issue has been included
in this update. (CVE-2005-2494)

The following bugs have also been addressed:

kstart --tosystray does not send the window to the system tray in Kicker
When the customer enters or selects URLs in Firefox's address field, the
desktop freezes for a couple of seconds
fish kioslave is broken on 64-bit systems

All users of kdebase should upgrade to these updated packages, which
contain patches to resolve these issues.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Affected Products

Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for Power, big endian 4 ppc

Fixes

BZ - 166995 - CVE-2005-2494 kcheckpass privilege escalation

CVEs

CVE-2005-2494

References

http://www.redhat.com/security/updates/classification/#low

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 4

SRPM
kdebase-3.3.1-5.13.src.rpm	SHA-256: a0f649e780d174ced15c34d909cab1ab12b499aaa3a56d484f5ffe2420a31a70
x86_64
kdebase-3.3.1-5.13.i386.rpm	SHA-256: 0219715faaaa65895a4acd0eae1417f3314e283d9138c6cdf34a466276f8e401
kdebase-3.3.1-5.13.i386.rpm	SHA-256: 0219715faaaa65895a4acd0eae1417f3314e283d9138c6cdf34a466276f8e401
kdebase-3.3.1-5.13.x86_64.rpm	SHA-256: a450eb533af1872c2488b176479e1e689887e0740a75027792beb642be44bd9d
kdebase-3.3.1-5.13.x86_64.rpm	SHA-256: a450eb533af1872c2488b176479e1e689887e0740a75027792beb642be44bd9d
kdebase-devel-3.3.1-5.13.x86_64.rpm	SHA-256: f7b7023205e6ac344f106aad492975826ee9cf937c6a3b929726f73fe4788dc4
kdebase-devel-3.3.1-5.13.x86_64.rpm	SHA-256: f7b7023205e6ac344f106aad492975826ee9cf937c6a3b929726f73fe4788dc4
ia64
kdebase-3.3.1-5.13.i386.rpm	SHA-256: 0219715faaaa65895a4acd0eae1417f3314e283d9138c6cdf34a466276f8e401
kdebase-3.3.1-5.13.i386.rpm	SHA-256: 0219715faaaa65895a4acd0eae1417f3314e283d9138c6cdf34a466276f8e401
kdebase-3.3.1-5.13.ia64.rpm	SHA-256: 64fbaaf4d98063ebe5739cf615de91e13252c9eb7fb85916ecf3c3688d465fce
kdebase-3.3.1-5.13.ia64.rpm	SHA-256: 64fbaaf4d98063ebe5739cf615de91e13252c9eb7fb85916ecf3c3688d465fce
kdebase-devel-3.3.1-5.13.ia64.rpm	SHA-256: c845769b7e5872f53e16a74f13821d94559145e37d1b2f9297f298b5f63dfcaa
kdebase-devel-3.3.1-5.13.ia64.rpm	SHA-256: c845769b7e5872f53e16a74f13821d94559145e37d1b2f9297f298b5f63dfcaa
i386
kdebase-3.3.1-5.13.i386.rpm	SHA-256: 0219715faaaa65895a4acd0eae1417f3314e283d9138c6cdf34a466276f8e401
kdebase-3.3.1-5.13.i386.rpm	SHA-256: 0219715faaaa65895a4acd0eae1417f3314e283d9138c6cdf34a466276f8e401
kdebase-devel-3.3.1-5.13.i386.rpm	SHA-256: e7abfc6c2665aa8ae7abc15a598787928fb63dfce1e903d66ab61de5c0044243
kdebase-devel-3.3.1-5.13.i386.rpm	SHA-256: e7abfc6c2665aa8ae7abc15a598787928fb63dfce1e903d66ab61de5c0044243

Red Hat Enterprise Linux Workstation 4

SRPM
kdebase-3.3.1-5.13.src.rpm	SHA-256: a0f649e780d174ced15c34d909cab1ab12b499aaa3a56d484f5ffe2420a31a70
x86_64
kdebase-3.3.1-5.13.i386.rpm	SHA-256: 0219715faaaa65895a4acd0eae1417f3314e283d9138c6cdf34a466276f8e401
kdebase-3.3.1-5.13.x86_64.rpm	SHA-256: a450eb533af1872c2488b176479e1e689887e0740a75027792beb642be44bd9d
kdebase-devel-3.3.1-5.13.x86_64.rpm	SHA-256: f7b7023205e6ac344f106aad492975826ee9cf937c6a3b929726f73fe4788dc4
ia64
kdebase-3.3.1-5.13.i386.rpm	SHA-256: 0219715faaaa65895a4acd0eae1417f3314e283d9138c6cdf34a466276f8e401
kdebase-3.3.1-5.13.ia64.rpm	SHA-256: 64fbaaf4d98063ebe5739cf615de91e13252c9eb7fb85916ecf3c3688d465fce
kdebase-devel-3.3.1-5.13.ia64.rpm	SHA-256: c845769b7e5872f53e16a74f13821d94559145e37d1b2f9297f298b5f63dfcaa
i386
kdebase-3.3.1-5.13.i386.rpm	SHA-256: 0219715faaaa65895a4acd0eae1417f3314e283d9138c6cdf34a466276f8e401
kdebase-devel-3.3.1-5.13.i386.rpm	SHA-256: e7abfc6c2665aa8ae7abc15a598787928fb63dfce1e903d66ab61de5c0044243

Red Hat Enterprise Linux Desktop 4

SRPM
kdebase-3.3.1-5.13.src.rpm	SHA-256: a0f649e780d174ced15c34d909cab1ab12b499aaa3a56d484f5ffe2420a31a70
x86_64
kdebase-3.3.1-5.13.i386.rpm	SHA-256: 0219715faaaa65895a4acd0eae1417f3314e283d9138c6cdf34a466276f8e401
kdebase-3.3.1-5.13.x86_64.rpm	SHA-256: a450eb533af1872c2488b176479e1e689887e0740a75027792beb642be44bd9d
kdebase-devel-3.3.1-5.13.x86_64.rpm	SHA-256: f7b7023205e6ac344f106aad492975826ee9cf937c6a3b929726f73fe4788dc4
i386
kdebase-3.3.1-5.13.i386.rpm	SHA-256: 0219715faaaa65895a4acd0eae1417f3314e283d9138c6cdf34a466276f8e401
kdebase-devel-3.3.1-5.13.i386.rpm	SHA-256: e7abfc6c2665aa8ae7abc15a598787928fb63dfce1e903d66ab61de5c0044243

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
kdebase-3.3.1-5.13.src.rpm	SHA-256: a0f649e780d174ced15c34d909cab1ab12b499aaa3a56d484f5ffe2420a31a70
s390x
kdebase-3.3.1-5.13.s390.rpm	SHA-256: 9a35b1db40e3a456269ce50b9b0533aa1dfcd691ab7711f9334394f7817d4d0b
kdebase-3.3.1-5.13.s390x.rpm	SHA-256: b282b9e36ccde26ed66a65f18c005b53955e57ab5dca9e769712df92dde789fa
kdebase-devel-3.3.1-5.13.s390x.rpm	SHA-256: 0e68942060adf065a90b966f76c55b45fc0b8b5bdc8fdce27bf6e1dc77e4da47
s390
kdebase-3.3.1-5.13.s390.rpm	SHA-256: 9a35b1db40e3a456269ce50b9b0533aa1dfcd691ab7711f9334394f7817d4d0b
kdebase-devel-3.3.1-5.13.s390.rpm	SHA-256: 8ad74fc2c88888b840db10e85e35589b5e68652a106d1ad044813fd133572356

Red Hat Enterprise Linux for Power, big endian 4

SRPM
kdebase-3.3.1-5.13.src.rpm	SHA-256: a0f649e780d174ced15c34d909cab1ab12b499aaa3a56d484f5ffe2420a31a70
ppc
kdebase-3.3.1-5.13.ppc.rpm	SHA-256: 2eccd86161c2cab20170f82307fd4d99a5101d41f74c88674515462a81402293
kdebase-3.3.1-5.13.ppc64.rpm	SHA-256: d4694fc37e0f95739ee3dffe8b0d6f768eab122075b53da47c74c12ce139e8df
kdebase-devel-3.3.1-5.13.ppc.rpm	SHA-256: b47578d8908a69732e8d2901a77f57460ff2c5aaa6b8bbfe7c78c12c35dfe4a5

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories