RHSA-2007:0905 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: kdebase security update

Type/Severity

Security Advisory: Moderate

Topic

Updated kdebase packages that resolve several security flaws are now
available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having moderate security impact by the Red Hat
Security Response Team.

Description

The kdebase packages provide the core applications for KDE, the K Desktop
Environment. These core packages include Konqueror, the web browser and
file manager.

These updated packages address the following vulnerabilities:

Kees Huijgen found a flaw in the way KDM handled logins when autologin and
"shutdown with password" were enabled. A local user would have been able
to login via KDM as any user without requiring a password. (CVE-2007-4569)

Two Konqueror address spoofing flaws were discovered. A malicious web site
could spoof the Konqueror address bar, tricking a victim into believing the
page was from a different site. (CVE-2007-3820, CVE-2007-4224)

Users of KDE should upgrade to these updated packages, which contain
backported patches to correct these issues.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

Red Hat Enterprise Linux Server 5 x86_64
Red Hat Enterprise Linux Server 5 ia64
Red Hat Enterprise Linux Server 5 i386
Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Server - Extended Update Support 4.5 x86_64
Red Hat Enterprise Linux Server - Extended Update Support 4.5 ia64
Red Hat Enterprise Linux Server - Extended Update Support 4.5 i386
Red Hat Enterprise Linux Workstation 5 x86_64
Red Hat Enterprise Linux Workstation 5 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Desktop 5 x86_64
Red Hat Enterprise Linux Desktop 5 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux for IBM z Systems 5 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5 s390
Red Hat Enterprise Linux for Power, big endian 5 ppc
Red Hat Enterprise Linux for Power, big endian 4 ppc
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.5 ppc
Red Hat Enterprise Linux Server from RHUI 5 x86_64
Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

BZ - 248537 - CVE-2007-3820 Spoofing of URI possible in Konqueror's address bar
BZ - 251708 - CVE-2007-4224 URL spoof in address bar
BZ - 287311 - CVE-2007-4569 kdm password-less login vulnerability

CVEs

References

http://www.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
kdebase-3.5.4-15.el5.src.rpm	SHA-256: 6bcd48312d518d940b1b3717d570bf329b3301610b9a7eaaedc805412de445bc
x86_64
kdebase-3.5.4-15.el5.i386.rpm	SHA-256: d0fe1aa9bc9d84833439f159a117b4556566ae864f888820290ffe6d9d1c45dd
kdebase-3.5.4-15.el5.x86_64.rpm	SHA-256: 376f09467c3115639cc07ed1df6b425066efd2601f3beb2c3151302b5a163b3c
kdebase-devel-3.5.4-15.el5.i386.rpm	SHA-256: 65f1f44ec2256e73e51f558d1247cd8c5a7e9e02e357554fb2c827eda479a4fd
kdebase-devel-3.5.4-15.el5.x86_64.rpm	SHA-256: 3e1326888b79cdb134fa0dd092eda651d5c540d313fcdf0e0e74aedbd508a495
ia64
kdebase-3.5.4-15.el5.ia64.rpm	SHA-256: 4f447d69c4b533ad90695c0638603ba184eaeec392fef16981da895df543083a
kdebase-devel-3.5.4-15.el5.ia64.rpm	SHA-256: 9f1b7617f312cb904dfb44ceda2d59ec4b285ff1f1a34bdc8bcfa7b00f7c3bd0
i386
kdebase-3.5.4-15.el5.i386.rpm	SHA-256: d0fe1aa9bc9d84833439f159a117b4556566ae864f888820290ffe6d9d1c45dd
kdebase-devel-3.5.4-15.el5.i386.rpm	SHA-256: 65f1f44ec2256e73e51f558d1247cd8c5a7e9e02e357554fb2c827eda479a4fd

Red Hat Enterprise Linux Server 4

SRPM
kdebase-3.3.1-6.el4.src.rpm	SHA-256: 064f27c161fdc3cb0d18fb5c0cd39ba96f4581f118d209c6e675a959d8394a1b
x86_64
kdebase-3.3.1-6.el4.i386.rpm	SHA-256: 49619b24d33e3483eef23242011609effb07bc74f621a434fcc1839a00bc1984
kdebase-3.3.1-6.el4.i386.rpm	SHA-256: 49619b24d33e3483eef23242011609effb07bc74f621a434fcc1839a00bc1984
kdebase-3.3.1-6.el4.x86_64.rpm	SHA-256: a1c7eae716c8a2dcea8a7a950dad59cac6a265e620138d42a2e1c1ac132dec63
kdebase-3.3.1-6.el4.x86_64.rpm	SHA-256: a1c7eae716c8a2dcea8a7a950dad59cac6a265e620138d42a2e1c1ac132dec63
kdebase-devel-3.3.1-6.el4.x86_64.rpm	SHA-256: 7dd9bbc0214934c4324459a0eaebc4995a032c0b703e44ca24cf2770174087c5
kdebase-devel-3.3.1-6.el4.x86_64.rpm	SHA-256: 7dd9bbc0214934c4324459a0eaebc4995a032c0b703e44ca24cf2770174087c5
ia64
kdebase-3.3.1-6.el4.i386.rpm	SHA-256: 49619b24d33e3483eef23242011609effb07bc74f621a434fcc1839a00bc1984
kdebase-3.3.1-6.el4.i386.rpm	SHA-256: 49619b24d33e3483eef23242011609effb07bc74f621a434fcc1839a00bc1984
kdebase-3.3.1-6.el4.ia64.rpm	SHA-256: a39afaa000c872f54d419dd5bc001d5bece4b606907663981632bc580129f398
kdebase-3.3.1-6.el4.ia64.rpm	SHA-256: a39afaa000c872f54d419dd5bc001d5bece4b606907663981632bc580129f398
kdebase-devel-3.3.1-6.el4.ia64.rpm	SHA-256: c1674bdc9e1e1f91b66cc9456c7ceed94ea85526b371c63ca58b3ae710493395
kdebase-devel-3.3.1-6.el4.ia64.rpm	SHA-256: c1674bdc9e1e1f91b66cc9456c7ceed94ea85526b371c63ca58b3ae710493395
i386
kdebase-3.3.1-6.el4.i386.rpm	SHA-256: 49619b24d33e3483eef23242011609effb07bc74f621a434fcc1839a00bc1984
kdebase-3.3.1-6.el4.i386.rpm	SHA-256: 49619b24d33e3483eef23242011609effb07bc74f621a434fcc1839a00bc1984
kdebase-devel-3.3.1-6.el4.i386.rpm	SHA-256: 38ddff3064cada563d6f86c250f060b4be21308676750cca2eda27a495c78ed8
kdebase-devel-3.3.1-6.el4.i386.rpm	SHA-256: 38ddff3064cada563d6f86c250f060b4be21308676750cca2eda27a495c78ed8

Red Hat Enterprise Linux Server - Extended Update Support 4.5

SRPM
kdebase-3.3.1-6.el4.src.rpm	SHA-256: 064f27c161fdc3cb0d18fb5c0cd39ba96f4581f118d209c6e675a959d8394a1b
x86_64
kdebase-3.3.1-6.el4.i386.rpm	SHA-256: 49619b24d33e3483eef23242011609effb07bc74f621a434fcc1839a00bc1984
kdebase-3.3.1-6.el4.i386.rpm	SHA-256: 49619b24d33e3483eef23242011609effb07bc74f621a434fcc1839a00bc1984
kdebase-3.3.1-6.el4.x86_64.rpm	SHA-256: a1c7eae716c8a2dcea8a7a950dad59cac6a265e620138d42a2e1c1ac132dec63
kdebase-3.3.1-6.el4.x86_64.rpm	SHA-256: a1c7eae716c8a2dcea8a7a950dad59cac6a265e620138d42a2e1c1ac132dec63
kdebase-devel-3.3.1-6.el4.x86_64.rpm	SHA-256: 7dd9bbc0214934c4324459a0eaebc4995a032c0b703e44ca24cf2770174087c5
kdebase-devel-3.3.1-6.el4.x86_64.rpm	SHA-256: 7dd9bbc0214934c4324459a0eaebc4995a032c0b703e44ca24cf2770174087c5
ia64
kdebase-3.3.1-6.el4.i386.rpm	SHA-256: 49619b24d33e3483eef23242011609effb07bc74f621a434fcc1839a00bc1984
kdebase-3.3.1-6.el4.i386.rpm	SHA-256: 49619b24d33e3483eef23242011609effb07bc74f621a434fcc1839a00bc1984
kdebase-3.3.1-6.el4.ia64.rpm	SHA-256: a39afaa000c872f54d419dd5bc001d5bece4b606907663981632bc580129f398
kdebase-3.3.1-6.el4.ia64.rpm	SHA-256: a39afaa000c872f54d419dd5bc001d5bece4b606907663981632bc580129f398
kdebase-devel-3.3.1-6.el4.ia64.rpm	SHA-256: c1674bdc9e1e1f91b66cc9456c7ceed94ea85526b371c63ca58b3ae710493395
kdebase-devel-3.3.1-6.el4.ia64.rpm	SHA-256: c1674bdc9e1e1f91b66cc9456c7ceed94ea85526b371c63ca58b3ae710493395
i386
kdebase-3.3.1-6.el4.i386.rpm	SHA-256: 49619b24d33e3483eef23242011609effb07bc74f621a434fcc1839a00bc1984
kdebase-3.3.1-6.el4.i386.rpm	SHA-256: 49619b24d33e3483eef23242011609effb07bc74f621a434fcc1839a00bc1984
kdebase-devel-3.3.1-6.el4.i386.rpm	SHA-256: 38ddff3064cada563d6f86c250f060b4be21308676750cca2eda27a495c78ed8
kdebase-devel-3.3.1-6.el4.i386.rpm	SHA-256: 38ddff3064cada563d6f86c250f060b4be21308676750cca2eda27a495c78ed8

Red Hat Enterprise Linux Workstation 5

SRPM
kdebase-3.5.4-15.el5.src.rpm	SHA-256: 6bcd48312d518d940b1b3717d570bf329b3301610b9a7eaaedc805412de445bc
x86_64
kdebase-3.5.4-15.el5.i386.rpm	SHA-256: d0fe1aa9bc9d84833439f159a117b4556566ae864f888820290ffe6d9d1c45dd
kdebase-3.5.4-15.el5.x86_64.rpm	SHA-256: 376f09467c3115639cc07ed1df6b425066efd2601f3beb2c3151302b5a163b3c
kdebase-devel-3.5.4-15.el5.i386.rpm	SHA-256: 65f1f44ec2256e73e51f558d1247cd8c5a7e9e02e357554fb2c827eda479a4fd
kdebase-devel-3.5.4-15.el5.x86_64.rpm	SHA-256: 3e1326888b79cdb134fa0dd092eda651d5c540d313fcdf0e0e74aedbd508a495
i386
kdebase-3.5.4-15.el5.i386.rpm	SHA-256: d0fe1aa9bc9d84833439f159a117b4556566ae864f888820290ffe6d9d1c45dd
kdebase-devel-3.5.4-15.el5.i386.rpm	SHA-256: 65f1f44ec2256e73e51f558d1247cd8c5a7e9e02e357554fb2c827eda479a4fd

Red Hat Enterprise Linux Workstation 4

SRPM
kdebase-3.3.1-6.el4.src.rpm	SHA-256: 064f27c161fdc3cb0d18fb5c0cd39ba96f4581f118d209c6e675a959d8394a1b
x86_64
kdebase-3.3.1-6.el4.i386.rpm	SHA-256: 49619b24d33e3483eef23242011609effb07bc74f621a434fcc1839a00bc1984
kdebase-3.3.1-6.el4.x86_64.rpm	SHA-256: a1c7eae716c8a2dcea8a7a950dad59cac6a265e620138d42a2e1c1ac132dec63
kdebase-devel-3.3.1-6.el4.x86_64.rpm	SHA-256: 7dd9bbc0214934c4324459a0eaebc4995a032c0b703e44ca24cf2770174087c5
ia64
kdebase-3.3.1-6.el4.i386.rpm	SHA-256: 49619b24d33e3483eef23242011609effb07bc74f621a434fcc1839a00bc1984
kdebase-3.3.1-6.el4.ia64.rpm	SHA-256: a39afaa000c872f54d419dd5bc001d5bece4b606907663981632bc580129f398
kdebase-devel-3.3.1-6.el4.ia64.rpm	SHA-256: c1674bdc9e1e1f91b66cc9456c7ceed94ea85526b371c63ca58b3ae710493395
i386
kdebase-3.3.1-6.el4.i386.rpm	SHA-256: 49619b24d33e3483eef23242011609effb07bc74f621a434fcc1839a00bc1984
kdebase-devel-3.3.1-6.el4.i386.rpm	SHA-256: 38ddff3064cada563d6f86c250f060b4be21308676750cca2eda27a495c78ed8

Red Hat Enterprise Linux Desktop 5

SRPM
kdebase-3.5.4-15.el5.src.rpm	SHA-256: 6bcd48312d518d940b1b3717d570bf329b3301610b9a7eaaedc805412de445bc
x86_64
kdebase-3.5.4-15.el5.i386.rpm	SHA-256: d0fe1aa9bc9d84833439f159a117b4556566ae864f888820290ffe6d9d1c45dd
kdebase-3.5.4-15.el5.x86_64.rpm	SHA-256: 376f09467c3115639cc07ed1df6b425066efd2601f3beb2c3151302b5a163b3c
i386
kdebase-3.5.4-15.el5.i386.rpm	SHA-256: d0fe1aa9bc9d84833439f159a117b4556566ae864f888820290ffe6d9d1c45dd

Red Hat Enterprise Linux Desktop 4

SRPM
kdebase-3.3.1-6.el4.src.rpm	SHA-256: 064f27c161fdc3cb0d18fb5c0cd39ba96f4581f118d209c6e675a959d8394a1b
x86_64
kdebase-3.3.1-6.el4.i386.rpm	SHA-256: 49619b24d33e3483eef23242011609effb07bc74f621a434fcc1839a00bc1984
kdebase-3.3.1-6.el4.x86_64.rpm	SHA-256: a1c7eae716c8a2dcea8a7a950dad59cac6a265e620138d42a2e1c1ac132dec63
kdebase-devel-3.3.1-6.el4.x86_64.rpm	SHA-256: 7dd9bbc0214934c4324459a0eaebc4995a032c0b703e44ca24cf2770174087c5
i386
kdebase-3.3.1-6.el4.i386.rpm	SHA-256: 49619b24d33e3483eef23242011609effb07bc74f621a434fcc1839a00bc1984
kdebase-devel-3.3.1-6.el4.i386.rpm	SHA-256: 38ddff3064cada563d6f86c250f060b4be21308676750cca2eda27a495c78ed8

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
kdebase-3.5.4-15.el5.src.rpm	SHA-256: 6bcd48312d518d940b1b3717d570bf329b3301610b9a7eaaedc805412de445bc
s390x
kdebase-3.5.4-15.el5.s390.rpm	SHA-256: 785feaa427eededd2e979b298ac6db3af2f4526b6bdf1fc043f90e7a646574fa
kdebase-3.5.4-15.el5.s390x.rpm	SHA-256: e079b9d4438b4a733ced98ab1fc98448bdaa6a43a9b496268138e060a2bced50
kdebase-devel-3.5.4-15.el5.s390.rpm	SHA-256: 179ba1ec2a71b4c9eb6be8b58d02bd494167b0bbed84384ff3783323d5f0869e
kdebase-devel-3.5.4-15.el5.s390x.rpm	SHA-256: 42b67fda46c406c0644ddacb56e9bf63a1892332468ed01ce37ef83e793f20c9

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
kdebase-3.3.1-6.el4.src.rpm	SHA-256: 064f27c161fdc3cb0d18fb5c0cd39ba96f4581f118d209c6e675a959d8394a1b
s390x
kdebase-3.3.1-6.el4.s390.rpm	SHA-256: 7d5eda72afc019a0fc35bab8d467e65de219658dc470600b46c40cb2e7cd5ca6
kdebase-3.3.1-6.el4.s390x.rpm	SHA-256: 19d4c8b80e261946e51dbd865a943c2f2bc4b936a2be4ab28bbc21a3d05a4dd9
kdebase-devel-3.3.1-6.el4.s390x.rpm	SHA-256: 66f8fb2aceacd6438c259f6724a09eec5454124b4d1c2da9bf443a3e7093aae4
s390
kdebase-3.3.1-6.el4.s390.rpm	SHA-256: 7d5eda72afc019a0fc35bab8d467e65de219658dc470600b46c40cb2e7cd5ca6
kdebase-devel-3.3.1-6.el4.s390.rpm	SHA-256: 0b89e6aa84a396b24fd583be49d86a94e9c69a32dfa3f879471fdfce5734d44e

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5

SRPM
kdebase-3.3.1-6.el4.src.rpm	SHA-256: 064f27c161fdc3cb0d18fb5c0cd39ba96f4581f118d209c6e675a959d8394a1b
s390x
kdebase-3.3.1-6.el4.s390.rpm	SHA-256: 7d5eda72afc019a0fc35bab8d467e65de219658dc470600b46c40cb2e7cd5ca6
kdebase-3.3.1-6.el4.s390x.rpm	SHA-256: 19d4c8b80e261946e51dbd865a943c2f2bc4b936a2be4ab28bbc21a3d05a4dd9
kdebase-devel-3.3.1-6.el4.s390x.rpm	SHA-256: 66f8fb2aceacd6438c259f6724a09eec5454124b4d1c2da9bf443a3e7093aae4
s390
kdebase-3.3.1-6.el4.s390.rpm	SHA-256: 7d5eda72afc019a0fc35bab8d467e65de219658dc470600b46c40cb2e7cd5ca6
kdebase-devel-3.3.1-6.el4.s390.rpm	SHA-256: 0b89e6aa84a396b24fd583be49d86a94e9c69a32dfa3f879471fdfce5734d44e

Red Hat Enterprise Linux for Power, big endian 5

SRPM
kdebase-3.5.4-15.el5.src.rpm	SHA-256: 6bcd48312d518d940b1b3717d570bf329b3301610b9a7eaaedc805412de445bc
ppc
kdebase-3.5.4-15.el5.ppc.rpm	SHA-256: 1be503f43873fefca601842679edfe89156142622fafbe513f52ff7da479d809
kdebase-3.5.4-15.el5.ppc64.rpm	SHA-256: 1124ec2e725929a6cddb7ce6ccccf93d53ccb140d55c5db4023579e48e9502ee
kdebase-devel-3.5.4-15.el5.ppc.rpm	SHA-256: 240ceb0eb4dfcb63a0cf2eb85dc08602b4e5140fc1f92a70242a9c1ad020f739
kdebase-devel-3.5.4-15.el5.ppc64.rpm	SHA-256: 35b9469165c703b638af0aec8f84111dbf17b7207baecee27bf8e2bc5ff8f945

Red Hat Enterprise Linux for Power, big endian 4

SRPM
kdebase-3.3.1-6.el4.src.rpm	SHA-256: 064f27c161fdc3cb0d18fb5c0cd39ba96f4581f118d209c6e675a959d8394a1b
ppc
kdebase-3.3.1-6.el4.ppc.rpm	SHA-256: e888cfd24cb71e9a73016f95359250da0342f0db60c4271c55ee0e184f53fb82
kdebase-3.3.1-6.el4.ppc64.rpm	SHA-256: 7bad72e30553dd8fec67dc5516cb5a83964fc0d4f9169fa670682b2cc6cdad9d
kdebase-devel-3.3.1-6.el4.ppc.rpm	SHA-256: 5531bc5b0a440726d0e152129786e1f2fbcbfe313f5afc7d2e205fd59c69fb83

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.5

SRPM
kdebase-3.3.1-6.el4.src.rpm	SHA-256: 064f27c161fdc3cb0d18fb5c0cd39ba96f4581f118d209c6e675a959d8394a1b
ppc
kdebase-3.3.1-6.el4.ppc.rpm	SHA-256: e888cfd24cb71e9a73016f95359250da0342f0db60c4271c55ee0e184f53fb82
kdebase-3.3.1-6.el4.ppc64.rpm	SHA-256: 7bad72e30553dd8fec67dc5516cb5a83964fc0d4f9169fa670682b2cc6cdad9d
kdebase-devel-3.3.1-6.el4.ppc.rpm	SHA-256: 5531bc5b0a440726d0e152129786e1f2fbcbfe313f5afc7d2e205fd59c69fb83

Red Hat Enterprise Linux Server from RHUI 5

SRPM
kdebase-3.5.4-15.el5.src.rpm	SHA-256: 6bcd48312d518d940b1b3717d570bf329b3301610b9a7eaaedc805412de445bc
x86_64
kdebase-3.5.4-15.el5.i386.rpm	SHA-256: d0fe1aa9bc9d84833439f159a117b4556566ae864f888820290ffe6d9d1c45dd
kdebase-3.5.4-15.el5.x86_64.rpm	SHA-256: 376f09467c3115639cc07ed1df6b425066efd2601f3beb2c3151302b5a163b3c
kdebase-devel-3.5.4-15.el5.i386.rpm	SHA-256: 65f1f44ec2256e73e51f558d1247cd8c5a7e9e02e357554fb2c827eda479a4fd
kdebase-devel-3.5.4-15.el5.x86_64.rpm	SHA-256: 3e1326888b79cdb134fa0dd092eda651d5c540d313fcdf0e0e74aedbd508a495
i386
kdebase-3.5.4-15.el5.i386.rpm	SHA-256: d0fe1aa9bc9d84833439f159a117b4556566ae864f888820290ffe6d9d1c45dd
kdebase-devel-3.5.4-15.el5.i386.rpm	SHA-256: 65f1f44ec2256e73e51f558d1247cd8c5a7e9e02e357554fb2c827eda479a4fd

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.