Red Hat Product Errata RHSA-2011:0465 - Security Advisory

Issued:: 2011-04-21
Updated:: 2011-04-21

RHSA-2011:0465 - Security Advisory

Overview
Updated Packages

Synopsis

Important: kdenetwork security update

Type/Severity

Security Advisory: Important

Topic

Updated kdenetwork packages that fix one security issue are now available
for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
important security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from the
CVE link in the References section.

Description

The kdenetwork packages contain networking applications for the K Desktop
Environment (KDE).

A directory traversal flaw was found in the way KGet, a download manager,
handled the "file" element in Metalink files. An attacker could use this
flaw to create a specially-crafted Metalink file that, when opened, would
cause KGet to overwrite arbitrary files accessible to the user running
KGet. (CVE-2011-1586)

Users of kdenetwork should upgrade to these updated packages, which contain
a backported patch to resolve this issue. The desktop must be restarted
(log out, then log back in) for this update to take effect.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Affected Products

Red Hat Enterprise Linux Server 6 x86_64
Red Hat Enterprise Linux Server 6 i386
Red Hat Enterprise Linux Workstation 6 x86_64
Red Hat Enterprise Linux Workstation 6 i386
Red Hat Enterprise Linux Desktop 6 x86_64
Red Hat Enterprise Linux Desktop 6 i386
Red Hat Enterprise Linux for IBM z Systems 6 s390x
Red Hat Enterprise Linux for Power, big endian 6 ppc64
Red Hat Enterprise Linux Server from RHUI 6 x86_64
Red Hat Enterprise Linux Server from RHUI 6 i386

Fixes

BZ - 697042 - CVE-2011-1586 kdenetwork: incomplete fix for CVE-2010-1000

CVEs

CVE-2011-1586

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 6

SRPM
kdenetwork-4.3.4-11.el6_0.1.src.rpm	SHA-256: 6ea5ff6ed003e87ba27c0f571ffefc839250bfc2737ebe44ba84963e4a902c99
x86_64
kdenetwork-4.3.4-11.el6_0.1.x86_64.rpm	SHA-256: 1ec971fc7e0485d89b3446d1f029ff37535921ed80fb7d1baed1bde64d2317cc
kdenetwork-debuginfo-4.3.4-11.el6_0.1.i686.rpm	SHA-256: fa9306b0bf5a790bc649e917dd4d2cd0e341ca60ab5c2959c4bc4846bb9da8ba
kdenetwork-debuginfo-4.3.4-11.el6_0.1.x86_64.rpm	SHA-256: a06f65b36c1921502da7d0f63c7716ab08f1da2d4798d9fc5f0119834e8452df
kdenetwork-devel-4.3.4-11.el6_0.1.i686.rpm	SHA-256: 01371fe5fc0a7865f77cbd5f104ef10a4eb69e94af251c8c3cbd2e7f8168422b
kdenetwork-devel-4.3.4-11.el6_0.1.x86_64.rpm	SHA-256: 057b182f96af0770e8c8cdf038958884b7f1ac4173577cdc6fd8b6057c4c4c9e
kdenetwork-libs-4.3.4-11.el6_0.1.i686.rpm	SHA-256: c5be0e56220204dbc4ec56eacb78258652a2715f703de5b5f409337ff9e9accf
kdenetwork-libs-4.3.4-11.el6_0.1.x86_64.rpm	SHA-256: e39b03f901be1c5d97a89ff336aa742b7daa964f12601bfce207f8a0277ab258
i386
kdenetwork-4.3.4-11.el6_0.1.i686.rpm	SHA-256: 9333649b70fc97ecb19408bf162fc3b7606c7eb582700f367540f84db501b5a5
kdenetwork-debuginfo-4.3.4-11.el6_0.1.i686.rpm	SHA-256: fa9306b0bf5a790bc649e917dd4d2cd0e341ca60ab5c2959c4bc4846bb9da8ba
kdenetwork-devel-4.3.4-11.el6_0.1.i686.rpm	SHA-256: 01371fe5fc0a7865f77cbd5f104ef10a4eb69e94af251c8c3cbd2e7f8168422b
kdenetwork-libs-4.3.4-11.el6_0.1.i686.rpm	SHA-256: c5be0e56220204dbc4ec56eacb78258652a2715f703de5b5f409337ff9e9accf

Red Hat Enterprise Linux Workstation 6

SRPM
kdenetwork-4.3.4-11.el6_0.1.src.rpm	SHA-256: 6ea5ff6ed003e87ba27c0f571ffefc839250bfc2737ebe44ba84963e4a902c99
x86_64
kdenetwork-4.3.4-11.el6_0.1.x86_64.rpm	SHA-256: 1ec971fc7e0485d89b3446d1f029ff37535921ed80fb7d1baed1bde64d2317cc
kdenetwork-debuginfo-4.3.4-11.el6_0.1.i686.rpm	SHA-256: fa9306b0bf5a790bc649e917dd4d2cd0e341ca60ab5c2959c4bc4846bb9da8ba
kdenetwork-debuginfo-4.3.4-11.el6_0.1.x86_64.rpm	SHA-256: a06f65b36c1921502da7d0f63c7716ab08f1da2d4798d9fc5f0119834e8452df
kdenetwork-devel-4.3.4-11.el6_0.1.i686.rpm	SHA-256: 01371fe5fc0a7865f77cbd5f104ef10a4eb69e94af251c8c3cbd2e7f8168422b
kdenetwork-devel-4.3.4-11.el6_0.1.x86_64.rpm	SHA-256: 057b182f96af0770e8c8cdf038958884b7f1ac4173577cdc6fd8b6057c4c4c9e
kdenetwork-libs-4.3.4-11.el6_0.1.i686.rpm	SHA-256: c5be0e56220204dbc4ec56eacb78258652a2715f703de5b5f409337ff9e9accf
kdenetwork-libs-4.3.4-11.el6_0.1.x86_64.rpm	SHA-256: e39b03f901be1c5d97a89ff336aa742b7daa964f12601bfce207f8a0277ab258
i386
kdenetwork-4.3.4-11.el6_0.1.i686.rpm	SHA-256: 9333649b70fc97ecb19408bf162fc3b7606c7eb582700f367540f84db501b5a5
kdenetwork-debuginfo-4.3.4-11.el6_0.1.i686.rpm	SHA-256: fa9306b0bf5a790bc649e917dd4d2cd0e341ca60ab5c2959c4bc4846bb9da8ba
kdenetwork-devel-4.3.4-11.el6_0.1.i686.rpm	SHA-256: 01371fe5fc0a7865f77cbd5f104ef10a4eb69e94af251c8c3cbd2e7f8168422b
kdenetwork-libs-4.3.4-11.el6_0.1.i686.rpm	SHA-256: c5be0e56220204dbc4ec56eacb78258652a2715f703de5b5f409337ff9e9accf

Red Hat Enterprise Linux Desktop 6

SRPM
kdenetwork-4.3.4-11.el6_0.1.src.rpm	SHA-256: 6ea5ff6ed003e87ba27c0f571ffefc839250bfc2737ebe44ba84963e4a902c99
x86_64
kdenetwork-4.3.4-11.el6_0.1.x86_64.rpm	SHA-256: 1ec971fc7e0485d89b3446d1f029ff37535921ed80fb7d1baed1bde64d2317cc
kdenetwork-debuginfo-4.3.4-11.el6_0.1.i686.rpm	SHA-256: fa9306b0bf5a790bc649e917dd4d2cd0e341ca60ab5c2959c4bc4846bb9da8ba
kdenetwork-debuginfo-4.3.4-11.el6_0.1.x86_64.rpm	SHA-256: a06f65b36c1921502da7d0f63c7716ab08f1da2d4798d9fc5f0119834e8452df
kdenetwork-debuginfo-4.3.4-11.el6_0.1.x86_64.rpm	SHA-256: a06f65b36c1921502da7d0f63c7716ab08f1da2d4798d9fc5f0119834e8452df
kdenetwork-devel-4.3.4-11.el6_0.1.i686.rpm	SHA-256: 01371fe5fc0a7865f77cbd5f104ef10a4eb69e94af251c8c3cbd2e7f8168422b
kdenetwork-devel-4.3.4-11.el6_0.1.x86_64.rpm	SHA-256: 057b182f96af0770e8c8cdf038958884b7f1ac4173577cdc6fd8b6057c4c4c9e
kdenetwork-libs-4.3.4-11.el6_0.1.i686.rpm	SHA-256: c5be0e56220204dbc4ec56eacb78258652a2715f703de5b5f409337ff9e9accf
kdenetwork-libs-4.3.4-11.el6_0.1.x86_64.rpm	SHA-256: e39b03f901be1c5d97a89ff336aa742b7daa964f12601bfce207f8a0277ab258
i386
kdenetwork-4.3.4-11.el6_0.1.i686.rpm	SHA-256: 9333649b70fc97ecb19408bf162fc3b7606c7eb582700f367540f84db501b5a5
kdenetwork-debuginfo-4.3.4-11.el6_0.1.i686.rpm	SHA-256: fa9306b0bf5a790bc649e917dd4d2cd0e341ca60ab5c2959c4bc4846bb9da8ba
kdenetwork-debuginfo-4.3.4-11.el6_0.1.i686.rpm	SHA-256: fa9306b0bf5a790bc649e917dd4d2cd0e341ca60ab5c2959c4bc4846bb9da8ba
kdenetwork-devel-4.3.4-11.el6_0.1.i686.rpm	SHA-256: 01371fe5fc0a7865f77cbd5f104ef10a4eb69e94af251c8c3cbd2e7f8168422b
kdenetwork-libs-4.3.4-11.el6_0.1.i686.rpm	SHA-256: c5be0e56220204dbc4ec56eacb78258652a2715f703de5b5f409337ff9e9accf

Red Hat Enterprise Linux for IBM z Systems 6

SRPM
kdenetwork-4.3.4-11.el6_0.1.src.rpm	SHA-256: 6ea5ff6ed003e87ba27c0f571ffefc839250bfc2737ebe44ba84963e4a902c99
s390x
kdenetwork-4.3.4-11.el6_0.1.s390x.rpm	SHA-256: 1d58eba036d446e958a404be2086b19df953644b6a7c2251d55e54e1c3e2929c
kdenetwork-debuginfo-4.3.4-11.el6_0.1.s390.rpm	SHA-256: e0cc82ea490f82b00f9b978ef6e10f3ba9667680293d4cd27c47075511a27d1d
kdenetwork-debuginfo-4.3.4-11.el6_0.1.s390x.rpm	SHA-256: d69600ad226600dcbbadee7e46450e4bf9161a3ab6ebc8208c362b0814d6a2e4
kdenetwork-devel-4.3.4-11.el6_0.1.s390.rpm	SHA-256: 18f595b10bae27747f96f91f757a2f42ed4a219cd4e9b90bab81f85db0b0ac23
kdenetwork-devel-4.3.4-11.el6_0.1.s390x.rpm	SHA-256: 7cff59afc2791f198a3506bb0e60e07a031be5b3e997b5e0b4579c120a14c8f3
kdenetwork-libs-4.3.4-11.el6_0.1.s390.rpm	SHA-256: 9686c94e4d76158f86252a4e1b9b9dc6718ef012f323d35b3576eda1d731b6ed
kdenetwork-libs-4.3.4-11.el6_0.1.s390x.rpm	SHA-256: 0c682e48ddfa8b11667e46277693c2d9ab92e3c7b3ff75a9bfdb6e38b3556144

Red Hat Enterprise Linux for Power, big endian 6

SRPM
kdenetwork-4.3.4-11.el6_0.1.src.rpm	SHA-256: 6ea5ff6ed003e87ba27c0f571ffefc839250bfc2737ebe44ba84963e4a902c99
ppc64
kdenetwork-4.3.4-11.el6_0.1.ppc64.rpm	SHA-256: 35f20ac257672cb1da5927226af28540ab049dc439059f07eb4eba9ae0ad88c4
kdenetwork-debuginfo-4.3.4-11.el6_0.1.ppc.rpm	SHA-256: f94f170450b83835800e55e0c9eeddb32aa8b0ccd1725dd621f8448aec5e8028
kdenetwork-debuginfo-4.3.4-11.el6_0.1.ppc64.rpm	SHA-256: 778256fa106c4cb5a7a2af1b982ede37ab4807261613486054d9ab81a014bc43
kdenetwork-devel-4.3.4-11.el6_0.1.ppc.rpm	SHA-256: 350997c138e88029cf2ddba6be45ac7cddef131aaded40498684c5abd6037c69
kdenetwork-devel-4.3.4-11.el6_0.1.ppc64.rpm	SHA-256: 3e11b7683c66d911d93d41708dc8e47ebe88431bbfa35cfad37fba96c7187ac3
kdenetwork-libs-4.3.4-11.el6_0.1.ppc.rpm	SHA-256: 1a44ffa748cbc4df43b9835b16c2a7024d43c628385889111b4ad20f5a1a5925
kdenetwork-libs-4.3.4-11.el6_0.1.ppc64.rpm	SHA-256: 328ab4376109c850f986f7dba5e683fbd2b2623339c5fae1eb2b71d49905b939

Red Hat Enterprise Linux Server from RHUI 6

SRPM
kdenetwork-4.3.4-11.el6_0.1.src.rpm	SHA-256: 6ea5ff6ed003e87ba27c0f571ffefc839250bfc2737ebe44ba84963e4a902c99
x86_64
kdenetwork-4.3.4-11.el6_0.1.x86_64.rpm	SHA-256: 1ec971fc7e0485d89b3446d1f029ff37535921ed80fb7d1baed1bde64d2317cc
kdenetwork-debuginfo-4.3.4-11.el6_0.1.i686.rpm	SHA-256: fa9306b0bf5a790bc649e917dd4d2cd0e341ca60ab5c2959c4bc4846bb9da8ba
kdenetwork-debuginfo-4.3.4-11.el6_0.1.x86_64.rpm	SHA-256: a06f65b36c1921502da7d0f63c7716ab08f1da2d4798d9fc5f0119834e8452df
kdenetwork-devel-4.3.4-11.el6_0.1.i686.rpm	SHA-256: 01371fe5fc0a7865f77cbd5f104ef10a4eb69e94af251c8c3cbd2e7f8168422b
kdenetwork-devel-4.3.4-11.el6_0.1.x86_64.rpm	SHA-256: 057b182f96af0770e8c8cdf038958884b7f1ac4173577cdc6fd8b6057c4c4c9e
kdenetwork-libs-4.3.4-11.el6_0.1.i686.rpm	SHA-256: c5be0e56220204dbc4ec56eacb78258652a2715f703de5b5f409337ff9e9accf
kdenetwork-libs-4.3.4-11.el6_0.1.x86_64.rpm	SHA-256: e39b03f901be1c5d97a89ff336aa742b7daa964f12601bfce207f8a0277ab258
i386
kdenetwork-4.3.4-11.el6_0.1.i686.rpm	SHA-256: 9333649b70fc97ecb19408bf162fc3b7606c7eb582700f367540f84db501b5a5
kdenetwork-debuginfo-4.3.4-11.el6_0.1.i686.rpm	SHA-256: fa9306b0bf5a790bc649e917dd4d2cd0e341ca60ab5c2959c4bc4846bb9da8ba
kdenetwork-devel-4.3.4-11.el6_0.1.i686.rpm	SHA-256: 01371fe5fc0a7865f77cbd5f104ef10a4eb69e94af251c8c3cbd2e7f8168422b
kdenetwork-libs-4.3.4-11.el6_0.1.i686.rpm	SHA-256: c5be0e56220204dbc4ec56eacb78258652a2715f703de5b5f409337ff9e9accf

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories