1.87. kdelibs

Updated kdelibs packages that fix the bugs are now available.

The kdelibs packages contain a set of common libraries used by all applications written for the K Desktop Environment (KDE). kdelibs includes kdecore (KDE core library); kdeui (user interface); kfm (file manager); khtmlw (HTML widget); kio (input/output and networking); kspell (spelling checker); jscript (javascript); kab (addressbook); and kimgio (image manipulation).

This update addresses the following issue:

* the kde.sh shell script used the keyword "source". The pdksh (Public Domain Korn SHell) package, a new package in Red Hat Enterprise Linux 5.4, does not recognize the "source" keyword in shell scripts. Consequently, if pdksh was used as the shell on systems with KDE installed, the following error message was returned in login shells:

ksh: /etc/profile.d/kde.sh[7]: source: not found

The kde.sh shell script in this update has been edited with "source" replaced by "." The full stop keyword (.) is an alias for "source" in Bourne-compatible shells, including pdksh. Once installed, KDE users running the pdksh shell will no longer get the above error message. (BZ#523968)

Note: this bug was a known issue at the release of Red Hat Enterprise Linux 5.4 and a manual version of the fix included in this update was documented in the Red Hat Enterprise Linux 5.4 Technical Notes:

http://redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.4/html/Technical_No tes/Known_Issues-pdksh.html

If /etc/profile.d/kde.sh already exists, the new version included with this update is installed as /etc/profile.d/kde.sh.rpmnew.

Therefore, on systems where an extant kde.sh has been manually edited as per the Red Hat Enterprise Linux 5.4 Technical Notes, the manual fix is retained.

On systems where kde.sh already exists and the workaround has not been applied, however, installing this update does not, of itself, implement the fix. After installation on such systems, renaming kde.sh and kde.sh.rpmnew as follows will implement the fix:

cp /etc/profile.d/kde.sh /etc/profile.d/kde.sh.bak cp /etc/profile.d/kde.sh.rpmnew /etc/profile.d/kde.sh

All KDE and pdksh users should install this updated package which fixes this bug.

Updated kdelibs packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

The kdelibs packages provide libraries for the K Desktop Environment (KDE).

A buffer overflow flaw was found in the kdelibs string to floating point conversion routines. A web page containing malicious JavaScript could crash Konqueror or, potentially, execute arbitrary code with the privileges of the user running Konqueror. (CVE-2009-0689)

Users should upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect.