RHSA-2005:307-01: Moderate: kdelibs security update
Posted on: 04/06/2005 02:38 PM

Updated kdelibs packages are available for Red Hat Enterprise Linux 2.1 and 3

----------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Moderate: kdelibs security update
Advisory ID: RHSA-2005:307-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-307.html
Issue date: 2005-04-06
Updated on: 2005-04-06
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-0396
----------------------------------------------------------------------

1. Summary:

Updated kdelibs packages that fix a local denial of service issue are now available.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

The kdelibs package provides libraries for the K Desktop Environment.

Sebastian Krahmer discovered a flaw in dcopserver, the KDE Desktop Communication Protocol (DCOP) daemon. A local user could use this flaw to stall the DCOP authentication process, affecting any local desktop users and causing a reduction in their desktop functionality. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0396 to this issue.

Users of KDE should upgrade to these erratum packages, which contain backported patches to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

151373 - CAN-2005-0396 kdelibs DCOP DoS

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/kdelibs-2.2.2-17.src.rpm
d2db7c95084c274c3269f7fa0c426d52 kdelibs-2.2.2-17.src.rpm

i386:
91b38b21c1616e31e3093f7588c886c9 arts-2.2.2-17.i386.rpm
6b6c1d4a8384b8a9765c9ef1bdd838c5 kdelibs-2.2.2-17.i386.rpm
ea2c5eb51e9811ac2db97bf51402b27b kdelibs-devel-2.2.2-17.i386.rpm
a18c68556f859a1c06de48c9ff7a5e15 kdelibs-sound-2.2.2-17.i386.rpm
65823c5b10cb929e5b87145998ec1f7b kdelibs-sound-devel-2.2.2-17.i386.rpm

ia64:
4b4cfa267505957d829205eb46acd367 arts-2.2.2-17.ia64.rpm
3388dec578af11d94481b4431a6094c1 kdelibs-2.2.2-17.ia64.rpm
e2bbd0539ccae8148d6e5ca8bd9c21b0 kdelibs-devel-2.2.2-17.ia64.rpm
ac827ab14483b614168e4ba691d7025f kdelibs-sound-2.2.2-17.ia64.rpm
d8f040899c985487a8cf07a6606122bb kdelibs-sound-devel-2.2.2-17.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/kdelibs-2.2.2-17.src.rpm
d2db7c95084c274c3269f7fa0c426d52 kdelibs-2.2.2-17.src.rpm

ia64:
4b4cfa267505957d829205eb46acd367 arts-2.2.2-17.ia64.rpm
3388dec578af11d94481b4431a6094c1 kdelibs-2.2.2-17.ia64.rpm
e2bbd0539ccae8148d6e5ca8bd9c21b0 kdelibs-devel-2.2.2-17.ia64.rpm
ac827ab14483b614168e4ba691d7025f kdelibs-sound-2.2.2-17.ia64.rpm
d8f040899c985487a8cf07a6606122bb kdelibs-sound-devel-2.2.2-17.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/kdelibs-2.2.2-17.src.rpm
d2db7c95084c274c3269f7fa0c426d52 kdelibs-2.2.2-17.src.rpm

i386:
91b38b21c1616e31e3093f7588c886c9 arts-2.2.2-17.i386.rpm
6b6c1d4a8384b8a9765c9ef1bdd838c5 kdelibs-2.2.2-17.i386.rpm
ea2c5eb51e9811ac2db97bf51402b27b kdelibs-devel-2.2.2-17.i386.rpm
a18c68556f859a1c06de48c9ff7a5e15 kdelibs-sound-2.2.2-17.i386.rpm
65823c5b10cb929e5b87145998ec1f7b kdelibs-sound-devel-2.2.2-17.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/kdelibs-2.2.2-17.src.rpm
d2db7c95084c274c3269f7fa0c426d52 kdelibs-2.2.2-17.src.rpm

i386:
91b38b21c1616e31e3093f7588c886c9 arts-2.2.2-17.i386.rpm
6b6c1d4a8384b8a9765c9ef1bdd838c5 kdelibs-2.2.2-17.i386.rpm
ea2c5eb51e9811ac2db97bf51402b27b kdelibs-devel-2.2.2-17.i386.rpm
a18c68556f859a1c06de48c9ff7a5e15 kdelibs-sound-2.2.2-17.i386.rpm
65823c5b10cb929e5b87145998ec1f7b kdelibs-sound-devel-2.2.2-17.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/kdelibs-3.1.3-6.10.src.rpm
3cfb3f1e237311cc804e9c2da463981a kdelibs-3.1.3-6.10.src.rpm

i386:
b5d72f35d741ffbd4ad7312bae417735 kdelibs-3.1.3-6.10.i386.rpm
5849126531c9b1aa9dbdfa0a458830b1 kdelibs-devel-3.1.3-6.10.i386.rpm

ia64:
1871487863103c38bcd2366eb950dc2c kdelibs-3.1.3-6.10.ia64.rpm
b5d72f35d741ffbd4ad7312bae417735 kdelibs-3.1.3-6.10.i386.rpm
b09d068aa5130d81916ac52ba60dc9f5 kdelibs-devel-3.1.3-6.10.ia64.rpm

ppc:
f073759687671815506292d5a4c06e98 kdelibs-3.1.3-6.10.ppc.rpm
0fc3fb75ead874a49c42c5aedd49717b kdelibs-3.1.3-6.10.ppc64.rpm
d22ea5aca6336d108aa266a566f3057f kdelibs-devel-3.1.3-6.10.ppc.rpm

s390:
306e431bbf37219159e0e991bca012f4 kdelibs-3.1.3-6.10.s390.rpm
9fa18bbc79edc950e572508414bc325d kdelibs-devel-3.1.3-6.10.s390.rpm

s390x:
d7ad6b92ae64ea5ff868d64dfbea3681 kdelibs-3.1.3-6.10.s390x.rpm
306e431bbf37219159e0e991bca012f4 kdelibs-3.1.3-6.10.s390.rpm
e5c635aa63dab730bd8b3536fb6c57c2 kdelibs-devel-3.1.3-6.10.s390x.rpm

x86_64:
c298a2e00c5a1905b8e7e884c644d664 kdelibs-3.1.3-6.10.x86_64.rpm
b5d72f35d741ffbd4ad7312bae417735 kdelibs-3.1.3-6.10.i386.rpm
8a049458fbfe3ab8ba838bc5ccafc20b kdelibs-devel-3.1.3-6.10.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/kdelibs-3.1.3-6.10.src.rpm
3cfb3f1e237311cc804e9c2da463981a kdelibs-3.1.3-6.10.src.rpm

i386:
b5d72f35d741ffbd4ad7312bae417735 kdelibs-3.1.3-6.10.i386.rpm
5849126531c9b1aa9dbdfa0a458830b1 kdelibs-devel-3.1.3-6.10.i386.rpm

x86_64:
c298a2e00c5a1905b8e7e884c644d664 kdelibs-3.1.3-6.10.x86_64.rpm
b5d72f35d741ffbd4ad7312bae417735 kdelibs-3.1.3-6.10.i386.rpm
8a049458fbfe3ab8ba838bc5ccafc20b kdelibs-devel-3.1.3-6.10.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/kdelibs-3.1.3-6.10.src.rpm
3cfb3f1e237311cc804e9c2da463981a kdelibs-3.1.3-6.10.src.rpm

i386:
b5d72f35d741ffbd4ad7312bae417735 kdelibs-3.1.3-6.10.i386.rpm
5849126531c9b1aa9dbdfa0a458830b1 kdelibs-devel-3.1.3-6.10.i386.rpm

ia64:
1871487863103c38bcd2366eb950dc2c kdelibs-3.1.3-6.10.ia64.rpm
b5d72f35d741ffbd4ad7312bae417735 kdelibs-3.1.3-6.10.i386.rpm
b09d068aa5130d81916ac52ba60dc9f5 kdelibs-devel-3.1.3-6.10.ia64.rpm

x86_64:
c298a2e00c5a1905b8e7e884c644d664 kdelibs-3.1.3-6.10.x86_64.rpm
b5d72f35d741ffbd4ad7312bae417735 kdelibs-3.1.3-6.10.i386.rpm
8a049458fbfe3ab8ba838bc5ccafc20b kdelibs-devel-3.1.3-6.10.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/kdelibs-3.1.3-6.10.src.rpm
3cfb3f1e237311cc804e9c2da463981a kdelibs-3.1.3-6.10.src.rpm

i386:
b5d72f35d741ffbd4ad7312bae417735 kdelibs-3.1.3-6.10.i386.rpm
5849126531c9b1aa9dbdfa0a458830b1 kdelibs-devel-3.1.3-6.10.i386.rpm

ia64:
1871487863103c38bcd2366eb950dc2c kdelibs-3.1.3-6.10.ia64.rpm
b5d72f35d741ffbd4ad7312bae417735 kdelibs-3.1.3-6.10.i386.rpm
b09d068aa5130d81916ac52ba60dc9f5 kdelibs-devel-3.1.3-6.10.ia64.rpm

x86_64:
c298a2e00c5a1905b8e7e884c644d664 kdelibs-3.1.3-6.10.x86_64.rpm
b5d72f35d741ffbd4ad7312bae417735 kdelibs-3.1.3-6.10.i386.rpm
8a049458fbfe3ab8ba838bc5ccafc20b kdelibs-devel-3.1.3-6.10.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0396

8. Contact:

The Red Hat security contact is lt;secalert@redhat.comgt;. More contact details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/rhsa_2005307_01_moderate_kdelibs_security_update.html)