RHSA-2006:0582-01 Low: kdebase security fix
Posted on: 08/10/2006 05:42 PM

A new update is available for Red Hat Enterprise Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Low: kdebase security fix
Advisory ID: RHSA-2006:0582-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0582.html
Issue date: 2006-08-10
Updated on: 2006-08-10
Product: Red Hat Enterprise Linux
CVE Names: CVE-2005-2494
- ---------------------------------------------------------------------

1. Summary:

Updated kdebase packages that resolve several bugs are now available.

This update has been rated as having low security impact by the Red Hat
Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

The kdebase packages provide the core applications for KDE, the K Desktop
Environment. These core packages include the file manager Konqueror.

Ilja van Sprundel discovered a lock file handling flaw in kcheckpass. If
the directory /var/lock is writable by a user who is allowed to run
kcheckpass, that user could gain root privileges. In Red Hat Enterprise
Linux, the /var/lock directory is not writable by users and therefore this
flaw could only have been exploited if the permissions on that directory
have been badly configured. A patch to block this issue has been included
in this update. (CVE-2005-2494)

The following bugs have also been addressed:

- - kstart --tosystray does not send the window to the system tray in Kicker

- - When the customer enters or selects URLs in Firefox's address field, the
desktop freezes for a couple of seconds

- - fish kioslave is broken on 64-bit systems

All users of kdebase should upgrade to these updated packages, which
contain patches to resolve these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

166995 - CVE-2005-2494 kcheckpass privilege escalation

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kdebase-3.3.1-5.13.src.rpm
30a7dc95f125733b10dc0bf84095fd7f kdebase-3.3.1-5.13.src.rpm

i386:
a683a46db550b17cd26cd6bc074e0a06 kdebase-3.3.1-5.13.i386.rpm
08d0dd20b5ed386ac670df6ed40a0fdd kdebase-debuginfo-3.3.1-5.13.i386.rpm
6d94c8d2219b392fd88089668c7f7010 kdebase-devel-3.3.1-5.13.i386.rpm

ia64:
a683a46db550b17cd26cd6bc074e0a06 kdebase-3.3.1-5.13.i386.rpm
da03501559c51979e3f7e630e80e8e25 kdebase-3.3.1-5.13.ia64.rpm
08d0dd20b5ed386ac670df6ed40a0fdd kdebase-debuginfo-3.3.1-5.13.i386.rpm
ac7454132a75eb2ca8cb610e243545f5 kdebase-debuginfo-3.3.1-5.13.ia64.rpm
96cc50480f9e8a7256fd9bf8e02fafab kdebase-devel-3.3.1-5.13.ia64.rpm

ppc:
0e13fd2c7d50c005c01b777256361e97 kdebase-3.3.1-5.13.ppc.rpm
33fdc248c7e8f284eee9df46c6fd074f kdebase-3.3.1-5.13.ppc64.rpm
490924ff9919c2e0e48a00980b80de3b kdebase-debuginfo-3.3.1-5.13.ppc.rpm
0acaf800331abdbad452afd455474f6f kdebase-debuginfo-3.3.1-5.13.ppc64.rpm
73e9a088e803778702ccd92bf579933c kdebase-devel-3.3.1-5.13.ppc.rpm

s390:
a3716cdb289ea6a81039b9be606587c8 kdebase-3.3.1-5.13.s390.rpm
52958dbdeaf025c114238ba777f46039 kdebase-debuginfo-3.3.1-5.13.s390.rpm
4200af840ddda1504e5fe28dbd721a9a kdebase-devel-3.3.1-5.13.s390.rpm

s390x:
a3716cdb289ea6a81039b9be606587c8 kdebase-3.3.1-5.13.s390.rpm
dfe54aae8c9b764927f1f3de7be19519 kdebase-3.3.1-5.13.s390x.rpm
52958dbdeaf025c114238ba777f46039 kdebase-debuginfo-3.3.1-5.13.s390.rpm
8b046a450015d422e732374230e616e1 kdebase-debuginfo-3.3.1-5.13.s390x.rpm
075565f82bdd59bb2ff7082f4abf9b81 kdebase-devel-3.3.1-5.13.s390x.rpm

x86_64:
a683a46db550b17cd26cd6bc074e0a06 kdebase-3.3.1-5.13.i386.rpm
a2db1aad4a320cd604efdf130d6b8db2 kdebase-3.3.1-5.13.x86_64.rpm
08d0dd20b5ed386ac670df6ed40a0fdd kdebase-debuginfo-3.3.1-5.13.i386.rpm
9a12bd500bf18f6b411dad460ad94ae0 kdebase-debuginfo-3.3.1-5.13.x86_64.rpm
e2ddabc84ca64088a6fc9817756f7911 kdebase-devel-3.3.1-5.13.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kdebase-3.3.1-5.13.src.rpm
30a7dc95f125733b10dc0bf84095fd7f kdebase-3.3.1-5.13.src.rpm

i386:
a683a46db550b17cd26cd6bc074e0a06 kdebase-3.3.1-5.13.i386.rpm
08d0dd20b5ed386ac670df6ed40a0fdd kdebase-debuginfo-3.3.1-5.13.i386.rpm
6d94c8d2219b392fd88089668c7f7010 kdebase-devel-3.3.1-5.13.i386.rpm

x86_64:
a683a46db550b17cd26cd6bc074e0a06 kdebase-3.3.1-5.13.i386.rpm
a2db1aad4a320cd604efdf130d6b8db2 kdebase-3.3.1-5.13.x86_64.rpm
08d0dd20b5ed386ac670df6ed40a0fdd kdebase-debuginfo-3.3.1-5.13.i386.rpm
9a12bd500bf18f6b411dad460ad94ae0 kdebase-debuginfo-3.3.1-5.13.x86_64.rpm
e2ddabc84ca64088a6fc9817756f7911 kdebase-devel-3.3.1-5.13.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kdebase-3.3.1-5.13.src.rpm
30a7dc95f125733b10dc0bf84095fd7f kdebase-3.3.1-5.13.src.rpm

i386:
a683a46db550b17cd26cd6bc074e0a06 kdebase-3.3.1-5.13.i386.rpm
08d0dd20b5ed386ac670df6ed40a0fdd kdebase-debuginfo-3.3.1-5.13.i386.rpm
6d94c8d2219b392fd88089668c7f7010 kdebase-devel-3.3.1-5.13.i386.rpm

ia64:
a683a46db550b17cd26cd6bc074e0a06 kdebase-3.3.1-5.13.i386.rpm
da03501559c51979e3f7e630e80e8e25 kdebase-3.3.1-5.13.ia64.rpm
08d0dd20b5ed386ac670df6ed40a0fdd kdebase-debuginfo-3.3.1-5.13.i386.rpm
ac7454132a75eb2ca8cb610e243545f5 kdebase-debuginfo-3.3.1-5.13.ia64.rpm
96cc50480f9e8a7256fd9bf8e02fafab kdebase-devel-3.3.1-5.13.ia64.rpm

x86_64:
a683a46db550b17cd26cd6bc074e0a06 kdebase-3.3.1-5.13.i386.rpm
a2db1aad4a320cd604efdf130d6b8db2 kdebase-3.3.1-5.13.x86_64.rpm
08d0dd20b5ed386ac670df6ed40a0fdd kdebase-debuginfo-3.3.1-5.13.i386.rpm
9a12bd500bf18f6b411dad460ad94ae0 kdebase-debuginfo-3.3.1-5.13.x86_64.rpm
e2ddabc84ca64088a6fc9817756f7911 kdebase-devel-3.3.1-5.13.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kdebase-3.3.1-5.13.src.rpm
30a7dc95f125733b10dc0bf84095fd7f kdebase-3.3.1-5.13.src.rpm

i386:
a683a46db550b17cd26cd6bc074e0a06 kdebase-3.3.1-5.13.i386.rpm
08d0dd20b5ed386ac670df6ed40a0fdd kdebase-debuginfo-3.3.1-5.13.i386.rpm
6d94c8d2219b392fd88089668c7f7010 kdebase-devel-3.3.1-5.13.i386.rpm

ia64:
a683a46db550b17cd26cd6bc074e0a06 kdebase-3.3.1-5.13.i386.rpm
da03501559c51979e3f7e630e80e8e25 kdebase-3.3.1-5.13.ia64.rpm
08d0dd20b5ed386ac670df6ed40a0fdd kdebase-debuginfo-3.3.1-5.13.i386.rpm
ac7454132a75eb2ca8cb610e243545f5 kdebase-debuginfo-3.3.1-5.13.ia64.rpm
96cc50480f9e8a7256fd9bf8e02fafab kdebase-devel-3.3.1-5.13.ia64.rpm

x86_64:
a683a46db550b17cd26cd6bc074e0a06 kdebase-3.3.1-5.13.i386.rpm
a2db1aad4a320cd604efdf130d6b8db2 kdebase-3.3.1-5.13.x86_64.rpm
08d0dd20b5ed386ac670df6ed40a0fdd kdebase-debuginfo-3.3.1-5.13.i386.rpm
9a12bd500bf18f6b411dad460ad94ae0 kdebase-debuginfo-3.3.1-5.13.x86_64.rpm
e2ddabc84ca64088a6fc9817756f7911 kdebase-devel-3.3.1-5.13.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2494
http://www.redhat.com/security/updates/classification/#low

8. Contact:

The Red Hat security contact is lt;secalert@redhat.comgt;. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2006 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFE26a2XlSAg2UNWIIRAm8mAJ4w3B98u0VPM1C/K2HMb3v42zvd/QCgiUGu
x/+89CBSpBUprzB4zIwyxNA=
=S1gt
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/rhsa_20060582_01_low_kdebase_security_fix.html)