Red Hat 8853 Published by

A new update is available for Red Hat Enterprise Linux. Here the announcement:



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Moderate: kdelibs security update
Advisory ID: RHSA-2007:0909-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0909.html
Issue date: 2007-10-08
Updated on: 2007-10-08
Product: Red Hat Enterprise Linux
CVE Names: CVE-2007-0242 CVE-2007-0537 CVE-2007-1308
CVE-2007-1564 CVE-2007-3820 CVE-2007-4224
- ---------------------------------------------------------------------

1. Summary:

Updated kdelibs packages that resolve several security flaws are
now available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Problem description:

The kdelibs package provides libraries for the K Desktop Environment (KDE).

Two cross-site-scripting flaws were found in the way Konqueror processes
certain HTML content. This could result in a malicious attacker presenting
misleading content to an unsuspecting user. (CVE-2007-0242, CVE-2007-0537)

A flaw was found in KDE JavaScript implementation. A web page containing
malicious JavaScript code could cause Konqueror to crash. (CVE-2007-1308)

A flaw was found in the way Konqueror handled certain FTP PASV commands.
A malicious FTP server could use this flaw to perform a rudimentary
port-scan of machines behind a user's firewall. (CVE-2007-1564)

Two Konqueror address spoofing flaws have been discovered. It was
possible for a malicious website to cause the Konqueror address bar to
display information which could trick a user into believing they are at a
different website than they actually are. (CVE-2007-3820, CVE-2007-4224)

Users of KDE should upgrade to these updated packages, which contain
backported patches to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

229606 - CVE-2007-0537 konqueror XSS
233592 - CVE-2007-1564 FTP protocol PASV design flaw affects konqueror
234633 - CVE-2007-0242 QT UTF8 improper character expansion
248537 - CVE-2007-3820 Spoofing of URI possible in Konqueror's address bar
251708 - CVE-2007-4224 URL spoof in address bar
299891 - CVE-2007-1308 kdelibs KDE JavaScript denial of service (crash)

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kdelibs-3.3.1-9.el4.src.rpm
4bf1df171502ccaac9c4b9f4af27c5a4 kdelibs-3.3.1-9.el4.src.rpm

i386:
d3325980cb2e409fcb69641c9dd50fa6 kdelibs-3.3.1-9.el4.i386.rpm
fad8465ae0a18ee4a5b7c6b0fed6a5a9 kdelibs-debuginfo-3.3.1-9.el4.i386.rpm
48f2c42b62fe794d35580947197203f6 kdelibs-devel-3.3.1-9.el4.i386.rpm

ia64:
d3325980cb2e409fcb69641c9dd50fa6 kdelibs-3.3.1-9.el4.i386.rpm
3df7ac0ae7500ccc3ce57d6f34bf475a kdelibs-3.3.1-9.el4.ia64.rpm
fad8465ae0a18ee4a5b7c6b0fed6a5a9 kdelibs-debuginfo-3.3.1-9.el4.i386.rpm
09be826e42e02f1127674a3a0a6c0a3a kdelibs-debuginfo-3.3.1-9.el4.ia64.rpm
fe8fe5f994ab48ae8fab363832419204 kdelibs-devel-3.3.1-9.el4.ia64.rpm

ppc:
7b134aed54478415a8e4be498be8e919 kdelibs-3.3.1-9.el4.ppc.rpm
464d937764cf050cb37f213dc677ed8d kdelibs-3.3.1-9.el4.ppc64.rpm
779363c80d7de0d18ccaf00281e39cea kdelibs-debuginfo-3.3.1-9.el4.ppc.rpm
64d7f0d7f599f0fd79f2b255f2930731 kdelibs-debuginfo-3.3.1-9.el4.ppc64.rpm
d134d0d0233a59b060b3befd9f12ae14 kdelibs-devel-3.3.1-9.el4.ppc.rpm

s390:
f3655e6c3230a2afc0e24569b1226cf9 kdelibs-3.3.1-9.el4.s390.rpm
67679bb530d305e872c466d8756e4f2b kdelibs-debuginfo-3.3.1-9.el4.s390.rpm
21c32310827a4e7572be6750bd16e6ca kdelibs-devel-3.3.1-9.el4.s390.rpm

s390x:
f3655e6c3230a2afc0e24569b1226cf9 kdelibs-3.3.1-9.el4.s390.rpm
b79978750768f1786f90bbfb5fe50c88 kdelibs-3.3.1-9.el4.s390x.rpm
67679bb530d305e872c466d8756e4f2b kdelibs-debuginfo-3.3.1-9.el4.s390.rpm
f8f34ccf13d54e3d7fa515546870eb96 kdelibs-debuginfo-3.3.1-9.el4.s390x.rpm
9f9d7f3481582d30eff7b9b826a14ebe kdelibs-devel-3.3.1-9.el4.s390x.rpm

x86_64:
d3325980cb2e409fcb69641c9dd50fa6 kdelibs-3.3.1-9.el4.i386.rpm
45ff0822118c370120cffe8f4f438c95 kdelibs-3.3.1-9.el4.x86_64.rpm
fad8465ae0a18ee4a5b7c6b0fed6a5a9 kdelibs-debuginfo-3.3.1-9.el4.i386.rpm
f8fac72a4431ebfd82e863c565aba5d0 kdelibs-debuginfo-3.3.1-9.el4.x86_64.rpm
28d4cbc0fa36755077ade9d68253e6d3 kdelibs-devel-3.3.1-9.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kdelibs-3.3.1-9.el4.src.rpm
4bf1df171502ccaac9c4b9f4af27c5a4 kdelibs-3.3.1-9.el4.src.rpm

i386:
d3325980cb2e409fcb69641c9dd50fa6 kdelibs-3.3.1-9.el4.i386.rpm
fad8465ae0a18ee4a5b7c6b0fed6a5a9 kdelibs-debuginfo-3.3.1-9.el4.i386.rpm
48f2c42b62fe794d35580947197203f6 kdelibs-devel-3.3.1-9.el4.i386.rpm

x86_64:
d3325980cb2e409fcb69641c9dd50fa6 kdelibs-3.3.1-9.el4.i386.rpm
45ff0822118c370120cffe8f4f438c95 kdelibs-3.3.1-9.el4.x86_64.rpm
fad8465ae0a18ee4a5b7c6b0fed6a5a9 kdelibs-debuginfo-3.3.1-9.el4.i386.rpm
f8fac72a4431ebfd82e863c565aba5d0 kdelibs-debuginfo-3.3.1-9.el4.x86_64.rpm
28d4cbc0fa36755077ade9d68253e6d3 kdelibs-devel-3.3.1-9.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kdelibs-3.3.1-9.el4.src.rpm
4bf1df171502ccaac9c4b9f4af27c5a4 kdelibs-3.3.1-9.el4.src.rpm

i386:
d3325980cb2e409fcb69641c9dd50fa6 kdelibs-3.3.1-9.el4.i386.rpm
fad8465ae0a18ee4a5b7c6b0fed6a5a9 kdelibs-debuginfo-3.3.1-9.el4.i386.rpm
48f2c42b62fe794d35580947197203f6 kdelibs-devel-3.3.1-9.el4.i386.rpm

ia64:
d3325980cb2e409fcb69641c9dd50fa6 kdelibs-3.3.1-9.el4.i386.rpm
3df7ac0ae7500ccc3ce57d6f34bf475a kdelibs-3.3.1-9.el4.ia64.rpm
fad8465ae0a18ee4a5b7c6b0fed6a5a9 kdelibs-debuginfo-3.3.1-9.el4.i386.rpm
09be826e42e02f1127674a3a0a6c0a3a kdelibs-debuginfo-3.3.1-9.el4.ia64.rpm
fe8fe5f994ab48ae8fab363832419204 kdelibs-devel-3.3.1-9.el4.ia64.rpm

x86_64:
d3325980cb2e409fcb69641c9dd50fa6 kdelibs-3.3.1-9.el4.i386.rpm
45ff0822118c370120cffe8f4f438c95 kdelibs-3.3.1-9.el4.x86_64.rpm
fad8465ae0a18ee4a5b7c6b0fed6a5a9 kdelibs-debuginfo-3.3.1-9.el4.i386.rpm
f8fac72a4431ebfd82e863c565aba5d0 kdelibs-debuginfo-3.3.1-9.el4.x86_64.rpm
28d4cbc0fa36755077ade9d68253e6d3 kdelibs-devel-3.3.1-9.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kdelibs-3.3.1-9.el4.src.rpm
4bf1df171502ccaac9c4b9f4af27c5a4 kdelibs-3.3.1-9.el4.src.rpm

i386:
d3325980cb2e409fcb69641c9dd50fa6 kdelibs-3.3.1-9.el4.i386.rpm
fad8465ae0a18ee4a5b7c6b0fed6a5a9 kdelibs-debuginfo-3.3.1-9.el4.i386.rpm
48f2c42b62fe794d35580947197203f6 kdelibs-devel-3.3.1-9.el4.i386.rpm

ia64:
d3325980cb2e409fcb69641c9dd50fa6 kdelibs-3.3.1-9.el4.i386.rpm
3df7ac0ae7500ccc3ce57d6f34bf475a kdelibs-3.3.1-9.el4.ia64.rpm
fad8465ae0a18ee4a5b7c6b0fed6a5a9 kdelibs-debuginfo-3.3.1-9.el4.i386.rpm
09be826e42e02f1127674a3a0a6c0a3a kdelibs-debuginfo-3.3.1-9.el4.ia64.rpm
fe8fe5f994ab48ae8fab363832419204 kdelibs-devel-3.3.1-9.el4.ia64.rpm

x86_64:
d3325980cb2e409fcb69641c9dd50fa6 kdelibs-3.3.1-9.el4.i386.rpm
45ff0822118c370120cffe8f4f438c95 kdelibs-3.3.1-9.el4.x86_64.rpm
fad8465ae0a18ee4a5b7c6b0fed6a5a9 kdelibs-debuginfo-3.3.1-9.el4.i386.rpm
f8fac72a4431ebfd82e863c565aba5d0 kdelibs-debuginfo-3.3.1-9.el4.x86_64.rpm
28d4cbc0fa36755077ade9d68253e6d3 kdelibs-devel-3.3.1-9.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kdelibs-3.5.4-13.el5.src.rpm
e6ceb931f57d243382512a4e05987c66 kdelibs-3.5.4-13.el5.src.rpm

i386:
2cf541a483fe1fbda5f2894f429dd029 kdelibs-3.5.4-13.el5.i386.rpm
fcb32b8d69e5a8650a53b5d6ac347e66 kdelibs-apidocs-3.5.4-13.el5.i386.rpm
8141ec4f62dfc46e73e2d76f317599cc kdelibs-debuginfo-3.5.4-13.el5.i386.rpm

x86_64:
2cf541a483fe1fbda5f2894f429dd029 kdelibs-3.5.4-13.el5.i386.rpm
68709b52718e0745e3dbd5bb7a04230b kdelibs-3.5.4-13.el5.x86_64.rpm
3f8d019e0ecfcf919d5b3c55757e6101 kdelibs-apidocs-3.5.4-13.el5.x86_64.rpm
8141ec4f62dfc46e73e2d76f317599cc kdelibs-debuginfo-3.5.4-13.el5.i386.rpm
173697bfc07630bc2828a8aec6adc138 kdelibs-debuginfo-3.5.4-13.el5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kdelibs-3.5.4-13.el5.src.rpm
e6ceb931f57d243382512a4e05987c66 kdelibs-3.5.4-13.el5.src.rpm

i386:
8141ec4f62dfc46e73e2d76f317599cc kdelibs-debuginfo-3.5.4-13.el5.i386.rpm
222f3e3b226bae96dd7083e6e47c4350 kdelibs-devel-3.5.4-13.el5.i386.rpm

x86_64:
8141ec4f62dfc46e73e2d76f317599cc kdelibs-debuginfo-3.5.4-13.el5.i386.rpm
173697bfc07630bc2828a8aec6adc138 kdelibs-debuginfo-3.5.4-13.el5.x86_64.rpm
222f3e3b226bae96dd7083e6e47c4350 kdelibs-devel-3.5.4-13.el5.i386.rpm
7beda8e6b585f62c52e032c6cdee89ea kdelibs-devel-3.5.4-13.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kdelibs-3.5.4-13.el5.src.rpm
e6ceb931f57d243382512a4e05987c66 kdelibs-3.5.4-13.el5.src.rpm

i386:
2cf541a483fe1fbda5f2894f429dd029 kdelibs-3.5.4-13.el5.i386.rpm
fcb32b8d69e5a8650a53b5d6ac347e66 kdelibs-apidocs-3.5.4-13.el5.i386.rpm
8141ec4f62dfc46e73e2d76f317599cc kdelibs-debuginfo-3.5.4-13.el5.i386.rpm
222f3e3b226bae96dd7083e6e47c4350 kdelibs-devel-3.5.4-13.el5.i386.rpm

ia64:
f5dbf1ec8eceebb294fb9d23b95b4364 kdelibs-3.5.4-13.el5.ia64.rpm
cc7710e3dc78bfdccf3ada21f8fbb9de kdelibs-apidocs-3.5.4-13.el5.ia64.rpm
2b4c5c7219a48aea1834015035fccfbd kdelibs-debuginfo-3.5.4-13.el5.ia64.rpm
e64135af218a2b089ce7005fed87a04b kdelibs-devel-3.5.4-13.el5.ia64.rpm

ppc:
29bd915319ed22e56e0d137253cc852b kdelibs-3.5.4-13.el5.ppc.rpm
46615b20f403cbeb477f86c46c67ac44 kdelibs-3.5.4-13.el5.ppc64.rpm
eecf5dc5a052e5defdd3a6816d5b9ae2 kdelibs-apidocs-3.5.4-13.el5.ppc.rpm
ea2e4697883a77d5bedfad55ed662ec9 kdelibs-debuginfo-3.5.4-13.el5.ppc.rpm
63065e25fd7d07a7650c21bc24ae285e kdelibs-debuginfo-3.5.4-13.el5.ppc64.rpm
7c556ec7f4c29086ce2dcdee62f5fd14 kdelibs-devel-3.5.4-13.el5.ppc.rpm
2be63373a24d12f1206fe81de6e2c1e9 kdelibs-devel-3.5.4-13.el5.ppc64.rpm

s390x:
230dcdb2da9a862e102b32168c792885 kdelibs-3.5.4-13.el5.s390.rpm
0bfb7027d74d2e5d1d4128aa29673227 kdelibs-3.5.4-13.el5.s390x.rpm
e750100c621dcc5143b22c47a9e3ca0b kdelibs-apidocs-3.5.4-13.el5.s390x.rpm
c7e610193fcb2219e344e6529f473570 kdelibs-debuginfo-3.5.4-13.el5.s390.rpm
ac0617c7269a39e793409db486e5a314 kdelibs-debuginfo-3.5.4-13.el5.s390x.rpm
612e4e315bbb301dfc449d9c270f293e kdelibs-devel-3.5.4-13.el5.s390.rpm
e7937888bf5d32ba188396ee82bf2fd1 kdelibs-devel-3.5.4-13.el5.s390x.rpm

x86_64:
2cf541a483fe1fbda5f2894f429dd029 kdelibs-3.5.4-13.el5.i386.rpm
68709b52718e0745e3dbd5bb7a04230b kdelibs-3.5.4-13.el5.x86_64.rpm
3f8d019e0ecfcf919d5b3c55757e6101 kdelibs-apidocs-3.5.4-13.el5.x86_64.rpm
8141ec4f62dfc46e73e2d76f317599cc kdelibs-debuginfo-3.5.4-13.el5.i386.rpm
173697bfc07630bc2828a8aec6adc138 kdelibs-debuginfo-3.5.4-13.el5.x86_64.rpm
222f3e3b226bae96dd7083e6e47c4350 kdelibs-devel-3.5.4-13.el5.i386.rpm
7beda8e6b585f62c52e032c6cdee89ea kdelibs-devel-3.5.4-13.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0537
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1308
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1564
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4224
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFHCebKXlSAg2UNWIIRAgG+AJ9AiWwUiSB+1AYF6gC4rFMZAlvzQgCgnvDw
GZzAI8Yhuu/XrZRWA4myHso=
=wJQp
-----END PGP SIGNATURE-----