[RHSA-2007:0905-01] Moderate: kdebase security update

bugzilla at redhat.com bugzilla at redhat.com
Mon Oct 8 08:13:57 UTC 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: kdebase security update
Advisory ID:       RHSA-2007:0905-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2007-0905.html
Issue date:        2007-10-08
Updated on:        2007-10-08
Product:           Red Hat Enterprise Linux
CVE Names:         CVE-2007-4569 CVE-2007-3820 CVE-2007-4224 
- ---------------------------------------------------------------------

1. Summary:

Updated kdebase packages that resolve several security flaws are now
available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having moderate security impact by the Red Hat
Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

3. Problem description:

The kdebase packages provide the core applications for KDE, the K Desktop
Environment. These core packages include Konqueror, the web browser and
file manager.

These updated packages address the following vulnerabilities:

Kees Huijgen found a flaw in the way KDM handled logins when autologin and
"shutdown with password" were enabled.  A local user would have been able
to login via KDM as any user without requiring a password. (CVE-2007-4569)

Two Konqueror address spoofing flaws were discovered. A malicious web site
could spoof the Konqueror address bar, tricking a victim into believing the
page was from a different site. (CVE-2007-3820, CVE-2007-4224)

Users of KDE should upgrade to these updated packages, which contain
backported patches to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  

This update is available via Red Hat Network.  Details on how to use 
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

5. Bug IDs fixed (http://bugzilla.redhat.com/):

248537 - CVE-2007-3820 Spoofing of URI possible in Konqueror's address bar
251708 - CVE-2007-4224 URL spoof in address bar
287311 - CVE-2007-4569 kdm password-less login vulnerability

6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kdebase-3.3.1-6.el4.src.rpm
0e7a33a2e43f2cd507e2c699ed182e77  kdebase-3.3.1-6.el4.src.rpm

i386:
4293f4d3f0e1168e29dfab6257655dd9  kdebase-3.3.1-6.el4.i386.rpm
8dc6b2b0dc4f689f84e1d90916b8b5b3  kdebase-debuginfo-3.3.1-6.el4.i386.rpm
6ae3e11f0b1762380e73d91d8bd52805  kdebase-devel-3.3.1-6.el4.i386.rpm

ia64:
4293f4d3f0e1168e29dfab6257655dd9  kdebase-3.3.1-6.el4.i386.rpm
4080c57c9d0eb829bba52d586050b9f7  kdebase-3.3.1-6.el4.ia64.rpm
8dc6b2b0dc4f689f84e1d90916b8b5b3  kdebase-debuginfo-3.3.1-6.el4.i386.rpm
459bc922b6881bd3ef10199db218ca12  kdebase-debuginfo-3.3.1-6.el4.ia64.rpm
bca85b0ad189043614ac62ce158cd9a1  kdebase-devel-3.3.1-6.el4.ia64.rpm

ppc:
797edcbc95370892dd9de67764fcebff  kdebase-3.3.1-6.el4.ppc.rpm
d291ff830e08e407b915498c4d2bec11  kdebase-3.3.1-6.el4.ppc64.rpm
920ca223a09af679376788a2fb453237  kdebase-debuginfo-3.3.1-6.el4.ppc.rpm
28900fbb39c5bb68a34ad2cdf962cce8  kdebase-debuginfo-3.3.1-6.el4.ppc64.rpm
02d25dc71e3b286b9d70fb906547c1ee  kdebase-devel-3.3.1-6.el4.ppc.rpm

s390:
a6259b08ab051eb436f5908fe14f5f24  kdebase-3.3.1-6.el4.s390.rpm
4181c309c0e3e5f5195cb0f9bf41d664  kdebase-debuginfo-3.3.1-6.el4.s390.rpm
6f74b509c6ba0e588d3006158dc9d51f  kdebase-devel-3.3.1-6.el4.s390.rpm

s390x:
a6259b08ab051eb436f5908fe14f5f24  kdebase-3.3.1-6.el4.s390.rpm
9b24c7ebbe3757844be4afb6764f90ce  kdebase-3.3.1-6.el4.s390x.rpm
4181c309c0e3e5f5195cb0f9bf41d664  kdebase-debuginfo-3.3.1-6.el4.s390.rpm
950527579d1c7e91bb1d8b432839cfe3  kdebase-debuginfo-3.3.1-6.el4.s390x.rpm
b488fe840b23130fcb83a964a632c04e  kdebase-devel-3.3.1-6.el4.s390x.rpm

x86_64:
4293f4d3f0e1168e29dfab6257655dd9  kdebase-3.3.1-6.el4.i386.rpm
2e88800d1b84083080172915aa66e4b5  kdebase-3.3.1-6.el4.x86_64.rpm
8dc6b2b0dc4f689f84e1d90916b8b5b3  kdebase-debuginfo-3.3.1-6.el4.i386.rpm
1c7654265f0065e950ca950ef47ded0a  kdebase-debuginfo-3.3.1-6.el4.x86_64.rpm
ead5a943fd891d92cb7dc68bcef7826b  kdebase-devel-3.3.1-6.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kdebase-3.3.1-6.el4.src.rpm
0e7a33a2e43f2cd507e2c699ed182e77  kdebase-3.3.1-6.el4.src.rpm

i386:
4293f4d3f0e1168e29dfab6257655dd9  kdebase-3.3.1-6.el4.i386.rpm
8dc6b2b0dc4f689f84e1d90916b8b5b3  kdebase-debuginfo-3.3.1-6.el4.i386.rpm
6ae3e11f0b1762380e73d91d8bd52805  kdebase-devel-3.3.1-6.el4.i386.rpm

x86_64:
4293f4d3f0e1168e29dfab6257655dd9  kdebase-3.3.1-6.el4.i386.rpm
2e88800d1b84083080172915aa66e4b5  kdebase-3.3.1-6.el4.x86_64.rpm
8dc6b2b0dc4f689f84e1d90916b8b5b3  kdebase-debuginfo-3.3.1-6.el4.i386.rpm
1c7654265f0065e950ca950ef47ded0a  kdebase-debuginfo-3.3.1-6.el4.x86_64.rpm
ead5a943fd891d92cb7dc68bcef7826b  kdebase-devel-3.3.1-6.el4.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kdebase-3.3.1-6.el4.src.rpm
0e7a33a2e43f2cd507e2c699ed182e77  kdebase-3.3.1-6.el4.src.rpm

i386:
4293f4d3f0e1168e29dfab6257655dd9  kdebase-3.3.1-6.el4.i386.rpm
8dc6b2b0dc4f689f84e1d90916b8b5b3  kdebase-debuginfo-3.3.1-6.el4.i386.rpm
6ae3e11f0b1762380e73d91d8bd52805  kdebase-devel-3.3.1-6.el4.i386.rpm

ia64:
4293f4d3f0e1168e29dfab6257655dd9  kdebase-3.3.1-6.el4.i386.rpm
4080c57c9d0eb829bba52d586050b9f7  kdebase-3.3.1-6.el4.ia64.rpm
8dc6b2b0dc4f689f84e1d90916b8b5b3  kdebase-debuginfo-3.3.1-6.el4.i386.rpm
459bc922b6881bd3ef10199db218ca12  kdebase-debuginfo-3.3.1-6.el4.ia64.rpm
bca85b0ad189043614ac62ce158cd9a1  kdebase-devel-3.3.1-6.el4.ia64.rpm

x86_64:
4293f4d3f0e1168e29dfab6257655dd9  kdebase-3.3.1-6.el4.i386.rpm
2e88800d1b84083080172915aa66e4b5  kdebase-3.3.1-6.el4.x86_64.rpm
8dc6b2b0dc4f689f84e1d90916b8b5b3  kdebase-debuginfo-3.3.1-6.el4.i386.rpm
1c7654265f0065e950ca950ef47ded0a  kdebase-debuginfo-3.3.1-6.el4.x86_64.rpm
ead5a943fd891d92cb7dc68bcef7826b  kdebase-devel-3.3.1-6.el4.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kdebase-3.3.1-6.el4.src.rpm
0e7a33a2e43f2cd507e2c699ed182e77  kdebase-3.3.1-6.el4.src.rpm

i386:
4293f4d3f0e1168e29dfab6257655dd9  kdebase-3.3.1-6.el4.i386.rpm
8dc6b2b0dc4f689f84e1d90916b8b5b3  kdebase-debuginfo-3.3.1-6.el4.i386.rpm
6ae3e11f0b1762380e73d91d8bd52805  kdebase-devel-3.3.1-6.el4.i386.rpm

ia64:
4293f4d3f0e1168e29dfab6257655dd9  kdebase-3.3.1-6.el4.i386.rpm
4080c57c9d0eb829bba52d586050b9f7  kdebase-3.3.1-6.el4.ia64.rpm
8dc6b2b0dc4f689f84e1d90916b8b5b3  kdebase-debuginfo-3.3.1-6.el4.i386.rpm
459bc922b6881bd3ef10199db218ca12  kdebase-debuginfo-3.3.1-6.el4.ia64.rpm
bca85b0ad189043614ac62ce158cd9a1  kdebase-devel-3.3.1-6.el4.ia64.rpm

x86_64:
4293f4d3f0e1168e29dfab6257655dd9  kdebase-3.3.1-6.el4.i386.rpm
2e88800d1b84083080172915aa66e4b5  kdebase-3.3.1-6.el4.x86_64.rpm
8dc6b2b0dc4f689f84e1d90916b8b5b3  kdebase-debuginfo-3.3.1-6.el4.i386.rpm
1c7654265f0065e950ca950ef47ded0a  kdebase-debuginfo-3.3.1-6.el4.x86_64.rpm
ead5a943fd891d92cb7dc68bcef7826b  kdebase-devel-3.3.1-6.el4.x86_64.rpm

Red Hat Enterprise Linux Desktop (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kdebase-3.5.4-15.el5.src.rpm
aa0b359a47ff978b465d54bee7650895  kdebase-3.5.4-15.el5.src.rpm

i386:
bf677edbe1fdcf6a4ece9c584d93b8ef  kdebase-3.5.4-15.el5.i386.rpm
f5f008459a0974338f81bd7ee558ab98  kdebase-debuginfo-3.5.4-15.el5.i386.rpm

x86_64:
bf677edbe1fdcf6a4ece9c584d93b8ef  kdebase-3.5.4-15.el5.i386.rpm
333546f51e787502de426209747feb79  kdebase-3.5.4-15.el5.x86_64.rpm
f5f008459a0974338f81bd7ee558ab98  kdebase-debuginfo-3.5.4-15.el5.i386.rpm
97f9c313bbe321df3f246ca2dd9ca0c3  kdebase-debuginfo-3.5.4-15.el5.x86_64.rpm

RHEL Desktop Workstation (v. 5 client):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/kdebase-3.5.4-15.el5.src.rpm
aa0b359a47ff978b465d54bee7650895  kdebase-3.5.4-15.el5.src.rpm

i386:
f5f008459a0974338f81bd7ee558ab98  kdebase-debuginfo-3.5.4-15.el5.i386.rpm
e67261c295813b9f51d3534de4617a46  kdebase-devel-3.5.4-15.el5.i386.rpm

x86_64:
f5f008459a0974338f81bd7ee558ab98  kdebase-debuginfo-3.5.4-15.el5.i386.rpm
97f9c313bbe321df3f246ca2dd9ca0c3  kdebase-debuginfo-3.5.4-15.el5.x86_64.rpm
e67261c295813b9f51d3534de4617a46  kdebase-devel-3.5.4-15.el5.i386.rpm
5c0aef38590702d9b9c13cab87b4ba4e  kdebase-devel-3.5.4-15.el5.x86_64.rpm

Red Hat Enterprise Linux (v. 5 server):

SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/kdebase-3.5.4-15.el5.src.rpm
aa0b359a47ff978b465d54bee7650895  kdebase-3.5.4-15.el5.src.rpm

i386:
bf677edbe1fdcf6a4ece9c584d93b8ef  kdebase-3.5.4-15.el5.i386.rpm
f5f008459a0974338f81bd7ee558ab98  kdebase-debuginfo-3.5.4-15.el5.i386.rpm
e67261c295813b9f51d3534de4617a46  kdebase-devel-3.5.4-15.el5.i386.rpm

ia64:
94ddb56d1e0170014e7274211f0f5813  kdebase-3.5.4-15.el5.ia64.rpm
2f781b36f9368c7e3292b7ab4ca04733  kdebase-debuginfo-3.5.4-15.el5.ia64.rpm
842fc8df4d585792f2d03102385e8cef  kdebase-devel-3.5.4-15.el5.ia64.rpm

ppc:
a596dcc157092602ba35a6e926c196cf  kdebase-3.5.4-15.el5.ppc.rpm
d8f78019b7b79bdc75a44a1ae2089fac  kdebase-3.5.4-15.el5.ppc64.rpm
6f8dc739f9d8894d8ad03462b8c81bf6  kdebase-debuginfo-3.5.4-15.el5.ppc.rpm
ee63b6defec2f759f80c0f8ea1d06637  kdebase-debuginfo-3.5.4-15.el5.ppc64.rpm
d6ab4becd323dbfc9ca5bad7c6827e87  kdebase-devel-3.5.4-15.el5.ppc.rpm
acbe4ebcb7c6b4b9c2a858af9b314caa  kdebase-devel-3.5.4-15.el5.ppc64.rpm

s390x:
3e9d1752110a82c727e41ffadf4c2cea  kdebase-3.5.4-15.el5.s390.rpm
8fa7bf1d8ccb6a1646a0ee2c05e2c54d  kdebase-3.5.4-15.el5.s390x.rpm
1bc000691ddee37f77f4f73995975293  kdebase-debuginfo-3.5.4-15.el5.s390.rpm
b2df75a2b7f0d7fae7f24e51d05a44b0  kdebase-debuginfo-3.5.4-15.el5.s390x.rpm
cc6726d7eebcd9e1cc9811cf2b8b8661  kdebase-devel-3.5.4-15.el5.s390.rpm
c6d4567f015a6d31010c3724060d1fcb  kdebase-devel-3.5.4-15.el5.s390x.rpm

x86_64:
bf677edbe1fdcf6a4ece9c584d93b8ef  kdebase-3.5.4-15.el5.i386.rpm
333546f51e787502de426209747feb79  kdebase-3.5.4-15.el5.x86_64.rpm
f5f008459a0974338f81bd7ee558ab98  kdebase-debuginfo-3.5.4-15.el5.i386.rpm
97f9c313bbe321df3f246ca2dd9ca0c3  kdebase-debuginfo-3.5.4-15.el5.x86_64.rpm
e67261c295813b9f51d3534de4617a46  kdebase-devel-3.5.4-15.el5.i386.rpm
5c0aef38590702d9b9c13cab87b4ba4e  kdebase-devel-3.5.4-15.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4569
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3820
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4224
http://www.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2007 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)

iD8DBQFHCea9XlSAg2UNWIIRAhDLAJ9xEc0ooD1OLYgGOznBf0KMbqeL9wCfXh9J
UGsWuHnf7N/Xfr9Rx5wSGio=
=Y2Ex
-----END PGP SIGNATURE-----






More information about the Enterprise-watch-list mailing list