RedHat: Important: kdelibs security update
Summary
Summary
The kdelibs package provides libraries for the K Desktop Environment. The International Domain Name (IDN) support in the Konqueror browser allowed remote attackers to spoof domain names using punycode encoded domain names. Such domain names are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0237 to this issue. Sebastian Krahmer discovered a flaw in dcopserver, the KDE Desktop Communication Protocol (DCOP) daemon. A local user could use this flaw to stall the DCOP authentication process, affecting any local desktop users and causing a reduction in their desktop functionality. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0396 to this issue. A flaw in the dcopidlng script was discovered. The dcopidlng script would create temporary files with predictable filenames which could allow local users to overwrite arbitrary files via a symlink attack. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0365 to this issue. Users of KDE should upgrade to these erratum packages which contain backported patches to correct these issues.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
http://www.redhat.com/docs/manuals/enterprise/
5. Bug IDs fixed (http://bugzilla.redhat.com/):
147405 - CAN-2005-0237 homograph spoofing
148822 - CAN-2005-0365 dcopidlng insecure temporary file usage
150090 - CAN-2005-0396 kdelibs DCOP DoS
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS:
6ccf8717107ecc6d72b35704aaa9e07e kdelibs-3.3.1-3.6.src.rpm
i386:
105b9b5875503e735f0ee528b98b503b kdelibs-3.3.1-3.6.i386.rpm
1af694976c9994ff3bc42b04ed122684 kdelibs-devel-3.3.1-3.6.i386.rpm
ia64:
aeac4b10cefa2eb651331da7d7543688 kdelibs-3.3.1-3.6.ia64.rpm
105b9b5875503e735f0ee528b98b503b kdelibs-3.3.1-3.6.i386.rpm
86c14fcc2971949ae7d2bf6d4dc64ceb kdelibs-devel-3.3.1-3.6.ia64.rpm
ppc:
d7b5bea6a04c878784dcbf7753cd0b41 kdelibs-3.3.1-3.6.ppc.rpm
b42f3377c51e8de4370f41daec826078 kdelibs-3.3.1-3.6.ppc64.rpm
63f50dac91194f9964f7c6cfad306be5 kdelibs-devel-3.3.1-3.6.ppc.rpm
s390:
69622bbacd11c294bd01e98434a5b13b kdelibs-3.3.1-3.6.s390.rpm
e54406f8e75005d869539b701bddbe4f kdelibs-devel-3.3.1-3.6.s390.rpm
s390x:
6898fa8e5397b0c634a88f09872cd348 kdelibs-3.3.1-3.6.s390x.rpm
69622bbacd11c294bd01e98434a5b13b kdelibs-3.3.1-3.6.s390.rpm
65d18f1af50501dd67c477ea4e1fc3a5 kdelibs-devel-3.3.1-3.6.s390x.rpm
x86_64:
1a99bb1ca25663786baca88582364276 kdelibs-3.3.1-3.6.x86_64.rpm
105b9b5875503e735f0ee528b98b503b kdelibs-3.3.1-3.6.i386.rpm
918fbe7a0df8853c16213e9cc85311ca kdelibs-devel-3.3.1-3.6.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS:
6ccf8717107ecc6d72b35704aaa9e07e kdelibs-3.3.1-3.6.src.rpm
i386:
105b9b5875503e735f0ee528b98b503b kdelibs-3.3.1-3.6.i386.rpm
1af694976c9994ff3bc42b04ed122684 kdelibs-devel-3.3.1-3.6.i386.rpm
x86_64:
1a99bb1ca25663786baca88582364276 kdelibs-3.3.1-3.6.x86_64.rpm
105b9b5875503e735f0ee528b98b503b kdelibs-3.3.1-3.6.i386.rpm
918fbe7a0df8853c16213e9cc85311ca kdelibs-devel-3.3.1-3.6.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS:
6ccf8717107ecc6d72b35704aaa9e07e kdelibs-3.3.1-3.6.src.rpm
i386:
105b9b5875503e735f0ee528b98b503b kdelibs-3.3.1-3.6.i386.rpm
1af694976c9994ff3bc42b04ed122684 kdelibs-devel-3.3.1-3.6.i386.rpm
ia64:
aeac4b10cefa2eb651331da7d7543688 kdelibs-3.3.1-3.6.ia64.rpm
105b9b5875503e735f0ee528b98b503b kdelibs-3.3.1-3.6.i386.rpm
86c14fcc2971949ae7d2bf6d4dc64ceb kdelibs-devel-3.3.1-3.6.ia64.rpm
x86_64:
1a99bb1ca25663786baca88582364276 kdelibs-3.3.1-3.6.x86_64.rpm
105b9b5875503e735f0ee528b98b503b kdelibs-3.3.1-3.6.i386.rpm
918fbe7a0df8853c16213e9cc85311ca kdelibs-devel-3.3.1-3.6.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS:
6ccf8717107ecc6d72b35704aaa9e07e kdelibs-3.3.1-3.6.src.rpm
i386:
105b9b5875503e735f0ee528b98b503b kdelibs-3.3.1-3.6.i386.rpm
1af694976c9994ff3bc42b04ed122684 kdelibs-devel-3.3.1-3.6.i386.rpm
ia64:
aeac4b10cefa2eb651331da7d7543688 kdelibs-3.3.1-3.6.ia64.rpm
105b9b5875503e735f0ee528b98b503b kdelibs-3.3.1-3.6.i386.rpm
86c14fcc2971949ae7d2bf6d4dc64ceb kdelibs-devel-3.3.1-3.6.ia64.rpm
x86_64:
1a99bb1ca25663786baca88582364276 kdelibs-3.3.1-3.6.x86_64.rpm
105b9b5875503e735f0ee528b98b503b kdelibs-3.3.1-3.6.i386.rpm
918fbe7a0df8853c16213e9cc85311ca kdelibs-devel-3.3.1-3.6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
References
https://kde.org/info/security/advisory-20050316-3.txt https://kde.org/info/security/advisory-20050316-2.txt https://kde.org/info/security/advisory-20050316-1.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0237 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0365 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0396
Package List
Topic
Topic
Relevant Releases Architectures
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
Bugs Fixed
