[RHSA-2005:307-01] Moderate: kdelibs security update

bugzilla at redhat.com bugzilla at redhat.com
Wed Apr 6 18:08:00 UTC 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Moderate: kdelibs security update
Advisory ID:       RHSA-2005:307-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-307.html
Issue date:        2005-04-06
Updated on:        2005-04-06
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2005-0396
- ---------------------------------------------------------------------

1. Summary:

Updated kdelibs packages that fix a local denial of service issue are now
available.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1 - i386, ia64
Red Hat Linux Advanced Workstation 2.1 - ia64
Red Hat Enterprise Linux ES version 2.1 - i386
Red Hat Enterprise Linux WS version 2.1 - i386
Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Desktop version 3 - i386, x86_64
Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64

3. Problem description:

The kdelibs package provides libraries for the K Desktop Environment.

Sebastian Krahmer discovered a flaw in dcopserver, the KDE Desktop
Communication Protocol (DCOP) daemon.  A local user could use this flaw to
stall the DCOP authentication process, affecting any local desktop users
and causing a reduction in their desktop functionality.  The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2005-0396 to this issue.

Users of KDE should upgrade to these erratum packages, which contain
backported patches to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

151373 - CAN-2005-0396 kdelibs DCOP DoS

6. RPMs required:

Red Hat Enterprise Linux AS (Advanced Server) version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AS/en/os/SRPMS/kdelibs-2.2.2-17.src.rpm
d2db7c95084c274c3269f7fa0c426d52  kdelibs-2.2.2-17.src.rpm

i386:
91b38b21c1616e31e3093f7588c886c9  arts-2.2.2-17.i386.rpm
6b6c1d4a8384b8a9765c9ef1bdd838c5  kdelibs-2.2.2-17.i386.rpm
ea2c5eb51e9811ac2db97bf51402b27b  kdelibs-devel-2.2.2-17.i386.rpm
a18c68556f859a1c06de48c9ff7a5e15  kdelibs-sound-2.2.2-17.i386.rpm
65823c5b10cb929e5b87145998ec1f7b  kdelibs-sound-devel-2.2.2-17.i386.rpm

ia64:
4b4cfa267505957d829205eb46acd367  arts-2.2.2-17.ia64.rpm
3388dec578af11d94481b4431a6094c1  kdelibs-2.2.2-17.ia64.rpm
e2bbd0539ccae8148d6e5ca8bd9c21b0  kdelibs-devel-2.2.2-17.ia64.rpm
ac827ab14483b614168e4ba691d7025f  kdelibs-sound-2.2.2-17.ia64.rpm
d8f040899c985487a8cf07a6606122bb  kdelibs-sound-devel-2.2.2-17.ia64.rpm

Red Hat Linux Advanced Workstation 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1AW/en/os/SRPMS/kdelibs-2.2.2-17.src.rpm
d2db7c95084c274c3269f7fa0c426d52  kdelibs-2.2.2-17.src.rpm

ia64:
4b4cfa267505957d829205eb46acd367  arts-2.2.2-17.ia64.rpm
3388dec578af11d94481b4431a6094c1  kdelibs-2.2.2-17.ia64.rpm
e2bbd0539ccae8148d6e5ca8bd9c21b0  kdelibs-devel-2.2.2-17.ia64.rpm
ac827ab14483b614168e4ba691d7025f  kdelibs-sound-2.2.2-17.ia64.rpm
d8f040899c985487a8cf07a6606122bb  kdelibs-sound-devel-2.2.2-17.ia64.rpm

Red Hat Enterprise Linux ES version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1ES/en/os/SRPMS/kdelibs-2.2.2-17.src.rpm
d2db7c95084c274c3269f7fa0c426d52  kdelibs-2.2.2-17.src.rpm

i386:
91b38b21c1616e31e3093f7588c886c9  arts-2.2.2-17.i386.rpm
6b6c1d4a8384b8a9765c9ef1bdd838c5  kdelibs-2.2.2-17.i386.rpm
ea2c5eb51e9811ac2db97bf51402b27b  kdelibs-devel-2.2.2-17.i386.rpm
a18c68556f859a1c06de48c9ff7a5e15  kdelibs-sound-2.2.2-17.i386.rpm
65823c5b10cb929e5b87145998ec1f7b  kdelibs-sound-devel-2.2.2-17.i386.rpm

Red Hat Enterprise Linux WS version 2.1:

SRPMS:
ftp://updates.redhat.com/enterprise/2.1WS/en/os/SRPMS/kdelibs-2.2.2-17.src.rpm
d2db7c95084c274c3269f7fa0c426d52  kdelibs-2.2.2-17.src.rpm

i386:
91b38b21c1616e31e3093f7588c886c9  arts-2.2.2-17.i386.rpm
6b6c1d4a8384b8a9765c9ef1bdd838c5  kdelibs-2.2.2-17.i386.rpm
ea2c5eb51e9811ac2db97bf51402b27b  kdelibs-devel-2.2.2-17.i386.rpm
a18c68556f859a1c06de48c9ff7a5e15  kdelibs-sound-2.2.2-17.i386.rpm
65823c5b10cb929e5b87145998ec1f7b  kdelibs-sound-devel-2.2.2-17.i386.rpm

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/kdelibs-3.1.3-6.10.src.rpm
3cfb3f1e237311cc804e9c2da463981a  kdelibs-3.1.3-6.10.src.rpm

i386:
b5d72f35d741ffbd4ad7312bae417735  kdelibs-3.1.3-6.10.i386.rpm
5849126531c9b1aa9dbdfa0a458830b1  kdelibs-devel-3.1.3-6.10.i386.rpm

ia64:
1871487863103c38bcd2366eb950dc2c  kdelibs-3.1.3-6.10.ia64.rpm
b5d72f35d741ffbd4ad7312bae417735  kdelibs-3.1.3-6.10.i386.rpm
b09d068aa5130d81916ac52ba60dc9f5  kdelibs-devel-3.1.3-6.10.ia64.rpm

ppc:
f073759687671815506292d5a4c06e98  kdelibs-3.1.3-6.10.ppc.rpm
0fc3fb75ead874a49c42c5aedd49717b  kdelibs-3.1.3-6.10.ppc64.rpm
d22ea5aca6336d108aa266a566f3057f  kdelibs-devel-3.1.3-6.10.ppc.rpm

s390:
306e431bbf37219159e0e991bca012f4  kdelibs-3.1.3-6.10.s390.rpm
9fa18bbc79edc950e572508414bc325d  kdelibs-devel-3.1.3-6.10.s390.rpm

s390x:
d7ad6b92ae64ea5ff868d64dfbea3681  kdelibs-3.1.3-6.10.s390x.rpm
306e431bbf37219159e0e991bca012f4  kdelibs-3.1.3-6.10.s390.rpm
e5c635aa63dab730bd8b3536fb6c57c2  kdelibs-devel-3.1.3-6.10.s390x.rpm

x86_64:
c298a2e00c5a1905b8e7e884c644d664  kdelibs-3.1.3-6.10.x86_64.rpm
b5d72f35d741ffbd4ad7312bae417735  kdelibs-3.1.3-6.10.i386.rpm
8a049458fbfe3ab8ba838bc5ccafc20b  kdelibs-devel-3.1.3-6.10.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/kdelibs-3.1.3-6.10.src.rpm
3cfb3f1e237311cc804e9c2da463981a  kdelibs-3.1.3-6.10.src.rpm

i386:
b5d72f35d741ffbd4ad7312bae417735  kdelibs-3.1.3-6.10.i386.rpm
5849126531c9b1aa9dbdfa0a458830b1  kdelibs-devel-3.1.3-6.10.i386.rpm

x86_64:
c298a2e00c5a1905b8e7e884c644d664  kdelibs-3.1.3-6.10.x86_64.rpm
b5d72f35d741ffbd4ad7312bae417735  kdelibs-3.1.3-6.10.i386.rpm
8a049458fbfe3ab8ba838bc5ccafc20b  kdelibs-devel-3.1.3-6.10.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/kdelibs-3.1.3-6.10.src.rpm
3cfb3f1e237311cc804e9c2da463981a  kdelibs-3.1.3-6.10.src.rpm

i386:
b5d72f35d741ffbd4ad7312bae417735  kdelibs-3.1.3-6.10.i386.rpm
5849126531c9b1aa9dbdfa0a458830b1  kdelibs-devel-3.1.3-6.10.i386.rpm

ia64:
1871487863103c38bcd2366eb950dc2c  kdelibs-3.1.3-6.10.ia64.rpm
b5d72f35d741ffbd4ad7312bae417735  kdelibs-3.1.3-6.10.i386.rpm
b09d068aa5130d81916ac52ba60dc9f5  kdelibs-devel-3.1.3-6.10.ia64.rpm

x86_64:
c298a2e00c5a1905b8e7e884c644d664  kdelibs-3.1.3-6.10.x86_64.rpm
b5d72f35d741ffbd4ad7312bae417735  kdelibs-3.1.3-6.10.i386.rpm
8a049458fbfe3ab8ba838bc5ccafc20b  kdelibs-devel-3.1.3-6.10.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/kdelibs-3.1.3-6.10.src.rpm
3cfb3f1e237311cc804e9c2da463981a  kdelibs-3.1.3-6.10.src.rpm

i386:
b5d72f35d741ffbd4ad7312bae417735  kdelibs-3.1.3-6.10.i386.rpm
5849126531c9b1aa9dbdfa0a458830b1  kdelibs-devel-3.1.3-6.10.i386.rpm

ia64:
1871487863103c38bcd2366eb950dc2c  kdelibs-3.1.3-6.10.ia64.rpm
b5d72f35d741ffbd4ad7312bae417735  kdelibs-3.1.3-6.10.i386.rpm
b09d068aa5130d81916ac52ba60dc9f5  kdelibs-devel-3.1.3-6.10.ia64.rpm

x86_64:
c298a2e00c5a1905b8e7e884c644d664  kdelibs-3.1.3-6.10.x86_64.rpm
b5d72f35d741ffbd4ad7312bae417735  kdelibs-3.1.3-6.10.i386.rpm
8a049458fbfe3ab8ba838bc5ccafc20b  kdelibs-devel-3.1.3-6.10.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0396

8. Contact:

The Red Hat security contact is <secalert at redhat.com>.  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCVCVRXlSAg2UNWIIRAlBHAJ972aZyi114/3cryuWu1PSlWkgsLACbB5GN
AZK/2+eiUMTyNMrVpgCPbGY=
=d7uT
-----END PGP SIGNATURE-----

More information about the Enterprise-watch-list mailing list