__________________________________________________________
The U.S. Department of Energy
Computer Incident Advisory Capability
___ __ __ _ ___
/ | /_\ /
\___ __|__ / \ \___
__________________________________________________________
INFORMATION BULLETIN
Red Hat Multiple Vulnerabilities in KDE
[Red Hat Security Advisory RHSA-2002:220-40]
December 4, 2002 20:00 GMT Number N-020
______________________________________________________________________________
PROBLEM: A number of vulnerabilities have been found that affect various
versions of KDE (K Desktop Environment). Vulnerabilities
include a remote attacker spoofing certificates of trusted
sites through a man-in-the-middle attack, and a local or remote
attacker executing arbitrary code through a carefully crafted
URL.
SOFTWARE: * Red Hat Linux 7.2
* Red Hat Linux 7.3
* Red Hat Linux 8.0
DAMAGE: It is possible by exploiting these vulnerabilities a remote
attacker may be able to run code of choice, and obtain root
privileges.
SOLUTION: Apply patches as stated in Red Hat's bulletin.
______________________________________________________________________________
VULNERABILITY The risk is HIGH. KDE is a graphical desktop environment for
ASSESSMENT: the X Window System and is commonly included in Linux systems.
______________________________________________________________________________
LINKS:
CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/n-020.shtml
ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2002-220.html
______________________________________________________________________________
[***** Start Red Hat Security Advisory RHSA-2002:220-40 *****]
Updated KDE packages fix security issues
Advisory: RHSA-2002:220-40
Last updated on: 2002-12-04
Affected Products: Red Hat Linux 7.2
Red Hat Linux 7.3
Red Hat Linux 8.0
CVEs (cve.mitre.org): CAN-2002-0838
CAN-2002-0970
CAN-2002-1151
CAN-2002-1152
CAN-2002-1223
CAN-2002-1224
CAN-2002-1247
CAN-2002-1281
CAN-2002-1282
CAN-2002-1306
Security Advisory
Details:
A number of vulnerabilities have been found that affect various versions of
KDE. This errata provides updates which resolve these issues.
KDE is a graphical desktop environment for the X Window System.
A number of vulnerabilities have been found in various versions of KDE.
The SSL capability for Konqueror in KDE 3.0.2 and earlier does not verify
the Basic Constraints for an intermediate CA-signed certificate. This
allows remote attackers to spoof the certificates of trusted sites via a
man-in-the-middle attack. The Common Vulnerabilities and Exposures project
has assigned the name CAN-2002-0970 to this issue.
Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secure"
flag in an HTTP cookie, which could cause Konqueror to send the cookie
across an unencrypted channel, potentially allowing remote attackers to
steal the cookie via sniffing. (CAN-2002-1152)
The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0
through 3.0.3 does not properly initialize the domains on sub-frames and
sub-iframes, which can allow remote attackers to execute scripts and steal
cookies from subframes that are in other domains. (CAN-2002-1151)
kpf is a file sharing utility that can be docked into the KDE kicker bar.
It uses a subset of the HTTP protocol internally and acts in a manner very
similar to a Web server. A feature added in KDE 3.0.1 accidentally allowed
retrieving any file, not limited to the configured shared directory, if it
is readable by the user under which kpf runs. (CAN-2002-1224)
KGhostview includes a parser from GSview, which is vulnerable to a buffer
overflow while parsing a specially crafted .ps input file.
(CAN-2002-1223). It also contains code from gv 3.5.x which is vulnerable
to another buffer overflow triggered by malformed postscript or Adobe PDF
files. (CAN-2002-0838)
A vulnerability in the rlogin KIO subsystem (rlogin.protocol) of
KDE 2.x 2.1 and later, and KDE 3.x 3.0.4 and earlier, allows local and
remote attackers to execute arbitrary code via a carefully crafted URL.
The Common Vulnerabilities and Exposures project has assigned the name
CAN-2002-1281 to this issue. A similar vulnerability affects KDE version
2.x through the telnet KIO subsystem (telnet.protocol). (CAN-2002-1282)
Multiple buffer overflows exist in the KDE LAN browsing implementation; the
resLISa daemon contains a buffer overflow vulnerability which could be
exploited if the reslisa binary is SUID root. Additionally, the lisa
daemon contains a vulnerability which potentially enables any local user,
as well any any remote attacker on the LAN who is able to gain control of
the LISa port (7741 by default), to obtain root privileges. In Red Hat
Linux, reslisa is not SUID root and lisa services are not automatically
started. (CAN-2002-1247, CAN-2002-1306)
Red Hat Linux 8.0 shipped with KDE 3.0.3 and is therefore vulnerable to
CAN-2002-0838, CAN-2002-1151, CAN-2002-1223, CAN-2002-1224, CAN-2002-1247,
and CAN-2002-1281. This errata includes new kdelibs and kdenetwork packages
which contain patches to correct these issues.
Red Hat Linux 7.3 shipped with KDE 3.0.0 and is therefore vulnerable to
CAN-2002-0838, CAN-2002-0970, CAN-2002-1151, CAN-2002-1152,
CAN-2002-1223, CAN-2002-1247, CAN-2002-1281, and CAN-2002-1306. This
errata upgrades Red Hat Linux 7.3 to KDE 3.0.3 with patches to correct
these issues.
Red Hat Linux 7.2 shipped with KDE version 2.2.2 and is therefore
vulnerable to CAN-2002-0838, CAN-2002-0970, CAN-2002-1151, CAN-2002-1223,
CAN-2002-1247, and CAN-2002-1306. This errata provides new kdelibs and
kdenetwork packages which contain patches to correct these issues.
Red Hat Linux 7.2 is also vulnerable to CAN-2002-1281 and CAN-2002-1282 but
these vulnerabilities are not fixed by these errata packages. At the
present time Red Hat recommends disabling both the rlogin and telnet KIO
protocols as a workaround. To disable both protocols, execute these commands:
rm /usr/share/services/rlogin.protocol
rm /usr/share/services/telnet.protocol
Updated packages:
Red Hat Linux 7.2
--------------------------------------------------------------------------------
SRPMS:
kdegraphics-2.2.2-2.1.src.rpm ea399e31bcca1df0b7aef78c303ca0a7
kdelibs-2.2.2-3.src.rpm 034a08a13b62f72b6a9603f52f16da25
kdenetwork-2.2.2-2.src.rpm 81714c79f92d1e9b6de4b38543a9bc83
i386:
arts-2.2.2-3.i386.rpm c9be246b033cd8e17a0777183f060bdc
kdegraphics-2.2.2-2.1.i386.rpm 1668cdc5ff3cb4476626287cfff646ac
kdegraphics-devel-2.2.2-2.1.i386.rpm 1f7c2cc26b71d0bef278c29259b9e28d
kdelibs-2.2.2-3.i386.rpm 1753fcef6366b9c10dae05876855db5f
kdelibs-devel-2.2.2-3.i386.rpm 9c21f59d69acb690892fd13b02bd23aa
kdelibs-sound-2.2.2-3.i386.rpm 929bf62240d8e8129fb09a965dc4bc75
kdelibs-sound-devel-2.2.2-3.i386.rpm cd858cb38ea684aaf6c22f0093dbbfad
kdenetwork-2.2.2-2.i386.rpm 567f7d10e7f11200a1ede4fc48ee6ba8
kdenetwork-ppp-2.2.2-2.i386.rpm 0181fc55d957f081697dec9ab3c4eef4
ia64:
arts-2.2.2-3.ia64.rpm 4b7e057bd214027d4c492265b3a71d6a
kdegraphics-2.2.2-2.1.ia64.rpm bf45c07ac04d081839934549f9fba336
kdegraphics-devel-2.2.2-2.1.ia64.rpm 07bb5515069e7d63470921b18a338989
kdelibs-2.2.2-3.ia64.rpm 189201842b61ec0eda4cd790e0eb8f9e
kdelibs-devel-2.2.2-3.ia64.rpm e325b6fd962803c296320656e7a3579b
kdelibs-sound-2.2.2-3.ia64.rpm aa788c8abe086b78cf16ffd0d4d26466
kdelibs-sound-devel-2.2.2-3.ia64.rpm b58b22df69edd4b776ae1df8f641139d
kdenetwork-2.2.2-2.ia64.rpm 0f824cdab51bdbafc654081e2d8c9e56
kdenetwork-ppp-2.2.2-2.ia64.rpm 17ed308dac97dff15b511d55316523d9
Red Hat Linux 7.3
--------------------------------------------------------------------------------
SRPMS:
arts-1.0.3-0.7.1.src.rpm 47dcc91fe8726cc45f31014a29b35a1c
kde-i18n-3.0.3-0.7.3.src.rpm e2dbe16652886c5e938932e9db0b76ab
kdeaddons-3.0.3-0.7.src.rpm 1a1bf3945b93dca80460f9d0c496ded2
kdeadmin-3.0.3-0.7.src.rpm 88bd547a198b3b0ce44e4cfdc1b91bd2
kdeartwork-3.0.3-0.7.1.src.rpm 35508697a85ffaba96513085b18e77c7
kdebase-3.0.3-0.7.2.src.rpm 4252b1ec7cd6413b335702d15459f69a
kdebindings-3.0.3-0.7.1.src.rpm 2f77233d2019dcfdfaf5ba4e2294f47f
kdeedu-3.0.3-0.7.src.rpm 96b1c663ec0839e428b15f52e55a920b
kdegames-3.0.3-0.7.src.rpm 43fc3e29f684817f5f91242748e59181
kdegraphics-3.0.3-0.7.2.src.rpm a260fca5c6f4b52ea89c445a386690d0
kdelibs-3.0.3-0.7.2.src.rpm 0bb5c62332785c2daf1f15597d71a890
kdemultimedia-3.0.3-0.7.1.src.rpm 09b000c0e7ac6b2754a74bf3c3ac4fa3
kdenetwork-3.0.3-0.7.2.src.rpm 6d4354214bf9c201a15ee809a9857e13
kdepim-3.0.3-0.7.src.rpm f4f5657c7d14f05d01b00bb853c79c60
kdesdk-3.0.3-0.7.src.rpm 4b4527904b61e185d1805044a84953f1
kdetoys-3.0.3-0.7.src.rpm 430647cf44a607b6ac264060422f0f8d
kdeutils-3.0.3-0.7.src.rpm e712ea2315ea0800a3933e1695968a98
kdevelop-2.1.3-0.7.1.src.rpm fb0ca7e6c97ffb3957728689a743b296
qt-3.0.5-7.14.src.rpm 354d1a5d84ba9be926cd445d1f65cab3
i386:
ark-3.0.3-0.7.i386.rpm c31ac96ba6d0f3a9ebbb10d20985a5c8
arts-1.0.3-0.7.1.i386.rpm 68f6dcc3c862b8de79092d9aa7618d36
arts-devel-1.0.3-0.7.1.i386.rpm ff569116c2e9f9476b6c967207b7dc57
cervisia-3.0.3-0.7.i386.rpm d35f569dfbfe3c8f64930f4d0b84e63d
kaboodle-3.0.3-0.7.1.i386.rpm 6998bef27993940c4cfe628978fd3a22
kamera-3.0.3-0.7.2.i386.rpm e0e6b4869bef5c93628532d1957193fe
karm-3.0.3-0.7.i386.rpm 9434391849bf3ecaa98e729565634a21
kcalc-3.0.3-0.7.i386.rpm 59d8f61a6d57eb83fb29ea4ec9fb7e0d
kcharselect-3.0.3-0.7.i386.rpm b5b049e944cf27d481f40a05c64c124f
kcoloredit-3.0.3-0.7.2.i386.rpm 4f67d858333d89be5959a6fd70197b2c
kdeaddons-kate-3.0.3-0.7.i386.rpm 7fe44981d9f0da00fd85d6dcdcd1e464
kdeaddons-kicker-3.0.3-0.7.i386.rpm 154fd03b6325fc249b9d2db9f5c1bd3c
kdeaddons-knewsticker-3.0.3-0.7.i386.rpm 7b958fa5c3aa0a15e5a8f82c6acac846
kdeaddons-konqueror-3.0.3-0.7.i386.rpm 950f242a09d7bdf3ba77bd7ca6adcb23
kdeaddons-noatun-3.0.3-0.7.i386.rpm 7d3fef5e022b4480ae662c20c48ac965
kdeadmin-3.0.3-0.7.i386.rpm bfe34d25e617c3e25dc2faf77e716621
kdeartwork-3.0.3-0.7.1.i386.rpm 047c77f35776c564bca14cc4ffd146c4
kdeartwork-kworldclock-3.0.3-0.7.1.i386.rpm e59d14917ab3c03c897c3f92b53a758a
kdeartwork-locolor-3.0.3-0.7.1.i386.rpm 96bed63324f3c40ef57bc7aaf32caef9
kdeartwork-screensavers-3.0.3-0.7.1.i386.rpm 1a7c3633b753ca8effe5dfc046fd6ec5
kdebase-3.0.3-0.7.2.i386.rpm 2001ffaf4fcb9d56b25bff8f5b5d6c85
kdebase-devel-3.0.3-0.7.2.i386.rpm db9f97bd5b5721fdd2062d0aa2965547
kdebindings-3.0.3-0.7.1.i386.rpm e33ee4cd2e9301915787b2f4720af43c
kdebindings-devel-3.0.3-0.7.1.i386.rpm 344b64d1bca10210db411b32e01fb0f4
kdebindings-kmozilla-3.0.3-0.7.1.i386.rpm 8feb90886d6ac404a42207b20ff523c5
kdegames-3.0.3-0.7.i386.rpm 2c954338900c6894fbe1c45496bae318
kdegames-devel-3.0.3-0.7.i386.rpm e25d0a4def322accb91d3aa2aa1dafd0
kdelibs-3.0.3-0.7.2.i386.rpm 9a3d319eaadf9b0ff620c445eb6918e5
kdelibs-devel-3.0.3-0.7.2.i386.rpm 0f369a42384ace153710e585ce47e86e
kdemultimedia-arts-3.0.3-0.7.1.i386.rpm fe9794772b4c717fd7ac8ee94ab31b1b
kdemultimedia-devel-3.0.3-0.7.1.i386.rpm 94571620f5161cf37097534c63a9bf4b
kdemultimedia-kfile-3.0.3-0.7.1.i386.rpm d5b599eeeedcb46954024e231aaf66f1
kdemultimedia-libs-3.0.3-0.7.1.i386.rpm 135e008d033b7e78b45b8f4fe0250569
kdenetwork-devel-3.0.3-0.7.2.i386.rpm c53b4d182818205944fcf3612942c318
kdenetwork-libs-3.0.3-0.7.2.i386.rpm bb71a42d167e8539ecfd75156879f70c
kdepasswd-3.0.3-0.7.i386.rpm d65f4adea754e9ab38887c18f7cc4a8e
kdepim-3.0.3-0.7.i386.rpm 8d833c32134f1ed60ee1fbc08262008e
kdepim-cellphone-3.0.3-0.7.i386.rpm a12608b4aa87f056aa95fa7aca7a1273
kdepim-devel-3.0.3-0.7.i386.rpm 33b650a7088f065acc38f8b2558c7b67
kdepim-pilot-3.0.3-0.7.i386.rpm e137e8621fca2328d919b9735adbd719
kdesdk-gimp-3.0.3-0.7.i386.rpm 708568ca332d5cb4c545da99090c74db
kdesdk-kapptemplate-3.0.3-0.7.i386.rpm 915cb23acd612fb8879d8feb6d8e2cac
kdesdk-kbabel-3.0.3-0.7.i386.rpm 83c195e1f5e5932138d489bb3dc14663
kdesdk-kbugbuster-3.0.3-0.7.i386.rpm 228345769dd1cf1d3379906b215af9e2
kdesdk-kmtrace-3.0.3-0.7.i386.rpm 38f2efa7b18452a63bf0fde26bb78803
kdesdk-kompare-3.0.3-0.7.i386.rpm 9147d3be6cfb04f569c4f83e69c34d5e
kdesdk-kspy-3.0.3-0.7.i386.rpm 60f394c650b46645e1f9b1c5852727f8
kdessh-3.0.3-0.7.i386.rpm 8f1eda9703316c6638187b86e1c8c1e3
kdetoys-3.0.3-0.7.i386.rpm 938c1325cb89c9dc49932f4ee55d7f48
kdeutils-laptop-3.0.3-0.7.i386.rpm 4e0458b14e321cddb9820803516a3c4d
kdevelop-2.1.3-0.7.1.i386.rpm 828d671341da74f98207ccec83dd894d
kdf-3.0.3-0.7.i386.rpm a43492502f9724ef88e3757bd573c026
kdict-3.0.3-0.7.2.i386.rpm 7ce89dde28bc8ae992395c24f2136905
kdvi-3.0.3-0.7.2.i386.rpm 6a32f99fcf3f144a0ba79363dfe2c996
kedit-3.0.3-0.7.i386.rpm 93fe10821b08641e964f1e3957e32d37
keduca-3.0.3-0.7.i386.rpm 8a900a4900eb3c91bee96854c38f5896
kfax-3.0.3-0.7.2.i386.rpm 632d3c454dbde139231dff3154af7af1
kfile-pdf-3.0.3-0.7.2.i386.rpm 117c2803b365681a1bf91f682d725149
kfile-png-3.0.3-0.7.2.i386.rpm 2bec4e9cde3695289ba6a237e47a9407
kfloppy-3.0.3-0.7.i386.rpm 4c47d387dde4e63558d48bf84c72688c
kfract-3.0.3-0.7.2.i386.rpm 7b74f1789b2dcfbde592ee812c12b19a
kgeo-3.0.3-0.7.i386.rpm b699923f0c3df235f4bd68c370452081
kghostview-3.0.3-0.7.2.i386.rpm 3c2d55f5bdc429f89f110d10bb64b58d
khexedit-3.0.3-0.7.i386.rpm 91655d96af4ca3a1ca9f50e4e7e90bc4
kiconedit-3.0.3-0.7.2.i386.rpm 02c425ba7942358fd36be81db609088e
kit-3.0.3-0.7.2.i386.rpm 26db442ffbbaa1553c5c138a209207ae
kjots-3.0.3-0.7.i386.rpm 91fecfdefae0415b27339394d0f73be5
klettres-3.0.3-0.7.i386.rpm a0842ee9d0239070816f693ae4fdc2f6
kljettool-3.0.3-0.7.i386.rpm 7ad3798fce63da97f8f96f3bbba8a3d4
klpq-3.0.3-0.7.i386.rpm 4d747945f02676ffb75c978a57addb00
klprfax-3.0.3-0.7.i386.rpm 937ea72d67edb7cea2f8cf68fe1e6ec3
kmail-3.0.3-0.7.2.i386.rpm e9ee917df07ea4a6d5c53e3a0bfe5f16
kmessedwords-3.0.3-0.7.i386.rpm d175e65b4af6524d0672c0df3d3fffa2
kmid-3.0.3-0.7.1.i386.rpm 8cc3f07f5f2cc1c276af643b08233c22
kmidi-3.0.3-0.7.1.i386.rpm d5e79b13a53f09cc015e622911dc8fb4
kmix-3.0.3-0.7.1.i386.rpm dbec374bda1a631d3b886207204522fc
knewsticker-3.0.3-0.7.2.i386.rpm a020d8cd85bb2056789993eea951cecd
knode-3.0.3-0.7.2.i386.rpm 48c293f3b92b2115b20b967671530964
knotes-3.0.3-0.7.i386.rpm d87ffc5428a2bf0d05dba1be73e16cbd
koncd-3.0.3-0.7.1.i386.rpm e3f31e79286cd764cc7cf23f8c79129d
kooka-3.0.3-0.7.2.i386.rpm c1140b9165e173bc386367c887f3596c
korn-3.0.3-0.7.2.i386.rpm 88575c727577d629583b8db993e049ec
kpaint-3.0.3-0.7.2.i386.rpm efed4a1469974d3ef0eea80c83993050
kpf-3.0.3-0.7.2.i386.rpm b497fb2b80940ef02a1f56ed098fc326
kppp-3.0.3-0.7.2.i386.rpm 3b65942be18126d51756ec33bb0ebebc
kregexpeditor-3.0.3-0.7.i386.rpm 3c2c96eeb45e2882431c2ac8fa13b0ec
kregexpeditor-devel-3.0.3-0.7.i386.rpm c0973f7501ec7e0cccafcae0b16deae1
kruler-3.0.3-0.7.2.i386.rpm db88094cba76479eb3eb0c3c17f52398
kscd-3.0.3-0.7.1.i386.rpm 2a299ae6cf5ad38552c00fe661732c6e
ksirc-3.0.3-0.7.2.i386.rpm 929eb08ad90c06942db4f2ded6be06eb
ksnapshot-3.0.3-0.7.2.i386.rpm 11a8bb6c42df541d6b22ded6a9e3f060
kstars-3.0.3-0.7.i386.rpm 33085a4aba5134d5f16dad8b6f889837
ktalkd-3.0.3-0.7.2.i386.rpm b6f5bd8a53b07c8bd65fa009ba12afcf
ktimer-3.0.3-0.7.i386.rpm 2c8dae3e5fa5d4a7d18d6497fa01b353
ktouch-3.0.3-0.7.i386.rpm 91363efc95c0db868eb57ed89c4285fb
kuickshow-3.0.3-0.7.2.i386.rpm 8b1ad52acabfa8ed28ae12efc6a7b0f7
kview-3.0.3-0.7.2.i386.rpm 253c465d92fb923ec23dde728b3ef1e6
kviewshell-3.0.3-0.7.2.i386.rpm d41fb35ce2f805abffd42e2347029f13
kviewshell-devel-3.0.3-0.7.2.i386.rpm d3bc4f4b7c9c1516340a3b3f5c874439
kvoctrain-3.0.3-0.7.i386.rpm 4232a7548dad0e40f3b7e93d51951b5e
kxmlrpcd-3.0.3-0.7.2.i386.rpm 9e393ddfc49472320dbcaa394bfbfc52
libkscan-3.0.3-0.7.2.i386.rpm 71a0d83c0b8a1049d200743cac7be748
libkscan-devel-3.0.3-0.7.2.i386.rpm 40169395af0b83079f550087f88bf17b
lisa-3.0.3-0.7.2.i386.rpm 107b12e7ec4f43c41a83c44a8c1728f6
noatun-3.0.3-0.7.1.i386.rpm 402c7189e0e9fa0dd4e79a6d41e061bb
qt-3.0.5-7.14.i386.rpm 960b252e140edd4fde5df0c33c32f724
qt-designer-3.0.5-7.14.i386.rpm 89e26bf00fd8c606673144ddfe613d9b
qt-devel-3.0.5-7.14.i386.rpm 279ff020001cd6605346256a030f3e28
qt-MySQL-3.0.5-7.14.i386.rpm 042a38aabf9ff94bad8fd025035805c2
qt-ODBC-3.0.5-7.14.i386.rpm 84238622cf26b074764229a89cb507db
qt-PostgreSQL-3.0.5-7.14.i386.rpm 6ea56e8b818aa41913de389e36a8cc10
qt-static-3.0.5-7.14.i386.rpm aa7ad857e20ce146caf0f9cb53220ce7
qt-Xt-3.0.5-7.14.i386.rpm 8945494c65048dbb61dd413c44800945
Red Hat Linux 8.0
--------------------------------------------------------------------------------
SRPMS:
kde-i18n-3.0.3-2.src.rpm 382b75abdf9a6283816619bb6614f2a5
kdebase-3.0.3-14.src.rpm eb94d5dcf07bfc59bc25af2e4c8b365d
kdegraphics-3.0.3-5.src.rpm 461fd60d1643e1c31a278234aafdb871
kdelibs-3.0.3-8.3.src.rpm 89bacf26defe3ff0c3ce42c2cbd01ac3
kdenetwork-3.0.3-3.2.src.rpm 9a239e421bb3a3f9d9d3d10f834081b2
i386:
kamera-3.0.3-5.i386.rpm 1760f7c313bbaf68ba245e277dc0e311
kcoloredit-3.0.3-5.i386.rpm 446cf584b68467d9b963ac772fafcbbb
kdebase-3.0.3-14.i386.rpm dae6d36badd1d95e2c158f1b0fbc4a8b
kdebase-devel-3.0.3-14.i386.rpm 8c89468704d83340dcd2d4e8c3701241
kdelibs-3.0.3-8.3.i386.rpm 60301f8226f8a7446046153722483712
kdelibs-devel-3.0.3-8.3.i386.rpm b9e1c80782bfa0757e4464fb948d1dc2
kdenetwork-devel-3.0.3-3.2.i386.rpm 06ce97289ab90412d186e19fc615ea0f
kdenetwork-libs-3.0.3-3.2.i386.rpm d3c939799ab6930fcb2d1f21fa108bf7
kdict-3.0.3-3.2.i386.rpm 003adc9a793b09e7a628d5731970ddb3
kdvi-3.0.3-5.i386.rpm 32619c7f1cfa9923975554ca6398120b
kfax-3.0.3-5.i386.rpm 6cd4586916cd0d1188516d26060115c9
kfile-pdf-3.0.3-5.i386.rpm e5589af68b5a603e907b5f1bfb2490a2
kfile-png-3.0.3-5.i386.rpm e9a05f7b8d2568fc75c184c9426a58d2
kfract-3.0.3-5.i386.rpm 13bdd632276190ab9a33aff390d626ab
kghostview-3.0.3-5.i386.rpm 53b7219215d58dc474a134619c4ce27b
kiconedit-3.0.3-5.i386.rpm 3bddeec68060feab62c78556e7e921b0
kit-3.0.3-3.2.i386.rpm 90bb1850c6360a87a30a88028f08c265
kmail-3.0.3-3.2.i386.rpm d7fc1e03db312bccd31215b647b86e25
knewsticker-3.0.3-3.2.i386.rpm 461b07e357650696f18a8b4f765c7882
knode-3.0.3-3.2.i386.rpm 3a513107098e7352a7739468c46aa3aa
kooka-3.0.3-5.i386.rpm 8a5598ce40edd6659d7894126847c50d
korn-3.0.3-3.2.i386.rpm 9cc380ecfbd57870450474d3d24a6a68
kpaint-3.0.3-5.i386.rpm dacfc37a044a4a8f7ab641112d1e73d2
kpf-3.0.3-3.2.i386.rpm 77e766459f3f5fe35433591ef940a3fc
kppp-3.0.3-3.2.i386.rpm 7107a712a1fb3fbdc421905db2278c72
kruler-3.0.3-5.i386.rpm 0cdd8d4aca4ef9073d20cbf8aba1a0d4
ksirc-3.0.3-3.2.i386.rpm ea39efb6deee4db448ad0967cd0a35c2
ksnapshot-3.0.3-5.i386.rpm 0ded9db8efba14db92c46cc389fc35fe
ktalkd-3.0.3-3.2.i386.rpm 3d5914e0e082ed8f8a1308a1df9cd834
kuickshow-3.0.3-5.i386.rpm 4ebb9ccd7db8a147f09754972fe9c4f7
kview-3.0.3-5.i386.rpm 689c7ec6268931fdc2d578a9bc93b06a
kviewshell-3.0.3-5.i386.rpm 738ab6d68860a7c276e0557c137cc1e4
kviewshell-devel-3.0.3-5.i386.rpm 81aa7b525199ec9aee14d709193804fd
kxmlrpcd-3.0.3-3.2.i386.rpm 069eaeab2380daf632f605321ebe9938
libkscan-3.0.3-5.i386.rpm 3a362ce3349312972cbb16248df1df37
libkscan-devel-3.0.3-5.i386.rpm 1cb0fad25b6f82fec9cd95f285c10980
lisa-3.0.3-3.2.i386.rpm 526dccfd590c76ff657dcf981cf4a44c
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.
Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
Bugs fixed: (see bugzilla for more information)
73412 - KDE screensaver just blanks screen
74071 - Better way to handle desktop file renames
75085 - Banner of Taiwan
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0838
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1151
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1152
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1223
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1247
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1281
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1282
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1306
http://marc.theaimsgroup.com/?l=bugtraq&m=102977530005148
http://www.kde.org/info/security/advisory-20020908-1.txt
http://www.kde.org/info/security/advisory-20020908-2.txt
http://www.kde.org/info/security/advisory-20021008-1.txt
http://www.kde.org/info/security/advisory-20021008-2.txt
http://www.kde.org/info/security/advisory-20021111-1.txt
http://www.kde.org/info/security/advisory-20021111-2.txt
Keywords:
flaw:buf, flaw:css, flaw:design, flaw:infoleak, flaw:spoof
--------------------------------------------------------------------------------
The listed packages are GPG signed by Red Hat, Inc. for security. Our key is
available at:
http://www.redhat.com/solutions/security/news/publickey.html#key
You can verify each package and see who signed it with the following command:
rpm --checksig -v filename
If you only wish to verify that each package has not been corrupted or tampered
with, examine only the md5sum with the following command: rpm --checksig
--nogpg -v filename
Note that you need RPM >= 3.0 to check GnuPG keys.
[***** End Red Hat Security Advisory RHSA-2002:220-40 *****]
_______________________________________________________________________________
CIAC wishes to acknowledge the contributions of Red Hat, Inc. for the
information contained in this bulletin.
_______________________________________________________________________________
CIAC, the Computer Incident Advisory Capability, is the computer
security incident response team for the U.S. Department of Energy
(DOE) and the emergency backup response team for the National
Institutes of Health (NIH). CIAC is located at the Lawrence Livermore
National Laboratory in Livermore, California. CIAC is also a founding
member of FIRST, the Forum of Incident Response and Security Teams, a
global organization established to foster cooperation and coordination
among computer security teams worldwide.
CIAC services are available to DOE, DOE contractors, and the NIH. CIAC
can be contacted at:
Voice: +1 925-422-8193 (7x24)
FAX: +1 925-423-8002
STU-III: +1 925-423-2604
E-mail: ciac@ciac.org
Previous CIAC notices, anti-virus software, and other information are
available from the CIAC Computer Security Archive.
World Wide Web: http://www.ciac.org/
Anonymous FTP: ftp.ciac.org
PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing
communities receive CIAC bulletins. If you are not part of these
communities, please contact your agency's response team to report
incidents. Your agency's team will coordinate with CIAC. The Forum of
Incident Response and Security Teams (FIRST) is a world-wide
organization. A list of FIRST member organizations and their
constituencies can be obtained via WWW at http://www.first.org/.
This document was prepared as an account of work sponsored by an
agency of the United States Government. Neither the United States
Government nor the University of California nor any of their
employees, makes any warranty, express or implied, or assumes any
legal liability or responsibility for the accuracy, completeness, or
usefulness of any information, apparatus, product, or process
disclosed, or represents that its use would not infringe privately
owned rights. Reference herein to any specific commercial products,
process, or service by trade name, trademark, manufacturer, or
otherwise, does not necessarily constitute or imply its endorsement,
recommendation or favoring by the United States Government or the
University of California. The views and opinions of authors expressed
herein do not necessarily state or reflect those of the United States
Government or the University of California, and shall not be used for
advertising or product endorsement purposes.
LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC)
N-010: Web-Based Enterprise Management on Solaris 8 Installs Insecure Files
N-011: Cumulative Patch for Internet Information Service
N-012: Windows 2000 Default Permissions Could Allow Trojan Horse Program
N-013: ISC Remote Vulnerabilities in BIND4 and BIND8
N-014: Trojan Horse tcpdump and libpcap Distributions
N-015: SGI IRIX lpd Daemon Vulnerabilities via sendmail and dns
N-016: Buffer Overrun in Microsoft Data Access Components (MDAC)
N-017: Cisco PIX Multiple Vulnerabilities
N-018: Microsoft Cumulative Patch for Internet Explorer
N-019: Samba Encrypted Password Buffer Overrun Vulnerability
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH
