Jump to content

Updated kdelibs and kdebase fix vulnerabilities

mystified

By mystified
in Mandriva Security Advisories

 Share

Recommended Posts

mystified Platinum

mystified

Posted
Posted

Mandrakesoft Security Advisories

 

Package name kdelibs/kdebase

Date August 20th, 2004

Advisory ID MDKSA-2004:086

Affected versions 9.2, 10.0

Synopsis Updated kdelibs and kdebase packages fix multiple vulnerabilities

 

 

Problem Description

 

A number of vulnerabilities were discovered in KDE that are corrected with these update packages.

 

The integrity of symlinks used by KDE are not ensured and as a result can be abused by local attackers to create or truncate arbitrary files or to prevent KDE applications from functioning correctly (CAN-2004-0689).

 

The DCOPServer creates temporary files in an insecure manner. These temporary files are used for authentication-related purposes, so this could potentially allow a local attacker to compromise the account of any user running a KDE application (CAN-2004-0690). Note that only KDE 3.2.x is affected by this vulnerability.

 

The Konqueror web browser allows websites to load web pages into a frame of any other frame-based web page that the user may have open. This could potentially allow a malicious website to make Konqueror insert its own frames into the page of an otherwise trusted website (CAN-2004-0721).

 

The Konqueror web browser also allows websites to set cookies for certain country-specific top-level domains. This can be done to make Konqueror send the cookies to all other web sites operating under the same domain, which can be abused to become part of a session fixation attack. All country-specific secondary top-level domains that use more than 2 characters in the secondary part of the domain name, and that use a secondary part other than com, net, mil, org, gove, edu, or int are affected (CAN-2004-0746).

 

 

Updated Packages

 

 

Mandrakelinux 9.2

 

7a437fd66146531dd156af9466460b7f 9.2/RPMS/kdebase-3.1.3-79.2.92mdk.i586.rpm

46678bcc9b2e2af5f5b83b419d022522 9.2/RPMS/kdebase-common-3.1.3-79.2.92mdk.i586.rpm

abee5d0c191812f382c6247ca87ad466 9.2/RPMS/kdebase-kate-3.1.3-79.2.92mdk.i586.rpm

9afe4816f3316c153105f6fe60eb5c27 9.2/RPMS/kdebase-kdeprintfax-3.1.3-79.2.92mdk.i586.rpm

314684650edf45d258955afd7a0cd71a 9.2/RPMS/kdebase-kdm-3.1.3-79.2.92mdk.i586.rpm

cebc25881d037ce59f3de2cc3ba7f3f3 9.2/RPMS/kdebase-kdm-config-file-3.1.3-79.2.92mdk.i586.rpm

538d05e93fd88a3c57cb358b5cd36dd4 9.2/RPMS/kdebase-konsole-3.1.3-79.2.92mdk.i586.rpm

d48c6377c5b580d668135c4afdddf3d1 9.2/RPMS/kdebase-nsplugins-3.1.3-79.2.92mdk.i586.rpm

f2ad83707508d33d9dd63d77ec2d82e8 9.2/RPMS/kdebase-progs-3.1.3-79.2.92mdk.i586.rpm

beca2c6a0458a32f8433cfd3702733e6 9.2/RPMS/kdelibs-common-3.1.3-35.3.92mdk.i586.rpm

285672f9688c2fb212b51398dc3085c1 9.2/RPMS/libkdebase4-3.1.3-79.2.92mdk.i586.rpm

382e809df95c5b9ecf3cf64521a71816 9.2/RPMS/libkdebase4-devel-3.1.3-79.2.92mdk.i586.rpm

d6ff93e7d16d284a96c6113c784ae60f 9.2/RPMS/libkdebase4-kate-3.1.3-79.2.92mdk.i586.rpm

9e710e6502f32e9fa12e621e9cfdf4d0 9.2/RPMS/libkdebase4-kate-devel-3.1.3-79.2.92mdk.i586.rpm

47a2a05820b54bec347afd26da339203 9.2/RPMS/libkdebase4-konsole-3.1.3-79.2.92mdk.i586.rpm

4863e95228969e3ed2f9daa2278d4276 9.2/RPMS/libkdebase4-nsplugins-3.1.3-79.2.92mdk.i586.rpm

85dabe0527172fdf9202c724776d9d62 9.2/RPMS/libkdebase4-nsplugins-devel-3.1.3-79.2.92mdk.i586.rpm

f0add02f5422c3f62cfbecd0f2a26b2d 9.2/RPMS/libkdecore4-3.1.3-35.3.92mdk.i586.rpm

e8923bf7bc65c13bdd8fd18208ab550e 9.2/RPMS/libkdecore4-devel-3.1.3-35.3.92mdk.i586.rpm

c54061baeb0b3498ccf8d776dc36fd9d 9.2/SRPMS/kdebase-3.1.3-79.2.92mdk.src.rpm

0e24de240e1a84326df7332499b452c7 9.2/SRPMS/kdelibs-3.1.3-35.3.92mdk.src.rpm

 

Mandrakelinux 9.2/AMD64

 

daf7342d2c27f510597058428738a5d3 amd64/9.2/RPMS/kdebase-3.1.3-79.2.92mdk.amd64.rpm

b03fbd0ebd368d78616c99adbfcbfdd2 amd64/9.2/RPMS/kdebase-common-3.1.3-79.2.92mdk.amd64.rpm

46c62f4ef453fa25213ff26d47e46057 amd64/9.2/RPMS/kdebase-kate-3.1.3-79.2.92mdk.amd64.rpm

5ec5e4dd405ce0605780553ddbd47604 amd64/9.2/RPMS/kdebase-kdeprintfax-3.1.3-79.2.92mdk.amd64.rpm

f124a86ffaa161f8101344c0bda1ae39 amd64/9.2/RPMS/kdebase-kdm-3.1.3-79.2.92mdk.amd64.rpm

36da16dd458a163090098aeefe5eb619 amd64/9.2/RPMS/kdebase-kdm-config-file-3.1.3-79.2.92mdk.amd64.rpm

7c12240ad3e6b73fd0b24ae4d98fc0da amd64/9.2/RPMS/kdebase-konsole-3.1.3-79.2.92mdk.amd64.rpm

b8c04a16954a7374b6194415f6e5e15a amd64/9.2/RPMS/kdebase-nsplugins-3.1.3-79.2.92mdk.amd64.rpm

6f855be2d1961dc75c5f1283cd25e71b amd64/9.2/RPMS/kdebase-progs-3.1.3-79.2.92mdk.amd64.rpm

b9a0ba03005f212d8f2c8f5b952ef8e2 amd64/9.2/RPMS/kdelibs-common-3.1.3-35.3.92mdk.amd64.rpm

999bf091090905ea8d07aec1ec97fed2 amd64/9.2/RPMS/lib64kdebase4-3.1.3-79.2.92mdk.amd64.rpm

b744accc86241864b23662265a6f2c9f amd64/9.2/RPMS/lib64kdebase4-devel-3.1.3-79.2.92mdk.amd64.rpm

596fefe16698fecd8d7ce04f19d048ff amd64/9.2/RPMS/lib64kdebase4-kate-3.1.3-79.2.92mdk.amd64.rpm

caa45d71983b623a59923b18f6bb4f69 amd64/9.2/RPMS/lib64kdebase4-kate-devel-3.1.3-79.2.92mdk.amd64.rpm

7dd01ca77c94ff3a018dd5779605e67c amd64/9.2/RPMS/lib64kdebase4-konsole-3.1.3-79.2.92mdk.amd64.rpm

1d3f7e3e031df08ed17f77df6505cb47 amd64/9.2/RPMS/lib64kdebase4-nsplugins-3.1.3-79.2.92mdk.amd64.rpm

f6f15ceb62c4abde32406bc1ae75b864 amd64/9.2/RPMS/lib64kdebase4-nsplugins-devel-3.1.3-79.2.92mdk.amd64.rpm

9478889d65eff687203a5ccf19ca3a28 amd64/9.2/RPMS/lib64kdecore4-3.1.3-35.3.92mdk.amd64.rpm

3c53063491a5f3a5ca4e51708fd85763 amd64/9.2/RPMS/lib64kdecore4-devel-3.1.3-35.3.92mdk.amd64.rpm

c54061baeb0b3498ccf8d776dc36fd9d amd64/9.2/SRPMS/kdebase-3.1.3-79.2.92mdk.src.rpm

0e24de240e1a84326df7332499b452c7 amd64/9.2/SRPMS/kdelibs-3.1.3-35.3.92mdk.src.rpm

 

Mandrakelinux 10.0

 

510438b78f3516746d4b4ed60ac212b3 10.0/RPMS/kdebase-3.2-79.2.100mdk.i586.rpm

c8cf4ce9cf1d249b4a2bed3c66528803 10.0/RPMS/kdebase-common-3.2-79.2.100mdk.i586.rpm

d38633d8cba665bbe1237813e45b0f7b 10.0/RPMS/kdebase-kate-3.2-79.2.100mdk.i586.rpm

5854609ecb04e39b0bc07e9a33778488 10.0/RPMS/kdebase-kcontrol-data-3.2-79.2.100mdk.i586.rpm

48727a4e1dd5df1bd52276f03ae8edd3 10.0/RPMS/kdebase-kdeprintfax-3.2-79.2.100mdk.i586.rpm

52fc69771ec698ba332870cbfa618a60 10.0/RPMS/kdebase-kdm-3.2-79.2.100mdk.i586.rpm

d3ae0bc755db0665e12472a2e22ebd90 10.0/RPMS/kdebase-kdm-config-file-3.2-79.2.100mdk.i586.rpm

85d8b0ebf0421963f652424b0441145c 10.0/RPMS/kdebase-kmenuedit-3.2-79.2.100mdk.i586.rpm

222d9900d8f30961f04b870c5a949a1f 10.0/RPMS/kdebase-konsole-3.2-79.2.100mdk.i586.rpm

554b091c26d0461831323389292cc72d 10.0/RPMS/kdebase-nsplugins-3.2-79.2.100mdk.i586.rpm

487748d51da06a36180d18a0cedda4c5 10.0/RPMS/kdebase-progs-3.2-79.2.100mdk.i586.rpm

0f4088f33543e6f0f263537964cfccee 10.0/RPMS/kdelibs-common-3.2-36.3.100mdk.i586.rpm

9cc536b2ffd48b6b5354ba8967638d3e 10.0/RPMS/libkdebase4-3.2-79.2.100mdk.i586.rpm

32ed1e7ed670e6c01716f491b8181e8d 10.0/RPMS/libkdebase4-devel-3.2-79.2.100mdk.i586.rpm

ea55a16ba1f7cd6ea2dabd274ce023bf 10.0/RPMS/libkdebase4-kate-3.2-79.2.100mdk.i586.rpm

df122aa36fd811d3d97aafcff1d6aed7 10.0/RPMS/libkdebase4-kate-devel-3.2-79.2.100mdk.i586.rpm

598709de41b8101c44e0a82e52718340 10.0/RPMS/libkdebase4-kmenuedit-3.2-79.2.100mdk.i586.rpm

71f277606a8b5d17ca3f7a09aba486f7 10.0/RPMS/libkdebase4-konsole-3.2-79.2.100mdk.i586.rpm

bceb452042e0c72d475139f4efe7a0c5 10.0/RPMS/libkdebase4-nsplugins-3.2-79.2.100mdk.i586.rpm

ffc1728d50b17dd3cae6f1e2ad0589e2 10.0/RPMS/libkdebase4-nsplugins-devel-3.2-79.2.100mdk.i586.rpm

82d343a84048b56353c97b72b771ea81 10.0/RPMS/libkdecore4-3.2-36.3.100mdk.i586.rpm

7fd56a29040d0708e5d4650228c3534d 10.0/RPMS/libkdecore4-devel-3.2-36.3.100mdk.i586.rpm

d2a3e8c4391af933ebc2e48cc4aa8dee 10.0/SRPMS/kdebase-3.2-79.2.100mdk.src.rpm

93330083dd59710108f6977107562aaf 10.0/SRPMS/kdelibs-3.2-36.3.100mdk.src.rpm

 

Mandrakelinux 10.0/AMD64

 

8edf6ee3527aef3399db27ee98d39c6f amd64/10.0/RPMS/kdebase-3.2-79.2.100mdk.amd64.rpm

58b4defe043743d137f05b27bb7c0c87 amd64/10.0/RPMS/kdebase-common-3.2-79.2.100mdk.amd64.rpm

6bc0bdb8dcebfd4f9a010a8a257c67f6 amd64/10.0/RPMS/kdebase-kate-3.2-79.2.100mdk.amd64.rpm

0cd79e56ddf5fcdaa08bb9d6d60103f8 amd64/10.0/RPMS/kdebase-kcontrol-data-3.2-79.2.100mdk.amd64.rpm

0c7e8f118a150dbe63eac16476571cec amd64/10.0/RPMS/kdebase-kdeprintfax-3.2-79.2.100mdk.amd64.rpm

f659c4d625218bde4dbf87cf0c457faa amd64/10.0/RPMS/kdebase-kdm-3.2-79.2.100mdk.amd64.rpm

2065540f835e04eb269c1ab3e070289b amd64/10.0/RPMS/kdebase-kdm-config-file-3.2-79.2.100mdk.amd64.rpm

02a45357b22c1374d6919b70997b4b8d amd64/10.0/RPMS/kdebase-kmenuedit-3.2-79.2.100mdk.amd64.rpm

6db6c45484be318eb53d5cbeef9a6e0e amd64/10.0/RPMS/kdebase-konsole-3.2-79.2.100mdk.amd64.rpm

567cae5415e7b1d3d8091d264ca98ea2 amd64/10.0/RPMS/kdebase-nsplugins-3.2-79.2.100mdk.amd64.rpm

6c597ced6b9590ebfc5ed1b8fef8190c amd64/10.0/RPMS/kdebase-progs-3.2-79.2.100mdk.amd64.rpm

c7c0135d79620f0a6002d546408e7be0 amd64/10.0/RPMS/kdelibs-common-3.2-36.3.100mdk.amd64.rpm

57e18c9dca64cb6d4201f49719a0f591 amd64/10.0/RPMS/lib64kdebase4-3.2-79.2.100mdk.amd64.rpm

aec6a23128624c32cf8ff302e15a0dce amd64/10.0/RPMS/lib64kdebase4-devel-3.2-79.2.100mdk.amd64.rpm

d331d129437e959fe5952645205c602b amd64/10.0/RPMS/lib64kdebase4-kate-3.2-79.2.100mdk.amd64.rpm

eac31119b4c7450e59bc4f855fef8ee3 amd64/10.0/RPMS/lib64kdebase4-kate-devel-3.2-79.2.100mdk.amd64.rpm

7692a8d3eb9085c4e01a6f82d22e54ea amd64/10.0/RPMS/lib64kdebase4-kmenuedit-3.2-79.2.100mdk.amd64.rpm

0dfd8eb1e9389b810cd541cbe78bbb37 amd64/10.0/RPMS/lib64kdebase4-konsole-3.2-79.2.100mdk.amd64.rpm

8611b9991340db56c60c4cc25cbe5a95 amd64/10.0/RPMS/lib64kdebase4-nsplugins-3.2-79.2.100mdk.amd64.rpm

a72df10c2073f103963b763b68e1d6eb amd64/10.0/RPMS/lib64kdebase4-nsplugins-devel-3.2-79.2.100mdk.amd64.rpm

249dd74dd637791186829757f06a1291 amd64/10.0/RPMS/lib64kdecore4-3.2-36.3.100mdk.amd64.rpm

308cf4ac4d2eddb590e8e867175c2311 amd64/10.0/RPMS/lib64kdecore4-devel-3.2-36.3.100mdk.amd64.rpm

d2a3e8c4391af933ebc2e48cc4aa8dee amd64/10.0/SRPMS/kdebase-3.2-79.2.100mdk.src.rpm

93330083dd59710108f6977107562aaf amd64/10.0/SRPMS/kdelibs-3.2-36.3.100mdk.src.rpm

 

References

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0746

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0721

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0689

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0690

http://www.kde.org/info/security/advisory-20040811-3.txt

http://www.kde.org/info/security/advisory-20040811-2.txt

http://www.kde.org/info/security/advisory-20040811-1.txt

http://www.kde.org/info/security/advisory-20040820-1.txt

 

 

Upgrade

 

 

To upgrade automatically, use MandrakeUpdate.

 

Verification

 

 

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command:

 

rpm --checksig package.rpm

 

 

You can get the GPG public key of the Mandrakelinux Security Team to verify the GPG signature of each RPM.

 

If you us

Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...