Date: 21 Aug 2004 06:40:10 -0000
From: Mandrake Linux Security Team <[email protected]>
To: [email protected]Subject: MDKSA-2004:086 - Updated kdelibs and kdebase packages fix multiple vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: kdelibs/kdebase
Advisory ID: MDKSA-2004:086
Date: August 20th, 2004
Affected versions: 10.0, 9.2
______________________________________________________________________
Problem Description:
A number of vulnerabilities were discovered in KDE that are corrected
with these update packages.
The integrity of symlinks used by KDE are not ensured and as a result
can be abused by local attackers to create or truncate arbitrary files
or to prevent KDE applications from functioning correctly
(CAN-2004-0689).
The DCOPServer creates temporary files in an insecure manner. These
temporary files are used for authentication-related purposes, so this
could potentially allow a local attacker to compromise the account of
any user running a KDE application (CAN-2004-0690). Note that only
KDE 3.2.x is affected by this vulnerability.
The Konqueror web browser allows websites to load web pages into a
frame of any other frame-based web page that the user may have open.
This could potentially allow a malicious website to make Konqueror
insert its own frames into the page of an otherwise trusted website
(CAN-02004-0721).
The Konqueror web browser also allows websites to set cookies for
certain country-specific top-level domains. This can be done to
make Konqueror send the cookies to all other web sites operating
under the same domain, which can be abused to become part of a
session fixation attack. All country-specific secondary top-level
domains that use more than 2 characters in the secondary part of the
domain name, and that use a secondary part other than com, net, mil,
org, gove, edu, or int are affected (CAN-2004-0746).
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0689http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0690http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0721http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0746http://www.kde.org/info/security/advisory-20040811-1.txthttp://www.kde.org/info/security/advisory-20040811-2.txthttp://www.kde.org/info/security/advisory-20040811-3.txthttp://www.kde.org/info/security/advisory-20040820-1.txt
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
510438b78f3516746d4b4ed60ac212b3 10.0/RPMS/kdebase-3.2-79.2.100mdk.i586.rpm
c8cf4ce9cf1d249b4a2bed3c66528803 10.0/RPMS/kdebase-common-3.2-79.2.100mdk.i586.rpm
d38633d8cba665bbe1237813e45b0f7b 10.0/RPMS/kdebase-kate-3.2-79.2.100mdk.i586.rpm
5854609ecb04e39b0bc07e9a33778488 10.0/RPMS/kdebase-kcontrol-data-3.2-79.2.100mdk.i586.rpm
48727a4e1dd5df1bd52276f03ae8edd3 10.0/RPMS/kdebase-kdeprintfax-3.2-79.2.100mdk.i586.rpm
52fc69771ec698ba332870cbfa618a60 10.0/RPMS/kdebase-kdm-3.2-79.2.100mdk.i586.rpm
d3ae0bc755db0665e12472a2e22ebd90 10.0/RPMS/kdebase-kdm-config-file-3.2-79.2.100mdk.i586.rpm
85d8b0ebf0421963f652424b0441145c 10.0/RPMS/kdebase-kmenuedit-3.2-79.2.100mdk.i586.rpm
222d9900d8f30961f04b870c5a949a1f 10.0/RPMS/kdebase-konsole-3.2-79.2.100mdk.i586.rpm
554b091c26d0461831323389292cc72d 10.0/RPMS/kdebase-nsplugins-3.2-79.2.100mdk.i586.rpm
487748d51da06a36180d18a0cedda4c5 10.0/RPMS/kdebase-progs-3.2-79.2.100mdk.i586.rpm
0f4088f33543e6f0f263537964cfccee 10.0/RPMS/kdelibs-common-3.2-36.3.100mdk.i586.rpm
9cc536b2ffd48b6b5354ba8967638d3e 10.0/RPMS/libkdebase4-3.2-79.2.100mdk.i586.rpm
32ed1e7ed670e6c01716f491b8181e8d 10.0/RPMS/libkdebase4-devel-3.2-79.2.100mdk.i586.rpm
ea55a16ba1f7cd6ea2dabd274ce023bf 10.0/RPMS/libkdebase4-kate-3.2-79.2.100mdk.i586.rpm
df122aa36fd811d3d97aafcff1d6aed7 10.0/RPMS/libkdebase4-kate-devel-3.2-79.2.100mdk.i586.rpm
598709de41b8101c44e0a82e52718340 10.0/RPMS/libkdebase4-kmenuedit-3.2-79.2.100mdk.i586.rpm
71f277606a8b5d17ca3f7a09aba486f7 10.0/RPMS/libkdebase4-konsole-3.2-79.2.100mdk.i586.rpm
bceb452042e0c72d475139f4efe7a0c5 10.0/RPMS/libkdebase4-nsplugins-3.2-79.2.100mdk.i586.rpm
ffc1728d50b17dd3cae6f1e2ad0589e2 10.0/RPMS/libkdebase4-nsplugins-devel-3.2-79.2.100mdk.i586.rpm
82d343a84048b56353c97b72b771ea81 10.0/RPMS/libkdecore4-3.2-36.3.100mdk.i586.rpm
7fd56a29040d0708e5d4650228c3534d 10.0/RPMS/libkdecore4-devel-3.2-36.3.100mdk.i586.rpm
d2a3e8c4391af933ebc2e48cc4aa8dee 10.0/SRPMS/kdebase-3.2-79.2.100mdk.src.rpm
93330083dd59710108f6977107562aaf 10.0/SRPMS/kdelibs-3.2-36.3.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
8edf6ee3527aef3399db27ee98d39c6f amd64/10.0/RPMS/kdebase-3.2-79.2.100mdk.amd64.rpm
58b4defe043743d137f05b27bb7c0c87 amd64/10.0/RPMS/kdebase-common-3.2-79.2.100mdk.amd64.rpm
6bc0bdb8dcebfd4f9a010a8a257c67f6 amd64/10.0/RPMS/kdebase-kate-3.2-79.2.100mdk.amd64.rpm
0cd79e56ddf5fcdaa08bb9d6d60103f8 amd64/10.0/RPMS/kdebase-kcontrol-data-3.2-79.2.100mdk.amd64.rpm
0c7e8f118a150dbe63eac16476571cec amd64/10.0/RPMS/kdebase-kdeprintfax-3.2-79.2.100mdk.amd64.rpm
f659c4d625218bde4dbf87cf0c457faa amd64/10.0/RPMS/kdebase-kdm-3.2-79.2.100mdk.amd64.rpm
2065540f835e04eb269c1ab3e070289b amd64/10.0/RPMS/kdebase-kdm-config-file-3.2-79.2.100mdk.amd64.rpm
02a45357b22c1374d6919b70997b4b8d amd64/10.0/RPMS/kdebase-kmenuedit-3.2-79.2.100mdk.amd64.rpm
6db6c45484be318eb53d5cbeef9a6e0e amd64/10.0/RPMS/kdebase-konsole-3.2-79.2.100mdk.amd64.rpm
567cae5415e7b1d3d8091d264ca98ea2 amd64/10.0/RPMS/kdebase-nsplugins-3.2-79.2.100mdk.amd64.rpm
6c597ced6b9590ebfc5ed1b8fef8190c amd64/10.0/RPMS/kdebase-progs-3.2-79.2.100mdk.amd64.rpm
c7c0135d79620f0a6002d546408e7be0 amd64/10.0/RPMS/kdelibs-common-3.2-36.3.100mdk.amd64.rpm
57e18c9dca64cb6d4201f49719a0f591 amd64/10.0/RPMS/lib64kdebase4-3.2-79.2.100mdk.amd64.rpm
aec6a23128624c32cf8ff302e15a0dce amd64/10.0/RPMS/lib64kdebase4-devel-3.2-79.2.100mdk.amd64.rpm
d331d129437e959fe5952645205c602b amd64/10.0/RPMS/lib64kdebase4-kate-3.2-79.2.100mdk.amd64.rpm
eac31119b4c7450e59bc4f855fef8ee3 amd64/10.0/RPMS/lib64kdebase4-kate-devel-3.2-79.2.100mdk.amd64.rpm
7692a8d3eb9085c4e01a6f82d22e54ea amd64/10.0/RPMS/lib64kdebase4-kmenuedit-3.2-79.2.100mdk.amd64.rpm
0dfd8eb1e9389b810cd541cbe78bbb37 amd64/10.0/RPMS/lib64kdebase4-konsole-3.2-79.2.100mdk.amd64.rpm
8611b9991340db56c60c4cc25cbe5a95 amd64/10.0/RPMS/lib64kdebase4-nsplugins-3.2-79.2.100mdk.amd64.rpm
a72df10c2073f103963b763b68e1d6eb amd64/10.0/RPMS/lib64kdebase4-nsplugins-devel-3.2-79.2.100mdk.amd64.rpm
249dd74dd637791186829757f06a1291 amd64/10.0/RPMS/lib64kdecore4-3.2-36.3.100mdk.amd64.rpm
308cf4ac4d2eddb590e8e867175c2311 amd64/10.0/RPMS/lib64kdecore4-devel-3.2-36.3.100mdk.amd64.rpm
d2a3e8c4391af933ebc2e48cc4aa8dee amd64/10.0/SRPMS/kdebase-3.2-79.2.100mdk.src.rpm
93330083dd59710108f6977107562aaf amd64/10.0/SRPMS/kdelibs-3.2-36.3.100mdk.src.rpm
Mandrakelinux 9.2:
7a437fd66146531dd156af9466460b7f 9.2/RPMS/kdebase-3.1.3-79.2.92mdk.i586.rpm
46678bcc9b2e2af5f5b83b419d022522 9.2/RPMS/kdebase-common-3.1.3-79.2.92mdk.i586.rpm
abee5d0c191812f382c6247ca87ad466 9.2/RPMS/kdebase-kate-3.1.3-79.2.92mdk.i586.rpm
9afe4816f3316c153105f6fe60eb5c27 9.2/RPMS/kdebase-kdeprintfax-3.1.3-79.2.92mdk.i586.rpm
314684650edf45d258955afd7a0cd71a 9.2/RPMS/kdebase-kdm-3.1.3-79.2.92mdk.i586.rpm
cebc25881d037ce59f3de2cc3ba7f3f3 9.2/RPMS/kdebase-kdm-config-file-3.1.3-79.2.92mdk.i586.rpm
538d05e93fd88a3c57cb358b5cd36dd4 9.2/RPMS/kdebase-konsole-3.1.3-79.2.92mdk.i586.rpm
d48c6377c5b580d668135c4afdddf3d1 9.2/RPMS/kdebase-nsplugins-3.1.3-79.2.92mdk.i586.rpm
f2ad83707508d33d9dd63d77ec2d82e8 9.2/RPMS/kdebase-progs-3.1.3-79.2.92mdk.i586.rpm
beca2c6a0458a32f8433cfd3702733e6 9.2/RPMS/kdelibs-common-3.1.3-35.3.92mdk.i586.rpm
285672f9688c2fb212b51398dc3085c1 9.2/RPMS/libkdebase4-3.1.3-79.2.92mdk.i586.rpm
382e809df95c5b9ecf3cf64521a71816 9.2/RPMS/libkdebase4-devel-3.1.3-79.2.92mdk.i586.rpm
d6ff93e7d16d284a96c6113c784ae60f 9.2/RPMS/libkdebase4-kate-3.1.3-79.2.92mdk.i586.rpm
9e710e6502f32e9fa12e621e9cfdf4d0 9.2/RPMS/libkdebase4-kate-devel-3.1.3-79.2.92mdk.i586.rpm
47a2a05820b54bec347afd26da339203 9.2/RPMS/libkdebase4-konsole-3.1.3-79.2.92mdk.i586.rpm
4863e95228969e3ed2f9daa2278d4276 9.2/RPMS/libkdebase4-nsplugins-3.1.3-79.2.92mdk.i586.rpm
85dabe0527172fdf9202c724776d9d62 9.2/RPMS/libkdebase4-nsplugins-devel-3.1.3-79.2.92mdk.i586.rpm
f0add02f5422c3f62cfbecd0f2a26b2d 9.2/RPMS/libkdecore4-3.1.3-35.3.92mdk.i586.rpm
e8923bf7bc65c13bdd8fd18208ab550e 9.2/RPMS/libkdecore4-devel-3.1.3-35.3.92mdk.i586.rpm
c54061baeb0b3498ccf8d776dc36fd9d 9.2/SRPMS/kdebase-3.1.3-79.2.92mdk.src.rpm
0e24de240e1a84326df7332499b452c7 9.2/SRPMS/kdelibs-3.1.3-35.3.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
daf7342d2c27f510597058428738a5d3 amd64/9.2/RPMS/kdebase-3.1.3-79.2.92mdk.amd64.rpm
b03fbd0ebd368d78616c99adbfcbfdd2 amd64/9.2/RPMS/kdebase-common-3.1.3-79.2.92mdk.amd64.rpm
46c62f4ef453fa25213ff26d47e46057 amd64/9.2/RPMS/kdebase-kate-3.1.3-79.2.92mdk.amd64.rpm
5ec5e4dd405ce0605780553ddbd47604 amd64/9.2/RPMS/kdebase-kdeprintfax-3.1.3-79.2.92mdk.amd64.rpm
f124a86ffaa161f8101344c0bda1ae39 amd64/9.2/RPMS/kdebase-kdm-3.1.3-79.2.92mdk.amd64.rpm
36da16dd458a163090098aeefe5eb619 amd64/9.2/RPMS/kdebase-kdm-config-file-3.1.3-79.2.92mdk.amd64.rpm
7c12240ad3e6b73fd0b24ae4d98fc0da amd64/9.2/RPMS/kdebase-konsole-3.1.3-79.2.92mdk.amd64.rpm
b8c04a16954a7374b6194415f6e5e15a amd64/9.2/RPMS/kdebase-nsplugins-3.1.3-79.2.92mdk.amd64.rpm
6f855be2d1961dc75c5f1283cd25e71b amd64/9.2/RPMS/kdebase-progs-3.1.3-79.2.92mdk.amd64.rpm
b9a0ba03005f212d8f2c8f5b952ef8e2 amd64/9.2/RPMS/kdelibs-common-3.1.3-35.3.92mdk.amd64.rpm
999bf091090905ea8d07aec1ec97fed2 amd64/9.2/RPMS/lib64kdebase4-3.1.3-79.2.92mdk.amd64.rpm
b744accc86241864b23662265a6f2c9f amd64/9.2/RPMS/lib64kdebase4-devel-3.1.3-79.2.92mdk.amd64.rpm
596fefe16698fecd8d7ce04f19d048ff amd64/9.2/RPMS/lib64kdebase4-kate-3.1.3-79.2.92mdk.amd64.rpm
caa45d71983b623a59923b18f6bb4f69 amd64/9.2/RPMS/lib64kdebase4-kate-devel-3.1.3-79.2.92mdk.amd64.rpm
7dd01ca77c94ff3a018dd5779605e67c amd64/9.2/RPMS/lib64kdebase4-konsole-3.1.3-79.2.92mdk.amd64.rpm
1d3f7e3e031df08ed17f77df6505cb47 amd64/9.2/RPMS/lib64kdebase4-nsplugins-3.1.3-79.2.92mdk.amd64.rpm
f6f15ceb62c4abde32406bc1ae75b864 amd64/9.2/RPMS/lib64kdebase4-nsplugins-devel-3.1.3-79.2.92mdk.amd64.rpm
9478889d65eff687203a5ccf19ca3a28 amd64/9.2/RPMS/lib64kdecore4-3.1.3-35.3.92mdk.amd64.rpm
3c53063491a5f3a5ca4e51708fd85763 amd64/9.2/RPMS/lib64kdecore4-devel-3.1.3-35.3.92mdk.amd64.rpm
c54061baeb0b3498ccf8d776dc36fd9d amd64/9.2/SRPMS/kdebase-3.1.3-79.2.92mdk.src.rpm
0e24de240e1a84326df7332499b452c7 amd64/9.2/SRPMS/kdelibs-3.1.3-35.3.92mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFBJu5KmqjQ0CJFipgRAlWiAKDXTRUqWqhoeRAivy7VOzPKCq/V4wCfZN8o
GMqJ2higHvhiSI/uKyg5Xyg=
=ER04
-----END PGP SIGNATURE-----