Oval Definition:oval:com.redhat.rhsa:def:20050009
Revision Date:2005-02-10Version:502
Title:RHSA-2005:009: kdelibs, kdebase security update (Important)
Description:The kdelibs packages include libraries for the K Desktop Environment. The kdebase packages include core applications for the K Desktop Environment.

Secunia Research discovered a window injection spoofing vulnerability affecting the Konqueror web browser. This issue could allow a malicious website to show arbitrary content in a different browser window. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-1158 to this issue.

A bug was discovered in the way kioslave handles URL-encoded newline (%0a) characters before the FTP command. It is possible that a specially crafted URL could be used to execute any ftp command on a remote server, or potentially send unsolicited email. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-1165 to this issue.

A bug was discovered that can crash KDE screensaver under certain local circumstances. This could allow an attacker with physical access to the workstation to take over a locked desktop session. Please note that this issue only affects Red Hat Enterprise Linux 2.1. The Common Vulnerabilities and Exposures project has assigned the name CAN-2005-0078 to this issue.

All users of KDE are advised to upgrade to this updated packages, which contain backported patches to correct these issues.
Family:unixClass:patch
Status:Reference(s):CVE-2004-1158
CVE-2004-1165
CVE-2005-0078
RHSA-2005:009-01
Platform(s):Red Hat Enterprise Linux 3
Product(s):
Definition Synopsis
  • Red Hat Enterprise Linux 3 is installed
  • AND Package Information
  • kdelibs is earlier than 6:3.1.3-6.9
  • AND kdelibs is signed with Red Hat master key
  • OR
  • kdelibs-devel is earlier than 6:3.1.3-6.9
  • AND kdelibs-devel is signed with Red Hat master key
  • OR
  • kdebase is earlier than 6:3.1.3-5.8
  • AND kdebase is signed with Red Hat master key
  • OR
  • kdebase-devel is earlier than 6:3.1.3-5.8
  • AND kdebase-devel is signed with Red Hat master key
    • BACK