| Revision Date: | 2005-03-23 | Version: | 502 |
| Title: | RHSA-2005:325: kdelibs security update (Important) |
| Description: | The kdelibs package provides libraries for the K Desktop Environment.
The International Domain Name (IDN) support in the Konqueror browser allowed remote attackers to spoof domain names using punycode encoded domain names. Such domain names are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0237 to this issue.
Sebastian Krahmer discovered a flaw in dcopserver, the KDE Desktop Communication Protocol (DCOP) daemon. A local user could use this flaw to stall the DCOP authentication process, affecting any local desktop users and causing a reduction in their desktop functionality. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0396 to this issue.
A flaw in the dcopidlng script was discovered. The dcopidlng script would create temporary files with predictable filenames which could allow local users to overwrite arbitrary files via a symlink attack. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-0365 to this issue.
Users of KDE should upgrade to these erratum packages which contain backported patches to correct these issues.
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | CVE-2005-0237
CVE-2005-0365
CVE-2005-0396
RHSA-2005:325-01
|
| Platform(s): | Red Hat Enterprise Linux 4
| Product(s): | |
| Definition Synopsis |
| Red Hat Enterprise Linux 4 is installed AND Package Information
kdelibs is earlier than 6:3.3.1-3.6
AND kdelibs is signed with Red Hat master key
OR
kdelibs-devel is earlier than 6:3.3.1-3.6
AND kdelibs-devel is signed with Red Hat master key
|