drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Rechteprüfung in kdebase
Name: |
Mangelnde Rechteprüfung in kdebase |
|
ID: |
RHSA-2006:0582-01 |
|
Distribution: |
Red Hat |
|
Plattformen: |
Red Hat Enterprise Linux |
|
Datum: |
Do, 10. August 2006, 23:40 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2494 |
|
Applikationen: |
KDE Software Compilation |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
- --------------------------------------------------------------------- Red Hat Security Advisory
Synopsis: Low: kdebase security fix Advisory ID: RHSA-2006:0582-01 Advisory URL: https://rhn.redhat.com/errata/RHSA-2006-0582.html Issue date: 2006-08-10 Updated on: 2006-08-10 Product: Red Hat Enterprise Linux CVE Names: CVE-2005-2494 - ---------------------------------------------------------------------
1. Summary:
Updated kdebase packages that resolve several bugs are now available.
This update has been rated as having low security impact by the Red Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64
3. Problem description:
The kdebase packages provide the core applications for KDE, the K Desktop Environment. These core packages include the file manager Konqueror.
Ilja van Sprundel discovered a lock file handling flaw in kcheckpass. If the directory /var/lock is writable by a user who is allowed to run kcheckpass, that user could gain root privileges. In Red Hat Enterprise Linux, the /var/lock directory is not writable by users and therefore this flaw could only have been exploited if the permissions on that directory have been badly configured. A patch to block this issue has been included in this update. (CVE-2005-2494)
The following bugs have also been addressed:
- - kstart --tosystray does not send the window to the system tray in Kicker
- - When the customer enters or selects URLs in Firefox's address field, the desktop freezes for a couple of seconds
- - fish kioslave is broken on 64-bit systems
All users of kdebase should upgrade to these updated packages, which contain patches to resolve these issues.
4. Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.
5. Bug IDs fixed (http://bugzilla.redhat.com/):
166995 - CVE-2005-2494 kcheckpass privilege escalation
6. RPMs required:
Red Hat Enterprise Linux AS version 4:
SRPMS: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kdebase-3.3.1-5.13.src.rpm 30a7dc95f125733b10dc0bf84095fd7f kdebase-3.3.1-5.13.src.rpm
i386: a683a46db550b17cd26cd6bc074e0a06 kdebase-3.3.1-5.13.i386.rpm 08d0dd20b5ed386ac670df6ed40a0fdd kdebase-debuginfo-3.3.1-5.13.i386.rpm 6d94c8d2219b392fd88089668c7f7010 kdebase-devel-3.3.1-5.13.i386.rpm
ia64: a683a46db550b17cd26cd6bc074e0a06 kdebase-3.3.1-5.13.i386.rpm da03501559c51979e3f7e630e80e8e25 kdebase-3.3.1-5.13.ia64.rpm 08d0dd20b5ed386ac670df6ed40a0fdd kdebase-debuginfo-3.3.1-5.13.i386.rpm ac7454132a75eb2ca8cb610e243545f5 kdebase-debuginfo-3.3.1-5.13.ia64.rpm 96cc50480f9e8a7256fd9bf8e02fafab kdebase-devel-3.3.1-5.13.ia64.rpm
ppc: 0e13fd2c7d50c005c01b777256361e97 kdebase-3.3.1-5.13.ppc.rpm 33fdc248c7e8f284eee9df46c6fd074f kdebase-3.3.1-5.13.ppc64.rpm 490924ff9919c2e0e48a00980b80de3b kdebase-debuginfo-3.3.1-5.13.ppc.rpm 0acaf800331abdbad452afd455474f6f kdebase-debuginfo-3.3.1-5.13.ppc64.rpm 73e9a088e803778702ccd92bf579933c kdebase-devel-3.3.1-5.13.ppc.rpm
s390: a3716cdb289ea6a81039b9be606587c8 kdebase-3.3.1-5.13.s390.rpm 52958dbdeaf025c114238ba777f46039 kdebase-debuginfo-3.3.1-5.13.s390.rpm 4200af840ddda1504e5fe28dbd721a9a kdebase-devel-3.3.1-5.13.s390.rpm
s390x: a3716cdb289ea6a81039b9be606587c8 kdebase-3.3.1-5.13.s390.rpm dfe54aae8c9b764927f1f3de7be19519 kdebase-3.3.1-5.13.s390x.rpm 52958dbdeaf025c114238ba777f46039 kdebase-debuginfo-3.3.1-5.13.s390.rpm 8b046a450015d422e732374230e616e1 kdebase-debuginfo-3.3.1-5.13.s390x.rpm 075565f82bdd59bb2ff7082f4abf9b81 kdebase-devel-3.3.1-5.13.s390x.rpm
x86_64: a683a46db550b17cd26cd6bc074e0a06 kdebase-3.3.1-5.13.i386.rpm a2db1aad4a320cd604efdf130d6b8db2 kdebase-3.3.1-5.13.x86_64.rpm 08d0dd20b5ed386ac670df6ed40a0fdd kdebase-debuginfo-3.3.1-5.13.i386.rpm 9a12bd500bf18f6b411dad460ad94ae0 kdebase-debuginfo-3.3.1-5.13.x86_64.rpm e2ddabc84ca64088a6fc9817756f7911 kdebase-devel-3.3.1-5.13.x86_64.rpm
Red Hat Enterprise Linux Desktop version 4:
SRPMS: kdebase-3.3.1-5.13.src.rpm 30a7dc95f125733b10dc0bf84095fd7f kdebase-3.3.1-5.13.src.rpm
i386: a683a46db550b17cd26cd6bc074e0a06 kdebase-3.3.1-5.13.i386.rpm 08d0dd20b5ed386ac670df6ed40a0fdd kdebase-debuginfo-3.3.1-5.13.i386.rpm 6d94c8d2219b392fd88089668c7f7010 kdebase-devel-3.3.1-5.13.i386.rpm
x86_64: a683a46db550b17cd26cd6bc074e0a06 kdebase-3.3.1-5.13.i386.rpm a2db1aad4a320cd604efdf130d6b8db2 kdebase-3.3.1-5.13.x86_64.rpm 08d0dd20b5ed386ac670df6ed40a0fdd kdebase-debuginfo-3.3.1-5.13.i386.rpm 9a12bd500bf18f6b411dad460ad94ae0 kdebase-debuginfo-3.3.1-5.13.x86_64.rpm e2ddabc84ca64088a6fc9817756f7911 kdebase-devel-3.3.1-5.13.x86_64.rpm
Red Hat Enterprise Linux ES version 4:
SRPMS: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kdebase-3.3.1-5.13.src.rpm 30a7dc95f125733b10dc0bf84095fd7f kdebase-3.3.1-5.13.src.rpm
i386: a683a46db550b17cd26cd6bc074e0a06 kdebase-3.3.1-5.13.i386.rpm 08d0dd20b5ed386ac670df6ed40a0fdd kdebase-debuginfo-3.3.1-5.13.i386.rpm 6d94c8d2219b392fd88089668c7f7010 kdebase-devel-3.3.1-5.13.i386.rpm
ia64: a683a46db550b17cd26cd6bc074e0a06 kdebase-3.3.1-5.13.i386.rpm da03501559c51979e3f7e630e80e8e25 kdebase-3.3.1-5.13.ia64.rpm 08d0dd20b5ed386ac670df6ed40a0fdd kdebase-debuginfo-3.3.1-5.13.i386.rpm ac7454132a75eb2ca8cb610e243545f5 kdebase-debuginfo-3.3.1-5.13.ia64.rpm 96cc50480f9e8a7256fd9bf8e02fafab kdebase-devel-3.3.1-5.13.ia64.rpm
x86_64: a683a46db550b17cd26cd6bc074e0a06 kdebase-3.3.1-5.13.i386.rpm a2db1aad4a320cd604efdf130d6b8db2 kdebase-3.3.1-5.13.x86_64.rpm 08d0dd20b5ed386ac670df6ed40a0fdd kdebase-debuginfo-3.3.1-5.13.i386.rpm 9a12bd500bf18f6b411dad460ad94ae0 kdebase-debuginfo-3.3.1-5.13.x86_64.rpm e2ddabc84ca64088a6fc9817756f7911 kdebase-devel-3.3.1-5.13.x86_64.rpm
Red Hat Enterprise Linux WS version 4:
SRPMS: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kdebase-3.3.1-5.13.src.rpm 30a7dc95f125733b10dc0bf84095fd7f kdebase-3.3.1-5.13.src.rpm
i386: a683a46db550b17cd26cd6bc074e0a06 kdebase-3.3.1-5.13.i386.rpm 08d0dd20b5ed386ac670df6ed40a0fdd kdebase-debuginfo-3.3.1-5.13.i386.rpm 6d94c8d2219b392fd88089668c7f7010 kdebase-devel-3.3.1-5.13.i386.rpm
ia64: a683a46db550b17cd26cd6bc074e0a06 kdebase-3.3.1-5.13.i386.rpm da03501559c51979e3f7e630e80e8e25 kdebase-3.3.1-5.13.ia64.rpm 08d0dd20b5ed386ac670df6ed40a0fdd kdebase-debuginfo-3.3.1-5.13.i386.rpm ac7454132a75eb2ca8cb610e243545f5 kdebase-debuginfo-3.3.1-5.13.ia64.rpm 96cc50480f9e8a7256fd9bf8e02fafab kdebase-devel-3.3.1-5.13.ia64.rpm
x86_64: a683a46db550b17cd26cd6bc074e0a06 kdebase-3.3.1-5.13.i386.rpm a2db1aad4a320cd604efdf130d6b8db2 kdebase-3.3.1-5.13.x86_64.rpm 08d0dd20b5ed386ac670df6ed40a0fdd kdebase-debuginfo-3.3.1-5.13.i386.rpm 9a12bd500bf18f6b411dad460ad94ae0 kdebase-debuginfo-3.3.1-5.13.x86_64.rpm e2ddabc84ca64088a6fc9817756f7911 kdebase-devel-3.3.1-5.13.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2494 http://www.redhat.com/security/updates/classification/#low
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/
Copyright 2006 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFE26a2XlSAg2UNWIIRAm8mAJ4w3B98u0VPM1C/K2HMb3v42zvd/QCgiUGu x/+89CBSpBUprzB4zIwyxNA= =S1gt -----END PGP SIGNATURE-----
-- Enterprise-watch-list mailing list Enterprise-watch-list@redhat.com https://www.redhat.com/mailman/listinfo/enterprise-watch-list
|
|
|
|