Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Linux :: Red Hat/Fedora :: n-020.txt

Red Hat Multiple Vulnerabilities in KDE (CIAC N-020)




             __________________________________________________________

                       The U.S. Department of Energy
                   Computer Incident Advisory Capability
                           ___  __ __    _     ___
                          /       |     /_\   /
                          \___  __|__  /   \  \___
             __________________________________________________________

                             INFORMATION BULLETIN

                    Red Hat Multiple Vulnerabilities in KDE
                  [Red Hat Security Advisory RHSA-2002:220-40]

December 4, 2002 20:00 GMT                                        Number N-020
______________________________________________________________________________
PROBLEM:       A number of vulnerabilities have been found that affect various 
               versions of KDE (K Desktop Environment). Vulnerabilities 
               include a remote attacker spoofing certificates of trusted 
               sites through a man-in-the-middle attack, and a local or remote 
               attacker executing arbitrary code through a carefully crafted 
               URL. 
SOFTWARE:      * Red Hat Linux 7.2 
	       * Red Hat Linux 7.3 
	       * Red Hat Linux 8.0 
DAMAGE:        It is possible by exploiting these vulnerabilities a remote 
               attacker may be able to run code of choice, and obtain root 
               privileges. 
SOLUTION:      Apply patches as stated in Red Hat's bulletin. 
______________________________________________________________________________
VULNERABILITY  The risk is HIGH. KDE is a graphical desktop environment for 
ASSESSMENT:    the X Window System and is commonly included in Linux systems. 
______________________________________________________________________________
LINKS: 
 CIAC BULLETIN:      http://www.ciac.org/ciac/bulletins/n-020.shtml 
 ORIGINAL BULLETIN:  https://rhn.redhat.com/errata/RHSA-2002-220.html 
______________________________________________________________________________

[***** Start Red Hat Security Advisory RHSA-2002:220-40 *****]

Updated KDE packages fix security issues

Advisory: RHSA-2002:220-40 
Last updated on: 2002-12-04 
Affected Products: Red Hat Linux 7.2
Red Hat Linux 7.3
Red Hat Linux 8.0 
CVEs (cve.mitre.org): CAN-2002-0838
CAN-2002-0970
CAN-2002-1151
CAN-2002-1152
CAN-2002-1223
CAN-2002-1224
CAN-2002-1247
CAN-2002-1281
CAN-2002-1282
CAN-2002-1306


Security Advisory 

Details:

A number of vulnerabilities have been found that affect various versions of
KDE. This errata provides updates which resolve these issues.

KDE is a graphical desktop environment for the X Window System.
A number of vulnerabilities have been found in various versions of KDE.

The SSL capability for Konqueror in KDE 3.0.2 and earlier does not verify
the Basic Constraints for an intermediate CA-signed certificate. This
allows remote attackers to spoof the certificates of trusted sites via a
man-in-the-middle attack. The Common Vulnerabilities and Exposures project
has assigned the name CAN-2002-0970 to this issue.

Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secure"
flag in an HTTP cookie, which could cause Konqueror to send the cookie
across an unencrypted channel, potentially allowing remote attackers to
steal the cookie via sniffing. (CAN-2002-1152)

The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0
through 3.0.3 does not properly initialize the domains on sub-frames and
sub-iframes, which can allow remote attackers to execute scripts and steal
cookies from subframes that are in other domains. (CAN-2002-1151)

kpf is a file sharing utility that can be docked into the KDE kicker bar.
It uses a subset of the HTTP protocol internally and acts in a manner very
similar to a Web server. A feature added in KDE 3.0.1 accidentally allowed
retrieving any file, not limited to the configured shared directory, if it
is readable by the user under which kpf runs. (CAN-2002-1224)

KGhostview includes a parser from GSview, which is vulnerable to a buffer
overflow while parsing a specially crafted .ps input file. 
(CAN-2002-1223). It also contains code from gv 3.5.x which is vulnerable
to another buffer overflow triggered by malformed postscript or Adobe PDF
files. (CAN-2002-0838)

A vulnerability in the rlogin KIO subsystem (rlogin.protocol) of
KDE 2.x 2.1 and later, and KDE 3.x 3.0.4 and earlier, allows local and
remote attackers to execute arbitrary code via a carefully crafted URL.
The Common Vulnerabilities and Exposures project has assigned the name
CAN-2002-1281 to this issue. A similar vulnerability affects KDE version
2.x through the telnet KIO subsystem (telnet.protocol). (CAN-2002-1282)

Multiple buffer overflows exist in the KDE LAN browsing implementation; the
resLISa daemon contains a buffer overflow vulnerability which could be
exploited if the reslisa binary is SUID root. Additionally, the lisa
daemon contains a vulnerability which potentially enables any local user,
as well any any remote attacker on the LAN who is able to gain control of
the LISa port (7741 by default), to obtain root privileges. In Red Hat
Linux, reslisa is not SUID root and lisa services are not automatically
started. (CAN-2002-1247, CAN-2002-1306)

Red Hat Linux 8.0 shipped with KDE 3.0.3 and is therefore vulnerable to
CAN-2002-0838, CAN-2002-1151, CAN-2002-1223, CAN-2002-1224, CAN-2002-1247,
and CAN-2002-1281. This errata includes new kdelibs and kdenetwork packages
which contain patches to correct these issues.

Red Hat Linux 7.3 shipped with KDE 3.0.0 and is therefore vulnerable to
CAN-2002-0838, CAN-2002-0970, CAN-2002-1151, CAN-2002-1152,
CAN-2002-1223, CAN-2002-1247, CAN-2002-1281, and CAN-2002-1306. This
errata upgrades Red Hat Linux 7.3 to KDE 3.0.3 with patches to correct
these issues.

Red Hat Linux 7.2 shipped with KDE version 2.2.2 and is therefore
vulnerable to CAN-2002-0838, CAN-2002-0970, CAN-2002-1151, CAN-2002-1223,
CAN-2002-1247, and CAN-2002-1306. This errata provides new kdelibs and
kdenetwork packages which contain patches to correct these issues. 

Red Hat Linux 7.2 is also vulnerable to CAN-2002-1281 and CAN-2002-1282 but
these vulnerabilities are not fixed by these errata packages. At the
present time Red Hat recommends disabling both the rlogin and telnet KIO
protocols as a workaround. To disable both protocols, execute these commands:

rm /usr/share/services/rlogin.protocol
rm /usr/share/services/telnet.protocol

Updated packages:

Red Hat Linux 7.2 

--------------------------------------------------------------------------------
 
SRPMS: 
kdegraphics-2.2.2-2.1.src.rpm     		ea399e31bcca1df0b7aef78c303ca0a7 
kdelibs-2.2.2-3.src.rpm     			034a08a13b62f72b6a9603f52f16da25 
kdenetwork-2.2.2-2.src.rpm     			81714c79f92d1e9b6de4b38543a9bc83 
  
i386: 
arts-2.2.2-3.i386.rpm     			c9be246b033cd8e17a0777183f060bdc 
kdegraphics-2.2.2-2.1.i386.rpm     		1668cdc5ff3cb4476626287cfff646ac 
kdegraphics-devel-2.2.2-2.1.i386.rpm    	1f7c2cc26b71d0bef278c29259b9e28d 
kdelibs-2.2.2-3.i386.rpm     			1753fcef6366b9c10dae05876855db5f 
kdelibs-devel-2.2.2-3.i386.rpm     		9c21f59d69acb690892fd13b02bd23aa 
kdelibs-sound-2.2.2-3.i386.rpm     		929bf62240d8e8129fb09a965dc4bc75 
kdelibs-sound-devel-2.2.2-3.i386.rpm     	cd858cb38ea684aaf6c22f0093dbbfad 
kdenetwork-2.2.2-2.i386.rpm     		567f7d10e7f11200a1ede4fc48ee6ba8 
kdenetwork-ppp-2.2.2-2.i386.rpm     		0181fc55d957f081697dec9ab3c4eef4 
  
ia64: 
arts-2.2.2-3.ia64.rpm     			4b7e057bd214027d4c492265b3a71d6a 
kdegraphics-2.2.2-2.1.ia64.rpm     		bf45c07ac04d081839934549f9fba336 
kdegraphics-devel-2.2.2-2.1.ia64.rpm     	07bb5515069e7d63470921b18a338989 
kdelibs-2.2.2-3.ia64.rpm     			189201842b61ec0eda4cd790e0eb8f9e 
kdelibs-devel-2.2.2-3.ia64.rpm     		e325b6fd962803c296320656e7a3579b 
kdelibs-sound-2.2.2-3.ia64.rpm     		aa788c8abe086b78cf16ffd0d4d26466 
kdelibs-sound-devel-2.2.2-3.ia64.rpm     	b58b22df69edd4b776ae1df8f641139d 
kdenetwork-2.2.2-2.ia64.rpm     		0f824cdab51bdbafc654081e2d8c9e56 
kdenetwork-ppp-2.2.2-2.ia64.rpm     		17ed308dac97dff15b511d55316523d9 
  
Red Hat Linux 7.3 

--------------------------------------------------------------------------------
 
SRPMS: 
arts-1.0.3-0.7.1.src.rpm     			47dcc91fe8726cc45f31014a29b35a1c 
kde-i18n-3.0.3-0.7.3.src.rpm     		e2dbe16652886c5e938932e9db0b76ab 
kdeaddons-3.0.3-0.7.src.rpm     		1a1bf3945b93dca80460f9d0c496ded2 
kdeadmin-3.0.3-0.7.src.rpm     			88bd547a198b3b0ce44e4cfdc1b91bd2 
kdeartwork-3.0.3-0.7.1.src.rpm     		35508697a85ffaba96513085b18e77c7 
kdebase-3.0.3-0.7.2.src.rpm     		4252b1ec7cd6413b335702d15459f69a 
kdebindings-3.0.3-0.7.1.src.rpm     		2f77233d2019dcfdfaf5ba4e2294f47f 
kdeedu-3.0.3-0.7.src.rpm     			96b1c663ec0839e428b15f52e55a920b 
kdegames-3.0.3-0.7.src.rpm     			43fc3e29f684817f5f91242748e59181 
kdegraphics-3.0.3-0.7.2.src.rpm     		a260fca5c6f4b52ea89c445a386690d0 
kdelibs-3.0.3-0.7.2.src.rpm     		0bb5c62332785c2daf1f15597d71a890 
kdemultimedia-3.0.3-0.7.1.src.rpm     		09b000c0e7ac6b2754a74bf3c3ac4fa3 
kdenetwork-3.0.3-0.7.2.src.rpm     		6d4354214bf9c201a15ee809a9857e13 
kdepim-3.0.3-0.7.src.rpm     			f4f5657c7d14f05d01b00bb853c79c60 
kdesdk-3.0.3-0.7.src.rpm     			4b4527904b61e185d1805044a84953f1 
kdetoys-3.0.3-0.7.src.rpm     			430647cf44a607b6ac264060422f0f8d 
kdeutils-3.0.3-0.7.src.rpm     			e712ea2315ea0800a3933e1695968a98 
kdevelop-2.1.3-0.7.1.src.rpm     		fb0ca7e6c97ffb3957728689a743b296 
qt-3.0.5-7.14.src.rpm     			354d1a5d84ba9be926cd445d1f65cab3 
  
i386: 
ark-3.0.3-0.7.i386.rpm     			c31ac96ba6d0f3a9ebbb10d20985a5c8 
arts-1.0.3-0.7.1.i386.rpm     			68f6dcc3c862b8de79092d9aa7618d36 
arts-devel-1.0.3-0.7.1.i386.rpm     		ff569116c2e9f9476b6c967207b7dc57 
cervisia-3.0.3-0.7.i386.rpm     		d35f569dfbfe3c8f64930f4d0b84e63d 
kaboodle-3.0.3-0.7.1.i386.rpm     		6998bef27993940c4cfe628978fd3a22 
kamera-3.0.3-0.7.2.i386.rpm     		e0e6b4869bef5c93628532d1957193fe 
karm-3.0.3-0.7.i386.rpm     			9434391849bf3ecaa98e729565634a21 
kcalc-3.0.3-0.7.i386.rpm     			59d8f61a6d57eb83fb29ea4ec9fb7e0d 
kcharselect-3.0.3-0.7.i386.rpm     		b5b049e944cf27d481f40a05c64c124f 
kcoloredit-3.0.3-0.7.2.i386.rpm     		4f67d858333d89be5959a6fd70197b2c 
kdeaddons-kate-3.0.3-0.7.i386.rpm     		7fe44981d9f0da00fd85d6dcdcd1e464 
kdeaddons-kicker-3.0.3-0.7.i386.rpm     	154fd03b6325fc249b9d2db9f5c1bd3c 
kdeaddons-knewsticker-3.0.3-0.7.i386.rpm     	7b958fa5c3aa0a15e5a8f82c6acac846 
kdeaddons-konqueror-3.0.3-0.7.i386.rpm     	950f242a09d7bdf3ba77bd7ca6adcb23 
kdeaddons-noatun-3.0.3-0.7.i386.rpm     	7d3fef5e022b4480ae662c20c48ac965 
kdeadmin-3.0.3-0.7.i386.rpm     		bfe34d25e617c3e25dc2faf77e716621 
kdeartwork-3.0.3-0.7.1.i386.rpm     		047c77f35776c564bca14cc4ffd146c4 
kdeartwork-kworldclock-3.0.3-0.7.1.i386.rpm     e59d14917ab3c03c897c3f92b53a758a 
kdeartwork-locolor-3.0.3-0.7.1.i386.rpm     	96bed63324f3c40ef57bc7aaf32caef9 
kdeartwork-screensavers-3.0.3-0.7.1.i386.rpm    1a7c3633b753ca8effe5dfc046fd6ec5 
kdebase-3.0.3-0.7.2.i386.rpm     		2001ffaf4fcb9d56b25bff8f5b5d6c85 
kdebase-devel-3.0.3-0.7.2.i386.rpm     		db9f97bd5b5721fdd2062d0aa2965547 
kdebindings-3.0.3-0.7.1.i386.rpm     		e33ee4cd2e9301915787b2f4720af43c 
kdebindings-devel-3.0.3-0.7.1.i386.rpm     	344b64d1bca10210db411b32e01fb0f4 
kdebindings-kmozilla-3.0.3-0.7.1.i386.rpm     	8feb90886d6ac404a42207b20ff523c5 
kdegames-3.0.3-0.7.i386.rpm     		2c954338900c6894fbe1c45496bae318 
kdegames-devel-3.0.3-0.7.i386.rpm     		e25d0a4def322accb91d3aa2aa1dafd0 
kdelibs-3.0.3-0.7.2.i386.rpm     		9a3d319eaadf9b0ff620c445eb6918e5 
kdelibs-devel-3.0.3-0.7.2.i386.rpm     		0f369a42384ace153710e585ce47e86e 
kdemultimedia-arts-3.0.3-0.7.1.i386.rpm     	fe9794772b4c717fd7ac8ee94ab31b1b 
kdemultimedia-devel-3.0.3-0.7.1.i386.rpm     	94571620f5161cf37097534c63a9bf4b 
kdemultimedia-kfile-3.0.3-0.7.1.i386.rpm     	d5b599eeeedcb46954024e231aaf66f1 
kdemultimedia-libs-3.0.3-0.7.1.i386.rpm     	135e008d033b7e78b45b8f4fe0250569 
kdenetwork-devel-3.0.3-0.7.2.i386.rpm     	c53b4d182818205944fcf3612942c318 
kdenetwork-libs-3.0.3-0.7.2.i386.rpm     	bb71a42d167e8539ecfd75156879f70c 
kdepasswd-3.0.3-0.7.i386.rpm     		d65f4adea754e9ab38887c18f7cc4a8e 
kdepim-3.0.3-0.7.i386.rpm     			8d833c32134f1ed60ee1fbc08262008e 
kdepim-cellphone-3.0.3-0.7.i386.rpm     	a12608b4aa87f056aa95fa7aca7a1273 
kdepim-devel-3.0.3-0.7.i386.rpm     		33b650a7088f065acc38f8b2558c7b67 
kdepim-pilot-3.0.3-0.7.i386.rpm     		e137e8621fca2328d919b9735adbd719 
kdesdk-gimp-3.0.3-0.7.i386.rpm     		708568ca332d5cb4c545da99090c74db 
kdesdk-kapptemplate-3.0.3-0.7.i386.rpm     	915cb23acd612fb8879d8feb6d8e2cac 
kdesdk-kbabel-3.0.3-0.7.i386.rpm     		83c195e1f5e5932138d489bb3dc14663 
kdesdk-kbugbuster-3.0.3-0.7.i386.rpm     	228345769dd1cf1d3379906b215af9e2 
kdesdk-kmtrace-3.0.3-0.7.i386.rpm     		38f2efa7b18452a63bf0fde26bb78803 
kdesdk-kompare-3.0.3-0.7.i386.rpm     		9147d3be6cfb04f569c4f83e69c34d5e 
kdesdk-kspy-3.0.3-0.7.i386.rpm     		60f394c650b46645e1f9b1c5852727f8 
kdessh-3.0.3-0.7.i386.rpm     			8f1eda9703316c6638187b86e1c8c1e3 
kdetoys-3.0.3-0.7.i386.rpm     			938c1325cb89c9dc49932f4ee55d7f48 
kdeutils-laptop-3.0.3-0.7.i386.rpm     		4e0458b14e321cddb9820803516a3c4d 
kdevelop-2.1.3-0.7.1.i386.rpm     		828d671341da74f98207ccec83dd894d 
kdf-3.0.3-0.7.i386.rpm     			a43492502f9724ef88e3757bd573c026 
kdict-3.0.3-0.7.2.i386.rpm     			7ce89dde28bc8ae992395c24f2136905 
kdvi-3.0.3-0.7.2.i386.rpm     			6a32f99fcf3f144a0ba79363dfe2c996 
kedit-3.0.3-0.7.i386.rpm     			93fe10821b08641e964f1e3957e32d37 
keduca-3.0.3-0.7.i386.rpm     			8a900a4900eb3c91bee96854c38f5896 
kfax-3.0.3-0.7.2.i386.rpm     			632d3c454dbde139231dff3154af7af1 
kfile-pdf-3.0.3-0.7.2.i386.rpm     		117c2803b365681a1bf91f682d725149 
kfile-png-3.0.3-0.7.2.i386.rpm     		2bec4e9cde3695289ba6a237e47a9407 
kfloppy-3.0.3-0.7.i386.rpm     			4c47d387dde4e63558d48bf84c72688c 
kfract-3.0.3-0.7.2.i386.rpm     		7b74f1789b2dcfbde592ee812c12b19a 
kgeo-3.0.3-0.7.i386.rpm     			b699923f0c3df235f4bd68c370452081 
kghostview-3.0.3-0.7.2.i386.rpm     		3c2d55f5bdc429f89f110d10bb64b58d 
khexedit-3.0.3-0.7.i386.rpm     		91655d96af4ca3a1ca9f50e4e7e90bc4 
kiconedit-3.0.3-0.7.2.i386.rpm     		02c425ba7942358fd36be81db609088e 
kit-3.0.3-0.7.2.i386.rpm     			26db442ffbbaa1553c5c138a209207ae 
kjots-3.0.3-0.7.i386.rpm     			91fecfdefae0415b27339394d0f73be5 
klettres-3.0.3-0.7.i386.rpm     		a0842ee9d0239070816f693ae4fdc2f6 
kljettool-3.0.3-0.7.i386.rpm     		7ad3798fce63da97f8f96f3bbba8a3d4 
klpq-3.0.3-0.7.i386.rpm     			4d747945f02676ffb75c978a57addb00 
klprfax-3.0.3-0.7.i386.rpm     			937ea72d67edb7cea2f8cf68fe1e6ec3 
kmail-3.0.3-0.7.2.i386.rpm     			e9ee917df07ea4a6d5c53e3a0bfe5f16 
kmessedwords-3.0.3-0.7.i386.rpm     		d175e65b4af6524d0672c0df3d3fffa2 
kmid-3.0.3-0.7.1.i386.rpm     			8cc3f07f5f2cc1c276af643b08233c22 
kmidi-3.0.3-0.7.1.i386.rpm     			d5e79b13a53f09cc015e622911dc8fb4 
kmix-3.0.3-0.7.1.i386.rpm     			dbec374bda1a631d3b886207204522fc 
knewsticker-3.0.3-0.7.2.i386.rpm     		a020d8cd85bb2056789993eea951cecd 
knode-3.0.3-0.7.2.i386.rpm     			48c293f3b92b2115b20b967671530964 
knotes-3.0.3-0.7.i386.rpm     			d87ffc5428a2bf0d05dba1be73e16cbd 
koncd-3.0.3-0.7.1.i386.rpm     			e3f31e79286cd764cc7cf23f8c79129d 
kooka-3.0.3-0.7.2.i386.rpm     			c1140b9165e173bc386367c887f3596c 
korn-3.0.3-0.7.2.i386.rpm     			88575c727577d629583b8db993e049ec 
kpaint-3.0.3-0.7.2.i386.rpm     		efed4a1469974d3ef0eea80c83993050 
kpf-3.0.3-0.7.2.i386.rpm     			b497fb2b80940ef02a1f56ed098fc326 
kppp-3.0.3-0.7.2.i386.rpm     			3b65942be18126d51756ec33bb0ebebc 
kregexpeditor-3.0.3-0.7.i386.rpm     		3c2c96eeb45e2882431c2ac8fa13b0ec 
kregexpeditor-devel-3.0.3-0.7.i386.rpm     	c0973f7501ec7e0cccafcae0b16deae1 
kruler-3.0.3-0.7.2.i386.rpm     		db88094cba76479eb3eb0c3c17f52398 
kscd-3.0.3-0.7.1.i386.rpm     			2a299ae6cf5ad38552c00fe661732c6e 
ksirc-3.0.3-0.7.2.i386.rpm     			929eb08ad90c06942db4f2ded6be06eb 
ksnapshot-3.0.3-0.7.2.i386.rpm     		11a8bb6c42df541d6b22ded6a9e3f060 
kstars-3.0.3-0.7.i386.rpm     			33085a4aba5134d5f16dad8b6f889837 
ktalkd-3.0.3-0.7.2.i386.rpm     		b6f5bd8a53b07c8bd65fa009ba12afcf 
ktimer-3.0.3-0.7.i386.rpm     			2c8dae3e5fa5d4a7d18d6497fa01b353 
ktouch-3.0.3-0.7.i386.rpm     			91363efc95c0db868eb57ed89c4285fb 
kuickshow-3.0.3-0.7.2.i386.rpm     		8b1ad52acabfa8ed28ae12efc6a7b0f7 
kview-3.0.3-0.7.2.i386.rpm     			253c465d92fb923ec23dde728b3ef1e6 
kviewshell-3.0.3-0.7.2.i386.rpm     		d41fb35ce2f805abffd42e2347029f13 
kviewshell-devel-3.0.3-0.7.2.i386.rpm     	d3bc4f4b7c9c1516340a3b3f5c874439 
kvoctrain-3.0.3-0.7.i386.rpm     		4232a7548dad0e40f3b7e93d51951b5e 
kxmlrpcd-3.0.3-0.7.2.i386.rpm     		9e393ddfc49472320dbcaa394bfbfc52 
libkscan-3.0.3-0.7.2.i386.rpm     		71a0d83c0b8a1049d200743cac7be748 
libkscan-devel-3.0.3-0.7.2.i386.rpm     	40169395af0b83079f550087f88bf17b 
lisa-3.0.3-0.7.2.i386.rpm     			107b12e7ec4f43c41a83c44a8c1728f6 
noatun-3.0.3-0.7.1.i386.rpm     		402c7189e0e9fa0dd4e79a6d41e061bb 
qt-3.0.5-7.14.i386.rpm     			960b252e140edd4fde5df0c33c32f724 
qt-designer-3.0.5-7.14.i386.rpm     		89e26bf00fd8c606673144ddfe613d9b 
qt-devel-3.0.5-7.14.i386.rpm     		279ff020001cd6605346256a030f3e28 
qt-MySQL-3.0.5-7.14.i386.rpm     		042a38aabf9ff94bad8fd025035805c2 
qt-ODBC-3.0.5-7.14.i386.rpm     		84238622cf26b074764229a89cb507db 
qt-PostgreSQL-3.0.5-7.14.i386.rpm     		6ea56e8b818aa41913de389e36a8cc10 
qt-static-3.0.5-7.14.i386.rpm     		aa7ad857e20ce146caf0f9cb53220ce7 
qt-Xt-3.0.5-7.14.i386.rpm     			8945494c65048dbb61dd413c44800945 
  
Red Hat Linux 8.0 

--------------------------------------------------------------------------------
 
SRPMS: 
kde-i18n-3.0.3-2.src.rpm     			382b75abdf9a6283816619bb6614f2a5 
kdebase-3.0.3-14.src.rpm     			eb94d5dcf07bfc59bc25af2e4c8b365d 
kdegraphics-3.0.3-5.src.rpm     		461fd60d1643e1c31a278234aafdb871 
kdelibs-3.0.3-8.3.src.rpm     			89bacf26defe3ff0c3ce42c2cbd01ac3 
kdenetwork-3.0.3-3.2.src.rpm     		9a239e421bb3a3f9d9d3d10f834081b2 
  
i386: 
kamera-3.0.3-5.i386.rpm     			1760f7c313bbaf68ba245e277dc0e311 
kcoloredit-3.0.3-5.i386.rpm     		446cf584b68467d9b963ac772fafcbbb 
kdebase-3.0.3-14.i386.rpm     			dae6d36badd1d95e2c158f1b0fbc4a8b 
kdebase-devel-3.0.3-14.i386.rpm     		8c89468704d83340dcd2d4e8c3701241 
kdelibs-3.0.3-8.3.i386.rpm     			60301f8226f8a7446046153722483712 
kdelibs-devel-3.0.3-8.3.i386.rpm     		b9e1c80782bfa0757e4464fb948d1dc2 
kdenetwork-devel-3.0.3-3.2.i386.rpm     	06ce97289ab90412d186e19fc615ea0f 
kdenetwork-libs-3.0.3-3.2.i386.rpm     		d3c939799ab6930fcb2d1f21fa108bf7 
kdict-3.0.3-3.2.i386.rpm     			003adc9a793b09e7a628d5731970ddb3 
kdvi-3.0.3-5.i386.rpm     			32619c7f1cfa9923975554ca6398120b 
kfax-3.0.3-5.i386.rpm     			6cd4586916cd0d1188516d26060115c9 
kfile-pdf-3.0.3-5.i386.rpm     			e5589af68b5a603e907b5f1bfb2490a2 
kfile-png-3.0.3-5.i386.rpm     			e9a05f7b8d2568fc75c184c9426a58d2 
kfract-3.0.3-5.i386.rpm     			13bdd632276190ab9a33aff390d626ab 
kghostview-3.0.3-5.i386.rpm     		53b7219215d58dc474a134619c4ce27b 
kiconedit-3.0.3-5.i386.rpm     			3bddeec68060feab62c78556e7e921b0 
kit-3.0.3-3.2.i386.rpm     			90bb1850c6360a87a30a88028f08c265 
kmail-3.0.3-3.2.i386.rpm     			d7fc1e03db312bccd31215b647b86e25 
knewsticker-3.0.3-3.2.i386.rpm     		461b07e357650696f18a8b4f765c7882 
knode-3.0.3-3.2.i386.rpm     			3a513107098e7352a7739468c46aa3aa 
kooka-3.0.3-5.i386.rpm     			8a5598ce40edd6659d7894126847c50d 
korn-3.0.3-3.2.i386.rpm     			9cc380ecfbd57870450474d3d24a6a68 
kpaint-3.0.3-5.i386.rpm     			dacfc37a044a4a8f7ab641112d1e73d2 
kpf-3.0.3-3.2.i386.rpm     			77e766459f3f5fe35433591ef940a3fc 
kppp-3.0.3-3.2.i386.rpm     			7107a712a1fb3fbdc421905db2278c72 
kruler-3.0.3-5.i386.rpm     			0cdd8d4aca4ef9073d20cbf8aba1a0d4 
ksirc-3.0.3-3.2.i386.rpm     			ea39efb6deee4db448ad0967cd0a35c2 
ksnapshot-3.0.3-5.i386.rpm     			0ded9db8efba14db92c46cc389fc35fe 
ktalkd-3.0.3-3.2.i386.rpm     			3d5914e0e082ed8f8a1308a1df9cd834 
kuickshow-3.0.3-5.i386.rpm     			4ebb9ccd7db8a147f09754972fe9c4f7 
kview-3.0.3-5.i386.rpm     			689c7ec6268931fdc2d578a9bc93b06a 
kviewshell-3.0.3-5.i386.rpm     		738ab6d68860a7c276e0557c137cc1e4 
kviewshell-devel-3.0.3-5.i386.rpm     		81aa7b525199ec9aee14d709193804fd 
kxmlrpcd-3.0.3-3.2.i386.rpm     		069eaeab2380daf632f605321ebe9938 
libkscan-3.0.3-5.i386.rpm     			3a362ce3349312972cbb16248df1df37 
libkscan-devel-3.0.3-5.i386.rpm     		1cb0fad25b6f82fec9cd95f285c10980 
lisa-3.0.3-3.2.i386.rpm     			526dccfd590c76ff657dcf981cf4a44c 


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.



Bugs fixed:  (see bugzilla for more information)

73412 - KDE screensaver just blanks screen
74071 - Better way to handle desktop file renames
75085 - Banner of Taiwan



References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0838
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1151
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1152
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1223
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1247
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1281
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1282
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1306
http://marc.theaimsgroup.com/?l=bugtraq&m=102977530005148
http://www.kde.org/info/security/advisory-20020908-1.txt
http://www.kde.org/info/security/advisory-20020908-2.txt
http://www.kde.org/info/security/advisory-20021008-1.txt
http://www.kde.org/info/security/advisory-20021008-2.txt
http://www.kde.org/info/security/advisory-20021111-1.txt
http://www.kde.org/info/security/advisory-20021111-2.txt 



Keywords:

flaw:buf, flaw:css, flaw:design, flaw:infoleak, flaw:spoof 



--------------------------------------------------------------------------------
The listed packages are GPG signed by Red Hat, Inc. for security. Our key is 
available at:
http://www.redhat.com/solutions/security/news/publickey.html#key
You can verify each package and see who signed it with the following command: 
rpm --checksig -v filename

If you only wish to verify that each package has not been corrupted or tampered 
with, examine only the md5sum with the following command: rpm --checksig 
--nogpg -v filename

Note that you need RPM >= 3.0 to check GnuPG keys. 
 
[***** End Red Hat Security Advisory RHSA-2002:220-40 *****]

_______________________________________________________________________________

CIAC wishes to acknowledge the contributions of Red Hat, Inc. for the 
information contained in this bulletin.
_______________________________________________________________________________


CIAC, the Computer Incident Advisory Capability, is the computer
security incident response team for the U.S. Department of Energy
(DOE) and the emergency backup response team for the National
Institutes of Health (NIH). CIAC is located at the Lawrence Livermore
National Laboratory in Livermore, California. CIAC is also a founding
member of FIRST, the Forum of Incident Response and Security Teams, a
global organization established to foster cooperation and coordination
among computer security teams worldwide.

CIAC services are available to DOE, DOE contractors, and the NIH. CIAC
can be contacted at:
    Voice:    +1 925-422-8193 (7x24)
    FAX:      +1 925-423-8002
    STU-III:  +1 925-423-2604
    E-mail:   ciac@ciac.org

Previous CIAC notices, anti-virus software, and other information are
available from the CIAC Computer Security Archive.

   World Wide Web:      http://www.ciac.org/
   Anonymous FTP:       ftp.ciac.org

PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing
communities receive CIAC bulletins.  If you are not part of these
communities, please contact your agency's response team to report
incidents. Your agency's team will coordinate with CIAC. The Forum of
Incident Response and Security Teams (FIRST) is a world-wide
organization. A list of FIRST member organizations and their
constituencies can be obtained via WWW at http://www.first.org/.

This document was prepared as an account of work sponsored by an
agency of the United States Government. Neither the United States
Government nor the University of California nor any of their
employees, makes any warranty, express or implied, or assumes any
legal liability or responsibility for the accuracy, completeness, or
usefulness of any information, apparatus, product, or process
disclosed, or represents that its use would not infringe privately
owned rights. Reference herein to any specific commercial products,
process, or service by trade name, trademark, manufacturer, or
otherwise, does not necessarily constitute or imply its endorsement,
recommendation or favoring by the United States Government or the
University of California. The views and opinions of authors expressed
herein do not necessarily state or reflect those of the United States
Government or the University of California, and shall not be used for
advertising or product endorsement purposes.

LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC)

N-010: Web-Based Enterprise Management on Solaris 8 Installs Insecure Files 
N-011: Cumulative Patch for Internet Information Service
N-012: Windows 2000 Default Permissions Could Allow Trojan Horse Program
N-013: ISC Remote Vulnerabilities in BIND4 and BIND8
N-014: Trojan Horse tcpdump and libpcap Distributions
N-015: SGI IRIX lpd Daemon Vulnerabilities via sendmail and dns
N-016: Buffer Overrun in Microsoft Data Access Components (MDAC)
N-017: Cisco PIX Multiple Vulnerabilities
N-018: Microsoft Cumulative Patch for Internet Explorer
N-019: Samba Encrypted Password Buffer Overrun Vulnerability



TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH