[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20041215220229.21564.qmail@updates.mandrakesoft.com>
Date: 15 Dec 2004 22:02:29 -0000
From: Mandrake Linux Security Team <security@...ux-mandrake.com>
To: bugtraq@...urityfocus.com
Subject: MDKSA-2004:150 - Updated kdelibs and kdebase packages fix vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: kdelibs
Advisory ID: MDKSA-2004:150
Date: December 15th, 2004
Affected versions: 10.0, 10.1
______________________________________________________________________
Problem Description:
Daniel Fabian discovered a potential privacy issue in KDE. When
creating a link to a remote file from various applications, including
Konqueror, the resulting URL may contain the authentication
credentials used to access that remote resource. This includes, but
is not limited to, browsing SMB (Samba) shares. Upon further
investigation, it was found that the SMB protocol handler also
unnecessarily exposed authentication credentials (CAN-2004-1171).
Another vulnerability was discovered where a malicious website could
abuse Konqueror to load its own content into a window or tab that was
opened by a trusted website, or it could trick a trusted website into
loading content into an existing window or tab. This could lead to
the user being confused as to the origin of a particular webpage and
could have the user unknowingly send confidential information intended
for a trusted site to the malicious site (CAN-2004-1158).
The updated packages contain a patch from the KDE team to solve this
issue.
Additionally, the kdelibs and kdebase packages for Mandrakelinux 10.1
contain numerous bugfixes. New qt3 packages are being provided for
Mandrakelinux 10.0 that are required to build the kdebase package.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1158
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1171
http://www.kde.org/info/security/advisory-20041209-1.txt
http://www.kde.org/info/security/advisory-20040811-3.txt
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
94a0e81fbb14ca886d4afad27cd3ffc2 10.0/RPMS/kdebase-3.2-79.14.100mdk.i586.rpm
2410d49502511bd9d59b710a554336ae 10.0/RPMS/kdebase-common-3.2-79.14.100mdk.i586.rpm
fe8563a412945d38834d559e3fd9740c 10.0/RPMS/kdebase-kate-3.2-79.14.100mdk.i586.rpm
f24e7a870b6242a30fa6643b27b4bb80 10.0/RPMS/kdebase-kcontrol-data-3.2-79.14.100mdk.i586.rpm
762b15796f14dcf038d12bc5bac2f985 10.0/RPMS/kdebase-kdeprintfax-3.2-79.14.100mdk.i586.rpm
9b80d9d8f01d361ee4083d17af6c2c62 10.0/RPMS/kdebase-kdm-3.2-79.14.100mdk.i586.rpm
c658f9f35d284cdd9ac017fcac4d3e78 10.0/RPMS/kdebase-kdm-config-file-3.2-79.14.100mdk.i586.rpm
4ea434e4741b0739cfbefeaacaadc7ed 10.0/RPMS/kdebase-kmenuedit-3.2-79.14.100mdk.i586.rpm
8861ff2f626f99f56457e2f318681028 10.0/RPMS/kdebase-konsole-3.2-79.14.100mdk.i586.rpm
a4aea066db45b34d831b3b50b69f311d 10.0/RPMS/kdebase-nsplugins-3.2-79.14.100mdk.i586.rpm
9f612b20878759f25896b0bfa235c9fe 10.0/RPMS/kdebase-progs-3.2-79.14.100mdk.i586.rpm
fe6f1816f1d4920f9ff908d219233cb8 10.0/RPMS/kdelibs-common-3.2-36.6.100mdk.i586.rpm
16d29356633ea06254eb2c82a3119da2 10.0/RPMS/libkdebase4-3.2-79.14.100mdk.i586.rpm
449890eb4a344ad68d4d847c33bf7fd4 10.0/RPMS/libkdebase4-devel-3.2-79.14.100mdk.i586.rpm
647177fdad6dd4e86682c8d8a9ca4a87 10.0/RPMS/libkdebase4-kate-3.2-79.14.100mdk.i586.rpm
f5de705057c05d5753e93241e9ec6904 10.0/RPMS/libkdebase4-kate-devel-3.2-79.14.100mdk.i586.rpm
0d1133d72d4e653494c626bbc5bb75c6 10.0/RPMS/libkdebase4-kmenuedit-3.2-79.14.100mdk.i586.rpm
8a0b9e380ac4dd2fbb56bd52ed40675c 10.0/RPMS/libkdebase4-konsole-3.2-79.14.100mdk.i586.rpm
00cf6d1d3bf70a5df1843679266ba2a5 10.0/RPMS/libkdebase4-nsplugins-3.2-79.14.100mdk.i586.rpm
e72a5df9c563785e615c76af047e6cfc 10.0/RPMS/libkdebase4-nsplugins-devel-3.2-79.14.100mdk.i586.rpm
0c80ae011de43476cd524c9d76f11d5c 10.0/RPMS/libkdecore4-3.2-36.6.100mdk.i586.rpm
119a53eabfb36409650a36713b0c2a80 10.0/RPMS/libkdecore4-devel-3.2-36.6.100mdk.i586.rpm
89e8a634c4600829b0885e9cb13711cc 10.0/RPMS/mandrakelinux-kde-config-file-10.1-6.1.100mdk.noarch.rpm
de5514210d372dfd101d89674f8a7d1d 10.0/RPMS/libqt3-3.2.3-19.5.100mdk.i586.rpm
d07574af8ca4c3e1c6edd8029c5bb2f0 10.0/RPMS/libqt3-devel-3.2.3-19.5.100mdk.i586.rpm
467533523851db3b3c3d1b65058e6f96 10.0/RPMS/libqt3-mysql-3.2.3-19.5.100mdk.i586.rpm
4931ecf689833bbacad8ab6e0ad14b58 10.0/RPMS/libqt3-odbc-3.2.3-19.5.100mdk.i586.rpm
c904ea9b413ee5741b449c6682b54095 10.0/RPMS/libqt3-psql-3.2.3-19.5.100mdk.i586.rpm
dee4dcde20538670d900a3b64bfbab25 10.0/RPMS/qt3-common-3.2.3-19.5.100mdk.i586.rpm
7b27ce87ee4549eca463b3568b61eb55 10.0/RPMS/qt3-example-3.2.3-19.5.100mdk.i586.rpm
a63c8733f6bfe8922130d582b4a1a01d 10.0/SRPMS/kdebase-3.2-79.14.100mdk.src.rpm
8591c71e52ec11f9b59f9f3a3a90a659 10.0/SRPMS/kdelibs-3.2-36.6.100mdk.src.rpm
76ef62153b1c2ced48059b9b9ab7cbcf 10.0/SRPMS/mandrakelinux-kde-config-file-10.1-6.1.100mdk.src.rpm
a358c42ab7b7e0cfc0a8bc7c767fb205 10.0/SRPMS/qt3-3.2.3-19.5.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
2f567e1716906db7c569cde1eba47aa1 amd64/10.0/RPMS/kdebase-3.2-79.14.100mdk.amd64.rpm
c3d10f810cd9b6fae43e80f0af12d2b0 amd64/10.0/RPMS/kdebase-common-3.2-79.14.100mdk.amd64.rpm
72303667774e30a65b209290f38ba48f amd64/10.0/RPMS/kdebase-kate-3.2-79.14.100mdk.amd64.rpm
e785979edd5aac8ff0739613cb1ce7cd amd64/10.0/RPMS/kdebase-kcontrol-data-3.2-79.14.100mdk.amd64.rpm
c7ebb9a911149f0dafd7dea7c426fcc1 amd64/10.0/RPMS/kdebase-kdeprintfax-3.2-79.14.100mdk.amd64.rpm
83170f585da8d5c4d1e7aba2ff75f920 amd64/10.0/RPMS/kdebase-kdm-3.2-79.14.100mdk.amd64.rpm
cad3b76743280cab55b0b0c76018e9cb amd64/10.0/RPMS/kdebase-kdm-config-file-3.2-79.14.100mdk.amd64.rpm
c421d3e4197387ee00cfce4fdf39d0af amd64/10.0/RPMS/kdebase-kmenuedit-3.2-79.14.100mdk.amd64.rpm
3f1180977f183764fde50678ac68f4b3 amd64/10.0/RPMS/kdebase-konsole-3.2-79.14.100mdk.amd64.rpm
54aa322565804415149b49a1e06f8369 amd64/10.0/RPMS/kdebase-nsplugins-3.2-79.14.100mdk.amd64.rpm
7c3003d1b4bfb205b04064e6292a644a amd64/10.0/RPMS/kdebase-progs-3.2-79.14.100mdk.amd64.rpm
35773104bc37d0a8f57241def3ef7365 amd64/10.0/RPMS/kdelibs-common-3.2-36.6.100mdk.amd64.rpm
20ff43cf7be89fee35309c160dd01504 amd64/10.0/RPMS/lib64kdebase4-3.2-79.14.100mdk.amd64.rpm
c5fb10ab086d5ea538273fa0dba5abf9 amd64/10.0/RPMS/lib64kdebase4-devel-3.2-79.14.100mdk.amd64.rpm
9b452ff7994d1bdd2913c429bbda0c5d amd64/10.0/RPMS/lib64kdebase4-kate-3.2-79.14.100mdk.amd64.rpm
cbc8223d5e61b9b3901b040952089423 amd64/10.0/RPMS/lib64kdebase4-kate-devel-3.2-79.14.100mdk.amd64.rpm
4195e65ee3dd79092bcfa48cc67cd3fc amd64/10.0/RPMS/lib64kdebase4-kmenuedit-3.2-79.14.100mdk.amd64.rpm
2d728ef56e44891988c4040ae2087974 amd64/10.0/RPMS/lib64kdebase4-konsole-3.2-79.14.100mdk.amd64.rpm
e596b7017cb6fb62e8a566b6642d5ca5 amd64/10.0/RPMS/lib64kdebase4-nsplugins-3.2-79.14.100mdk.amd64.rpm
6d60572cf9b5d61797f05ea4873436e6 amd64/10.0/RPMS/lib64kdebase4-nsplugins-devel-3.2-79.14.100mdk.amd64.rpm
cd835d51e1cde96a51b2938482b1f1b1 amd64/10.0/RPMS/lib64kdecore4-3.2-36.6.100mdk.amd64.rpm
eb69a560b437d59d3aeccf379404c84a amd64/10.0/RPMS/lib64kdecore4-devel-3.2-36.6.100mdk.amd64.rpm
01926d6f0316e175556a85342cdcd24a amd64/10.0/RPMS/mandrakelinux-kde-config-file-10.1-6.1.100mdk.noarch.rpm
fa4161af983398599856f40517319524 amd64/10.0/RPMS/lib64qt3-3.2.3-19.5.100mdk.amd64.rpm
12d3321a029b9b1ce93887fdfa0ed71f amd64/10.0/RPMS/lib64qt3-devel-3.2.3-19.5.100mdk.amd64.rpm
42c81b5260658c2ad7242a7228e72443 amd64/10.0/RPMS/lib64qt3-mysql-3.2.3-19.5.100mdk.amd64.rpm
8da09a60b93fd0e75f1cb56582814097 amd64/10.0/RPMS/lib64qt3-odbc-3.2.3-19.5.100mdk.amd64.rpm
5a6ba60559a5dc033a08c1b724feaa77 amd64/10.0/RPMS/lib64qt3-psql-3.2.3-19.5.100mdk.amd64.rpm
2966c10cea3af06fb2166ace1a91b48d amd64/10.0/RPMS/qt3-common-3.2.3-19.5.100mdk.amd64.rpm
b0df33b39f92578cc91f5db08ce87a16 amd64/10.0/RPMS/qt3-example-3.2.3-19.5.100mdk.amd64.rpm
a63c8733f6bfe8922130d582b4a1a01d amd64/10.0/SRPMS/kdebase-3.2-79.14.100mdk.src.rpm
8591c71e52ec11f9b59f9f3a3a90a659 amd64/10.0/SRPMS/kdelibs-3.2-36.6.100mdk.src.rpm
76ef62153b1c2ced48059b9b9ab7cbcf amd64/10.0/SRPMS/mandrakelinux-kde-config-file-10.1-6.1.100mdk.src.rpm
a358c42ab7b7e0cfc0a8bc7c767fb205 amd64/10.0/SRPMS/qt3-3.2.3-19.5.100mdk.src.rpm
Mandrakelinux 10.1:
972fe138454f3903efc5cc529f6ead39 10.1/RPMS/kdebase-3.2.3-134.3.101mdk.i586.rpm
df6ae088056df3785b583168756e8ef8 10.1/RPMS/kdebase-common-3.2.3-134.3.101mdk.i586.rpm
bffe36fa78bb002b54be6b514471ff06 10.1/RPMS/kdebase-kate-3.2.3-134.3.101mdk.i586.rpm
8e331c540ec5d8994ffc7f3ba0f0170b 10.1/RPMS/kdebase-kcontrol-data-3.2.3-134.3.101mdk.i586.rpm
2c112b568a2f1100898ed93c13076c59 10.1/RPMS/kdebase-kcontrol-nsplugins-3.2.3-134.3.101mdk.i586.rpm
a8135cfd8a6151b1fe65a11547d98ef8 10.1/RPMS/kdebase-kdeprintfax-3.2.3-134.3.101mdk.i586.rpm
f3cffcf7a3827bd7123eaf9d194dfd50 10.1/RPMS/kdebase-kdm-3.2.3-134.3.101mdk.i586.rpm
86c7959746eac1ff886e787e96cd8905 10.1/RPMS/kdebase-kdm-config-file-3.2.3-134.3.101mdk.i586.rpm
a611577b74c8458066c0d35ee7fe6f78 10.1/RPMS/kdebase-kmenuedit-3.2.3-134.3.101mdk.i586.rpm
a0395205f5b3ab41762b05672e3b97cc 10.1/RPMS/kdebase-konsole-3.2.3-134.3.101mdk.i586.rpm
6d60ce25edb4f0cbf47a200598febbff 10.1/RPMS/kdebase-nsplugins-3.2.3-134.3.101mdk.i586.rpm
68dcbade83c1855090b0620a06ea75a7 10.1/RPMS/kdebase-progs-3.2.3-134.3.101mdk.i586.rpm
a00553dd184a3c1950fec3c522ac4fdb 10.1/RPMS/kdelibs-common-3.2.3-98.1.101mdk.i586.rpm
b5423f6281c545152517fa3f462a338b 10.1/RPMS/libkdebase4-3.2.3-134.3.101mdk.i586.rpm
5b68c49d7261db8b336d35d10f55fd80 10.1/RPMS/libkdebase4-devel-3.2.3-134.3.101mdk.i586.rpm
b997f46a32fec2e66937024790a21ece 10.1/RPMS/libkdebase4-kate-3.2.3-134.3.101mdk.i586.rpm
356eeaec1611fa9052a7f90e25c21e34 10.1/RPMS/libkdebase4-kate-devel-3.2.3-134.3.101mdk.i586.rpm
7d7305d17435afa09bb67457668949a3 10.1/RPMS/libkdebase4-kmenuedit-3.2.3-134.3.101mdk.i586.rpm
4a1213eb224297ef834b3a6215adbacf 10.1/RPMS/libkdebase4-konsole-3.2.3-134.3.101mdk.i586.rpm
ec781a7e1023d168b3aa6a53df54f699 10.1/RPMS/libkdecore4-3.2.3-98.1.101mdk.i586.rpm
1c5c87951f4977ad48edb3af0c432de0 10.1/RPMS/libkdecore4-devel-3.2.3-98.1.101mdk.i586.rpm
3a4c629b45ff88584e1789af79d909f9 10.1/SRPMS/kdebase-3.2.3-134.3.101mdk.src.rpm
1336c97fcbcce55e82256f315e8d391f 10.1/SRPMS/kdelibs-3.2.3-98.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
cc6f80a192d7e0162eee2f77f97076f6 x86_64/10.1/RPMS/kdebase-3.2.3-134.3.101mdk.x86_64.rpm
18ee5f00437b495ead1e90f02b5eb358 x86_64/10.1/RPMS/kdebase-common-3.2.3-134.3.101mdk.x86_64.rpm
d6fb46a0279ef81ae70d6ea2e06b0ce2 x86_64/10.1/RPMS/kdebase-kate-3.2.3-134.3.101mdk.x86_64.rpm
1c5138058b2d3bfc40199149f0e83404 x86_64/10.1/RPMS/kdebase-kcontrol-data-3.2.3-134.3.101mdk.x86_64.rpm
4a0eede9628ffa0c04dda4e368a27d7a x86_64/10.1/RPMS/kdebase-kcontrol-nsplugins-3.2.3-134.3.101mdk.x86_64.rpm
e1c0afb3911d0b10b5df47371743c0ad x86_64/10.1/RPMS/kdebase-kdeprintfax-3.2.3-134.3.101mdk.x86_64.rpm
0545ff39340a0f05ef11fbc4e89b5973 x86_64/10.1/RPMS/kdebase-kdm-3.2.3-134.3.101mdk.x86_64.rpm
457ccc0c30d59f43bec5f422576395ee x86_64/10.1/RPMS/kdebase-kdm-config-file-3.2.3-134.3.101mdk.x86_64.rpm
8095bea2b027cbb0430b5293424900b6 x86_64/10.1/RPMS/kdebase-kmenuedit-3.2.3-134.3.101mdk.x86_64.rpm
5997ca308d73acceef0c510bcec4a032 x86_64/10.1/RPMS/kdebase-konsole-3.2.3-134.3.101mdk.x86_64.rpm
2392898d9d5a2193fa5ab17684ec23d3 x86_64/10.1/RPMS/kdebase-nsplugins-3.2.3-134.3.101mdk.x86_64.rpm
aee5e3ec7fd5f96c5b43da69516067c6 x86_64/10.1/RPMS/kdebase-progs-3.2.3-134.3.101mdk.x86_64.rpm
f80ec082880d0e79eb3382f8bb8073d3 x86_64/10.1/RPMS/kdelibs-common-3.2.3-98.1.101mdk.x86_64.rpm
02075966c9cc4f4bbfa7ad42a4c104ad x86_64/10.1/RPMS/lib64kdebase4-3.2.3-134.3.101mdk.x86_64.rpm
31ab975cb164229c9d747a849e50c4ac x86_64/10.1/RPMS/lib64kdebase4-devel-3.2.3-134.3.101mdk.x86_64.rpm
803c8ca7d7d0f40764e7dd8341c0f885 x86_64/10.1/RPMS/lib64kdebase4-kate-3.2.3-134.3.101mdk.x86_64.rpm
2f09b408d1fade903d0af1db9b21a730 x86_64/10.1/RPMS/lib64kdebase4-kate-devel-3.2.3-134.3.101mdk.x86_64.rpm
1671dd96859fed9c4841e6d97b91c204 x86_64/10.1/RPMS/lib64kdebase4-kmenuedit-3.2.3-134.3.101mdk.x86_64.rpm
6d832f31d1800253c03e5219b6008033 x86_64/10.1/RPMS/lib64kdebase4-konsole-3.2.3-134.3.101mdk.x86_64.rpm
155ada78a109874be63de6ec0fd86587 x86_64/10.1/RPMS/lib64kdecore4-3.2.3-98.1.101mdk.x86_64.rpm
2375c638d3bea07bfa72ee6a4104ea2c x86_64/10.1/RPMS/lib64kdecore4-devel-3.2.3-98.1.101mdk.x86_64.rpm
3a4c629b45ff88584e1789af79d909f9 x86_64/10.1/SRPMS/kdebase-3.2.3-134.3.101mdk.src.rpm
1336c97fcbcce55e82256f315e8d391f x86_64/10.1/SRPMS/kdelibs-3.2.3-98.1.101mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFBwLR1mqjQ0CJFipgRAshtAKDmuLZHH1UbpUIrLggxd5iFDxaVIACgvDyX
GyAwikUTdqko1sk+Gm4oWSI=
=qPPz
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists