CentOS Errata and Security Advisory CESA-2006:0582
The kdebase packages provide the core applications for KDE, the K Desktop
Environment. These core packages include the file manager Konqueror.
Ilja van Sprundel discovered a lock file handling flaw in kcheckpass. If
the directory /var/lock is writable by a user who is allowed to run
kcheckpass, that user could gain root privileges. In Red Hat Enterprise
Linux, the /var/lock directory is not writable by users and therefore this
flaw could only have been exploited if the permissions on that directory
have been badly configured. A patch to block this issue has been included
in this update. (CVE-2005-2494)
The following bugs have also been addressed:
kstart --tosystray does not send the window to the system tray in Kicker
When the customer enters or selects URLs in Firefox’s address field, the
desktop freezes for a couple of seconds
fish kioslave is broken on 64-bit systems
All users of kdebase should upgrade to these updated packages, which
contain patches to resolve these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-August/075321.html
https://lists.centos.org/pipermail/centos-announce/2006-August/075322.html
https://lists.centos.org/pipermail/centos-announce/2006-August/075334.html
https://lists.centos.org/pipermail/centos-announce/2006-August/075335.html
https://lists.centos.org/pipermail/centos-announce/2006-August/075336.html
Affected packages:
kdebase
kdebase-devel
Upstream details at:
https://access.redhat.com/errata/RHSA-2006:0582
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 4 | i386 | kdebase | < 3.3.1-5.13 | kdebase-3.3.1-5.13.i386.rpm |
CentOS | 4 | i386 | kdebase-devel | < 3.3.1-5.13 | kdebase-devel-3.3.1-5.13.i386.rpm |
CentOS | 4 | i386 | kdebase | < 3.3.1-5.13 | kdebase-3.3.1-5.13.i386.rpm |
CentOS | 4 | x86_64 | kdebase | < 3.3.1-5.13 | kdebase-3.3.1-5.13.x86_64.rpm |
CentOS | 4 | i386 | kdebase-devel | < 3.3.1-5.13 | kdebase-devel-3.3.1-5.13.i386.rpm |
CentOS | 4 | alpha | kdebase | < 3.3.1-5.13 | kdebase-3.3.1-5.13.alpha.rpm |
CentOS | 4 | alpha | kdebase-devel | < 3.3.1-5.13 | kdebase-devel-3.3.1-5.13.alpha.rpm |
CentOS | 4 | ia64 | kdebase | < 3.3.1-5.13 | kdebase-3.3.1-5.13.ia64.rpm |
CentOS | 4 | ia64 | kdebase-devel | < 3.3.1-5.13 | kdebase-devel-3.3.1-5.13.ia64.rpm |
CentOS | 4 | s390 | kdebase | < 3.3.1-5.13 | kdebase-3.3.1-5.13.s390.rpm |