kdebase security update

CentOS Errata and Security Advisory CESA-2006:0582

The kdebase packages provide the core applications for KDE, the K Desktop
Environment. These core packages include the file manager Konqueror.

Ilja van Sprundel discovered a lock file handling flaw in kcheckpass. If
the directory /var/lock is writable by a user who is allowed to run
kcheckpass, that user could gain root privileges. In Red Hat Enterprise
Linux, the /var/lock directory is not writable by users and therefore this
flaw could only have been exploited if the permissions on that directory
have been badly configured. A patch to block this issue has been included
in this update. (CVE-2005-2494)

The following bugs have also been addressed:

• kstart --tosystray does not send the window to the system tray in Kicker

• When the customer enters or selects URLs in Firefox’s address field, the
  desktop freezes for a couple of seconds

• fish kioslave is broken on 64-bit systems

All users of kdebase should upgrade to these updated packages, which
contain patches to resolve these issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-August/075321.html
https://lists.centos.org/pipermail/centos-announce/2006-August/075322.html
https://lists.centos.org/pipermail/centos-announce/2006-August/075334.html
https://lists.centos.org/pipermail/centos-announce/2006-August/075335.html
https://lists.centos.org/pipermail/centos-announce/2006-August/075336.html

Affected packages:
kdebase
kdebase-devel

Upstream details at:
https://access.redhat.com/errata/RHSA-2006:0582