[Full-disclosure] [FLSA-2005:152769] Updated kdelibs/kdebase packages fix security issues

From: Marc Deslauriers (marcdeslauriers_at_videotron.ca)
Date: 07/16/05

  • Next message: security curmudgeon: "Re: [Full-disclosure] Security contact at Nortel?"
    Date: Fri, 15 Jul 2005 22:07:18 -0400
    To: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk
    
    
    
    

    ---------------------------------------------------------------------
                   Fedora Legacy Update Advisory

    Synopsis: Updated kdelibs/kdebase packages fix security issues
    Advisory ID: FLSA:152769
    Issue date: 2005-07-15
    Product: Red Hat Linux, Fedora Core
    Keywords: Bugfix
    CVE Names: CAN-2003-0592 CAN-2004-0411 CAN-2004-0689
                       CAN-2004-0721 CAN-2004-0746 CAN-2004-1158
                       CAN-2004-1165
    ---------------------------------------------------------------------

    ---------------------------------------------------------------------
    1. Topic:

    Updated kdelibs and kdebase packages that resolve several security
    issues are now available.

    The kdelibs packages include libraries for the K Desktop Environment.
    The kdebase packages include core applications for the K Desktop
    Environment.

    2. Relevant releases/architectures:

    Red Hat Linux 7.3 - i386
    Red Hat Linux 9 - i386
    Fedora Core 1 - i386

    3. Problem description:

    Flaws have been found in the cookie path handling between a number of
    Web browsers and servers. The HTTP cookie standard allows a Web server
    supplying a cookie to a client to specify a subset of URLs on the origin
    server to which the cookie applies. Web servers such as Apache do not
    filter returned cookies and assume that the client will only send back
    cookies for requests that fall within the server-supplied subset of
    URLs. However, by supplying URLs that use path traversal (/../) and
    character encoding, it is possible to fool many browsers into sending a
    cookie to a path outside of the originally-specified subset. The Common
    Vulnerabilities and Exposures project has assigned the name
    CAN-2003-0592 to this issue.

    iDEFENSE identified a vulnerability in the Opera web browser that could
    allow remote attackers to create or truncate arbitrary files. The KDE
    team has found two similar vulnerabilities that also exist in KDE. A
    flaw in the telnet URI handler may allow options to be passed to the
    telnet program, resulting in creation or replacement of files. An
    attacker could create a carefully crafted link such that when opened by
    a victim it creates or overwrites a file with the victim's permissions.
    A flaw in the mailto URI handler may allow options to be passed to the
    kmail program. These options could cause kmail to write to the file
    system or to run on a remote X display. An attacker could create a
    carefully crafted link in such a way that access may be obtained to run
    arbitrary code as the victim. The Common Vulnerabilities and Exposures
    project (cve.mitre.org) has assigned the name CAN-2004-0411 to these
    issues.

    Andrew Tuitt reported that versions of KDE up to and including 3.2.3
    create temporary directories with predictable names. A local attacker
    could prevent KDE applications from functioning correctly, or overwrite
    files owned by other users by creating malicious symlinks. The Common
    Vulnerabilities and Exposures project has assigned the name
    CAN-2004-0689 to this issue.

    WESTPOINT internet reconnaissance services has discovered that the KDE
    web browser Konqueror allows websites to set cookies for certain country
    specific secondary top level domains. An attacker within one of the
    affected domains could construct a cookie which would be sent to all
    other websites within the domain leading to a session fixation attack.
    This issue does not affect popular domains such as .co.uk, .co.in, or
    .com. The Common Vulnerabilities and Exposures project has assigned the
    name CAN-2004-0721 to this issue.

    A frame injection spoofing vulnerability has been discovered in the
    Konqueror web browser. This issue could allow a malicious website to
    show arbitrary content in a named frame of a different browser window.
    The Common Vulnerabilities and Exposures project has assigned the name
    CAN-2004-0746 to this issue.

    Secunia Research discovered a window injection spoofing vulnerability
    affecting the Konqueror web browser. This issue could allow a malicious
    website to show arbitrary content in a different browser window. The
    Common Vulnerabilities and Exposures project has assigned the name
    CAN-2004-1158 to this issue.

    A bug was discovered in the way kioslave handles URL-encoded newline
    (%0a) characters before the FTP command. It is possible that a specially
    crafted URL could be used to execute any ftp command on a remote server,
    or potentially send unsolicited email. The Common Vulnerabilities and
    Exposures project has assigned the name CAN-2004-1165 to this issue.

    All users of KDE are advised to upgrade to this updated packages, which
    contain backported patches to correct these issues.

    4. Solution:

    Before applying this update, make sure all previously released errata
    relevant to your system have been applied.

    To update all RPMs for your particular architecture, run:

    rpm -Fvh [filenames]

    where [filenames] is a list of the RPMs you wish to upgrade. Only those
    RPMs which are currently installed will be updated. Those RPMs which
    are not installed but included in the list will not be updated. Note
    that you can also use wildcards (*.rpm) if your current directory *only*
    contains the desired RPMs.

    Please note that this update is also available via yum and apt. Many
    people find this an easier way to apply updates. To use yum issue:

    yum update

    or to use apt:

    apt-get update; apt-get upgrade

    This will start an interactive process that will result in the
    appropriate RPMs being upgraded on your system. This assumes that you
    have yum or apt-get configured for obtaining Fedora Legacy content.
    Please visit http://www.fedoralegacy.org/docs for directions on how to
    configure yum and apt-get.

    5. Bug IDs fixed:

    https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152769

    6. RPMs required:

    Red Hat Linux 7.3:
    SRPM:
    http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/kdebase-3.0.5a-0.73.7.legacy.src.rpm
    http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/kdelibs-3.0.5a-0.73.6.legacy.src.rpm

    i386:
    http://download.fedoralegacy.org/redhat/7.3/updates/i386/kdebase-3.0.5a-0.73.7.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/7.3/updates/i386/kdebase-devel-3.0.5a-0.73.7.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/7.3/updates/i386/kdelibs-3.0.5a-0.73.6.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/7.3/updates/i386/kdelibs-devel-3.0.5a-0.73.6.legacy.i386.rpm

    Red Hat Linux 9:

    SRPM:
    http://download.fedoralegacy.org/redhat/9/updates/SRPMS/kdebase-3.1-18.legacy.src.rpm
    http://download.fedoralegacy.org/redhat/9/updates/SRPMS/kdelibs-3.1-17.legacy.src.rpm

    i386:
    http://download.fedoralegacy.org/redhat/9/updates/i386/kdebase-3.1-18.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/9/updates/i386/kdebase-devel-3.1-18.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/9/updates/i386/kdelibs-3.1-17.legacy.i386.rpm
    http://download.fedoralegacy.org/redhat/9/updates/i386/kdelibs-devel-3.1-17.legacy.i386.rpm

    Fedora Core 1:

    SRPM:
    http://download.fedoralegacy.org/fedora/1/updates/SRPMS/kdebase-3.1.4-9.legacy.src.rpm
    http://download.fedoralegacy.org/fedora/1/updates/SRPMS/kdelibs-3.1.4-9.legacy.src.rpm

    i386:
    http://download.fedoralegacy.org/fedora/1/updates/i386/kdebase-3.1.4-9.legacy.i386.rpm
    http://download.fedoralegacy.org/fedora/1/updates/i386/kdebase-devel-3.1.4-9.legacy.i386.rpm
    http://download.fedoralegacy.org/fedora/1/updates/i386/kdelibs-3.1.4-9.legacy.i386.rpm
    http://download.fedoralegacy.org/fedora/1/updates/i386/kdelibs-devel-3.1.4-9.legacy.i386.rpm

    7. Verification:

    SHA1 sum Package Name
    ---------------------------------------------------------------------

    ab6411334132d5802fc3ee5f2fe84f093e4bc2e7
    redhat/7.3/updates/i386/kdebase-3.0.5a-0.73.7.legacy.i386.rpm
    56c46a2228202188e3ed7568d920026271c7b50b
    redhat/7.3/updates/i386/kdebase-devel-3.0.5a-0.73.7.legacy.i386.rpm
    150f547193e5c29da348580d5fbd3a073f9ef10e
    redhat/7.3/updates/i386/kdelibs-3.0.5a-0.73.6.legacy.i386.rpm
    018101a1b09d9e8f1ce5aef49186385ee5822eaf
    redhat/7.3/updates/i386/kdelibs-devel-3.0.5a-0.73.6.legacy.i386.rpm
    5cd53bb265cb29964d1d52680846296eaa34aa5e
    redhat/7.3/updates/SRPMS/kdebase-3.0.5a-0.73.7.legacy.src.rpm
    aac6a1b078750398b5636e26890d37eeaba15d07
    redhat/7.3/updates/SRPMS/kdelibs-3.0.5a-0.73.6.legacy.src.rpm
    89ec164225d93ec6572d40f843c8ffed6e0b454b
    redhat/9/updates/i386/kdebase-3.1-18.legacy.i386.rpm
    a7e702304cc599eba38bd232ab216b2f11c04b03
    redhat/9/updates/i386/kdebase-devel-3.1-18.legacy.i386.rpm
    43952098114d6f1de023ad02051850d1e62a843b
    redhat/9/updates/i386/kdelibs-3.1-17.legacy.i386.rpm
    bfc0d2fc7e80c57a5306aac818cd75f073b114bd
    redhat/9/updates/i386/kdelibs-devel-3.1-17.legacy.i386.rpm
    937fc96d039dd3eb43a4acc975545b954112e3d5
    redhat/9/updates/SRPMS/kdebase-3.1-18.legacy.src.rpm
    2afbef59e60e63906b9ee20a57dccf438f667dcc
    redhat/9/updates/SRPMS/kdelibs-3.1-17.legacy.src.rpm
    c9bb19c3b14d0307048d6963fd943a558b6beace
    fedora/1/updates/i386/kdebase-3.1.4-9.legacy.i386.rpm
    229ea248850a2bc07f3ea50f6a26932ba019aa93
    fedora/1/updates/i386/kdebase-devel-3.1.4-9.legacy.i386.rpm
    a9778ed5012ffbe9d9453e589ab04db5531e3918
    fedora/1/updates/i386/kdelibs-3.1.4-9.legacy.i386.rpm
    fbb005803701315f6d5932967f7e9152eb2365f0
    fedora/1/updates/i386/kdelibs-devel-3.1.4-9.legacy.i386.rpm
    3cdb52e7b0fd6fc444a7cea58034db5dcdbc9f99
    fedora/1/updates/SRPMS/kdebase-3.1.4-9.legacy.src.rpm
    0d896b24d8d88e072e7b46d1cf1ba9733b78b42a
    fedora/1/updates/SRPMS/kdelibs-3.1.4-9.legacy.src.rpm

    These packages are GPG signed by Fedora Legacy for security. Our key is
    available from http://www.fedoralegacy.org/about/security.php

    You can verify each package with the following command:

        rpm --checksig -v <filename>

    If you only wish to verify that each package has not been corrupted or
    tampered with, examine only the sha1sum with the following command:

        sha1sum <filename>

    8. References:

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0592
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0411
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0689
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0721
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0746
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1158
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1165

    9. Contact:

    The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More
    project details at http://www.fedoralegacy.org

    ---------------------------------------------------------------------

    
    

    
    

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/



  • Next message: security curmudgeon: "Re: [Full-disclosure] Security contact at Nortel?"

    Relevant Pages