Rapid7 Vulnerability & Exploit Database

RHSA-2005:009: kdelibs, kdebase security update

Back to Search

RHSA-2005:009: kdelibs, kdebase security update

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
01/10/2005
Created
07/25/2018
Added
10/28/2005
Modified
07/12/2017

Description

Updated kdelib and kdebase packages that resolve several security issues are now available.

The kdelibs packages include libraries for the K Desktop Environment. The kdebase packages include core applications for the K Desktop Environment. Secunia Research discovered a window injection spoofing vulnerability affecting the Konqueror web browser. This issue could allow a malicious website to show arbitrary content in a different browser window. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-1158 to this issue. A bug was discovered in the way kioslave handles URL-encoded newline (%0a) characters before the FTP command. It is possible that a specially crafted URL could be used to execute any ftp command on a remote server, or potentially send unsolicited email. The Common Vulnerabilities and Exposures project has assigned the name CAN-2004-1165 to this issue. A bug was discovered that can crash KDE screensaver under certain local circumstances. This could allow an attacker with physical access to the workstation to take over a locked desktop session. Please note that this issue only affects Red Hat Enterprise Linux 2.1. The Common Vulnerabilities and Exposures project has assigned the name CAN-2005-0078 to this issue. All users of KDE are advised to upgrade to this updated packages, which contain backported patches to correct these issues.

Solution(s)

  • redhat-upgrade-arts
  • redhat-upgrade-kdebase
  • redhat-upgrade-kdebase-devel
  • redhat-upgrade-kdelibs
  • redhat-upgrade-kdelibs-devel
  • redhat-upgrade-kdelibs-sound
  • redhat-upgrade-kdelibs-sound-devel

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;