[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 557/05 - Fedora - Core 3 Update: kdelibs-3.3.1-2.14.FC3 [FEDORA-2005-594]



 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 557/05 dated 20.07.05  Time: 10:18  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====
Fedora - Core 3 Update: kdelibs-3.3.1-2.14.FC3 [FEDORA-2005-594]


Detail
====== 


- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-594
2005-07-19
- ---------------------------------------------------------------------

Product     : Fedora Core 3
Name        : kdelibs
Version     : 3.3.1                      
Release     : 2.14.FC3                  
Summary     : K Desktop Environment - Libraries
Description :
Libraries for the K Desktop Environment. 

KDE Libraries include: kdecore (KDE core library), kdeui (user
interface), kfm (file manager), khtmlw (HTML widget), kio
(Input/Output, networking), kspell (spelling checker), jscript
(javascript), kab (addressbook), kimgio (image manipulation).

- ---------------------------------------------------------------------
Update Information:

A flaw was discovered affecting Kate, the KDE advanced text editor, and
Kwrite. Depending on system settings it may be possible for a local user
to read the backup files created by Kate or Kwrite. The Common
Vulnerabilities and Exposures project assigned the name CAN-2005-1920 to
this issue.

Users of Kate or Kwrite should update to this erratum package which
contains a backported patch from the KDE security team correcting this issue. 
- ---------------------------------------------------------------------
* Tue Jul 12 2005 Than Ngo <than@xxxxxxxxxx> 6:3.3.1-2.14.FC3
- - Kate backup file permission leak, apply patch to fix this vulnerabilities
  CAN-2005-1920
- - apply cvs patch to get rid of warning "Mutex destroy failure", #160922

* Wed May  4 2005 Than Ngo <than@xxxxxxxxxx> 6:3.3.1-2.13.FC3
- - new patch to fix kimgio input validation vulnerabilities, CAN-2005-1046


- ---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

7c16ace15f5c3cc17833062448f9a479  SRPMS/kdelibs-3.3.1-2.14.FC3.src.rpm
ab43dbc1f7f8bd0ab15abbd1b81fa8b7  x86_64/kdelibs-3.3.1-2.14.FC3.x86_64.rpm
00ff507d1d9629744a0750c5dc36c0ca  x86_64/kdelibs-devel-3.3.1-2.14.FC3.x86_64.rpm
3aab6b8bf911cc5915392cafd78c5da3  x86_64/debug/kdelibs-debuginfo-3.3.1-2.14.FC3.x86_64.rpm
4ea59323607d5df364a9ba9a0bb9a6c7  x86_64/kdelibs-3.3.1-2.14.FC3.i386.rpm
4ea59323607d5df364a9ba9a0bb9a6c7  i386/kdelibs-3.3.1-2.14.FC3.i386.rpm
99f32b21eb7cf1c5a612356bcd935bcc  i386/kdelibs-devel-3.3.1-2.14.FC3.i386.rpm
a1baca56812419ec7f261291bb86084b  i386/debug/kdelibs-debuginfo-3.3.1-2.14.FC3.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
- ---------------------------------------------------------------------



- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Fedora for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQt4WuYpao72zK539AQEXyAP9H7myZQ0xDnUcmIgKG4BmjhNtacLT31mw
EpMTlAR2pgl6wNl0CCsU9TViWkHRU2dG/EababFFX6JZhVJjgm55BZbNXtmlPyLZ
UOwxLwtuTkfsxvZq2hMOXFy6P8zjXKbO5wYTEa7YioGr3D30eZHytZvr8o9lTKOk
Vmtv91IO6Rw=
=DUch
-----END PGP SIGNATURE-----


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________