MDKSA-2004:086

Package name

kdelibs/kdebase

Date

2004-08-20

Advisory ID

MDKSA-2004:086

Affected versions

10.0 amd64 , 9.2 i586 , 10.0 i586 , 9.2 amd64

Problem description

A number of vulnerabilities were discovered in KDE that are corrected with these update packages. The integrity of symlinks used by KDE are not ensured and as a result can be abused by local attackers to create or truncate arbitrary files or to prevent KDE applications from functioning correctly (CAN-2004-0689). The DCOPServer creates temporary files in an insecure manner. These temporary files are used for authentication-related purposes, so this could potentially allow a local attacker to compromise the account of any user running a KDE application (CAN-2004-0690). Note that only KDE 3.2.x is affected by this vulnerability. The Konqueror web browser allows websites to load web pages into a frame of any other frame-based web page that the user may have open. This could potentially allow a malicious website to make Konqueror insert its own frames into the page of an otherwise trusted website (CAN-2004-0721). The Konqueror web browser also allows websites to set cookies for certain country-specific top-level domains. This can be done to make Konqueror send the cookies to all other web sites operating under the same domain, which can be abused to become part of a session fixation attack. All country-specific secondary top-level domains that use more than 2 characters in the secondary part of the domain name, and that use a secondary part other than com, net, mil, org, gove, edu, or int are affected (CAN-2004-0746).

Updated packages

10.0 amd64

 8edf6ee3527aef3399db27ee98d39c6f  amd64/10.0/RPMS/kdebase-3.2-79.2.100mdk.amd64.rpm
58b4defe043743d137f05b27bb7c0c87  amd64/10.0/RPMS/kdebase-common-3.2-79.2.100mdk.amd64.rpm
6bc0bdb8dcebfd4f9a010a8a257c67f6  amd64/10.0/RPMS/kdebase-kate-3.2-79.2.100mdk.amd64.rpm
0cd79e56ddf5fcdaa08bb9d6d60103f8  amd64/10.0/RPMS/kdebase-kcontrol-data-3.2-79.2.100mdk.amd64.rpm
0c7e8f118a150dbe63eac16476571cec  amd64/10.0/RPMS/kdebase-kdeprintfax-3.2-79.2.100mdk.amd64.rpm
f659c4d625218bde4dbf87cf0c457faa  amd64/10.0/RPMS/kdebase-kdm-3.2-79.2.100mdk.amd64.rpm
2065540f835e04eb269c1ab3e070289b  amd64/10.0/RPMS/kdebase-kdm-config-file-3.2-79.2.100mdk.amd64.rpm
02a45357b22c1374d6919b70997b4b8d  amd64/10.0/RPMS/kdebase-kmenuedit-3.2-79.2.100mdk.amd64.rpm
6db6c45484be318eb53d5cbeef9a6e0e  amd64/10.0/RPMS/kdebase-konsole-3.2-79.2.100mdk.amd64.rpm
567cae5415e7b1d3d8091d264ca98ea2  amd64/10.0/RPMS/kdebase-nsplugins-3.2-79.2.100mdk.amd64.rpm
6c597ced6b9590ebfc5ed1b8fef8190c  amd64/10.0/RPMS/kdebase-progs-3.2-79.2.100mdk.amd64.rpm
c7c0135d79620f0a6002d546408e7be0  amd64/10.0/RPMS/kdelibs-common-3.2-36.3.100mdk.amd64.rpm
57e18c9dca64cb6d4201f49719a0f591  amd64/10.0/RPMS/lib64kdebase4-3.2-79.2.100mdk.amd64.rpm
aec6a23128624c32cf8ff302e15a0dce  amd64/10.0/RPMS/lib64kdebase4-devel-3.2-79.2.100mdk.amd64.rpm
d331d129437e959fe5952645205c602b  amd64/10.0/RPMS/lib64kdebase4-kate-3.2-79.2.100mdk.amd64.rpm
eac31119b4c7450e59bc4f855fef8ee3  amd64/10.0/RPMS/lib64kdebase4-kate-devel-3.2-79.2.100mdk.amd64.rpm
7692a8d3eb9085c4e01a6f82d22e54ea  amd64/10.0/RPMS/lib64kdebase4-kmenuedit-3.2-79.2.100mdk.amd64.rpm
0dfd8eb1e9389b810cd541cbe78bbb37  amd64/10.0/RPMS/lib64kdebase4-konsole-3.2-79.2.100mdk.amd64.rpm
8611b9991340db56c60c4cc25cbe5a95  amd64/10.0/RPMS/lib64kdebase4-nsplugins-3.2-79.2.100mdk.amd64.rpm
a72df10c2073f103963b763b68e1d6eb  amd64/10.0/RPMS/lib64kdebase4-nsplugins-devel-3.2-79.2.100mdk.amd64.rpm
249dd74dd637791186829757f06a1291  amd64/10.0/RPMS/lib64kdecore4-3.2-36.3.100mdk.amd64.rpm
308cf4ac4d2eddb590e8e867175c2311  amd64/10.0/RPMS/lib64kdecore4-devel-3.2-36.3.100mdk.amd64.rpm
d2a3e8c4391af933ebc2e48cc4aa8dee  amd64/10.0/SRPMS/kdebase-3.2-79.2.100mdk.src.rpm
93330083dd59710108f6977107562aaf  amd64/10.0/SRPMS/kdelibs-3.2-36.3.100mdk.src.rpm

9.2 i586

 7a437fd66146531dd156af9466460b7f  9.2/RPMS/kdebase-3.1.3-79.2.92mdk.i586.rpm
46678bcc9b2e2af5f5b83b419d022522  9.2/RPMS/kdebase-common-3.1.3-79.2.92mdk.i586.rpm
abee5d0c191812f382c6247ca87ad466  9.2/RPMS/kdebase-kate-3.1.3-79.2.92mdk.i586.rpm
9afe4816f3316c153105f6fe60eb5c27  9.2/RPMS/kdebase-kdeprintfax-3.1.3-79.2.92mdk.i586.rpm
314684650edf45d258955afd7a0cd71a  9.2/RPMS/kdebase-kdm-3.1.3-79.2.92mdk.i586.rpm
cebc25881d037ce59f3de2cc3ba7f3f3  9.2/RPMS/kdebase-kdm-config-file-3.1.3-79.2.92mdk.i586.rpm
538d05e93fd88a3c57cb358b5cd36dd4  9.2/RPMS/kdebase-konsole-3.1.3-79.2.92mdk.i586.rpm
d48c6377c5b580d668135c4afdddf3d1  9.2/RPMS/kdebase-nsplugins-3.1.3-79.2.92mdk.i586.rpm
f2ad83707508d33d9dd63d77ec2d82e8  9.2/RPMS/kdebase-progs-3.1.3-79.2.92mdk.i586.rpm
beca2c6a0458a32f8433cfd3702733e6  9.2/RPMS/kdelibs-common-3.1.3-35.3.92mdk.i586.rpm
285672f9688c2fb212b51398dc3085c1  9.2/RPMS/libkdebase4-3.1.3-79.2.92mdk.i586.rpm
382e809df95c5b9ecf3cf64521a71816  9.2/RPMS/libkdebase4-devel-3.1.3-79.2.92mdk.i586.rpm
d6ff93e7d16d284a96c6113c784ae60f  9.2/RPMS/libkdebase4-kate-3.1.3-79.2.92mdk.i586.rpm
9e710e6502f32e9fa12e621e9cfdf4d0  9.2/RPMS/libkdebase4-kate-devel-3.1.3-79.2.92mdk.i586.rpm
47a2a05820b54bec347afd26da339203  9.2/RPMS/libkdebase4-konsole-3.1.3-79.2.92mdk.i586.rpm
4863e95228969e3ed2f9daa2278d4276  9.2/RPMS/libkdebase4-nsplugins-3.1.3-79.2.92mdk.i586.rpm
85dabe0527172fdf9202c724776d9d62  9.2/RPMS/libkdebase4-nsplugins-devel-3.1.3-79.2.92mdk.i586.rpm
f0add02f5422c3f62cfbecd0f2a26b2d  9.2/RPMS/libkdecore4-3.1.3-35.3.92mdk.i586.rpm
e8923bf7bc65c13bdd8fd18208ab550e  9.2/RPMS/libkdecore4-devel-3.1.3-35.3.92mdk.i586.rpm
c54061baeb0b3498ccf8d776dc36fd9d  9.2/SRPMS/kdebase-3.1.3-79.2.92mdk.src.rpm
0e24de240e1a84326df7332499b452c7  9.2/SRPMS/kdelibs-3.1.3-35.3.92mdk.src.rpm

10.0 i586

 510438b78f3516746d4b4ed60ac212b3  10.0/RPMS/kdebase-3.2-79.2.100mdk.i586.rpm
c8cf4ce9cf1d249b4a2bed3c66528803  10.0/RPMS/kdebase-common-3.2-79.2.100mdk.i586.rpm
d38633d8cba665bbe1237813e45b0f7b  10.0/RPMS/kdebase-kate-3.2-79.2.100mdk.i586.rpm
5854609ecb04e39b0bc07e9a33778488  10.0/RPMS/kdebase-kcontrol-data-3.2-79.2.100mdk.i586.rpm
48727a4e1dd5df1bd52276f03ae8edd3  10.0/RPMS/kdebase-kdeprintfax-3.2-79.2.100mdk.i586.rpm
52fc69771ec698ba332870cbfa618a60  10.0/RPMS/kdebase-kdm-3.2-79.2.100mdk.i586.rpm
d3ae0bc755db0665e12472a2e22ebd90  10.0/RPMS/kdebase-kdm-config-file-3.2-79.2.100mdk.i586.rpm
85d8b0ebf0421963f652424b0441145c  10.0/RPMS/kdebase-kmenuedit-3.2-79.2.100mdk.i586.rpm
222d9900d8f30961f04b870c5a949a1f  10.0/RPMS/kdebase-konsole-3.2-79.2.100mdk.i586.rpm
554b091c26d0461831323389292cc72d  10.0/RPMS/kdebase-nsplugins-3.2-79.2.100mdk.i586.rpm
487748d51da06a36180d18a0cedda4c5  10.0/RPMS/kdebase-progs-3.2-79.2.100mdk.i586.rpm
0f4088f33543e6f0f263537964cfccee  10.0/RPMS/kdelibs-common-3.2-36.3.100mdk.i586.rpm
9cc536b2ffd48b6b5354ba8967638d3e  10.0/RPMS/libkdebase4-3.2-79.2.100mdk.i586.rpm
32ed1e7ed670e6c01716f491b8181e8d  10.0/RPMS/libkdebase4-devel-3.2-79.2.100mdk.i586.rpm
ea55a16ba1f7cd6ea2dabd274ce023bf  10.0/RPMS/libkdebase4-kate-3.2-79.2.100mdk.i586.rpm
df122aa36fd811d3d97aafcff1d6aed7  10.0/RPMS/libkdebase4-kate-devel-3.2-79.2.100mdk.i586.rpm
598709de41b8101c44e0a82e52718340  10.0/RPMS/libkdebase4-kmenuedit-3.2-79.2.100mdk.i586.rpm
71f277606a8b5d17ca3f7a09aba486f7  10.0/RPMS/libkdebase4-konsole-3.2-79.2.100mdk.i586.rpm
bceb452042e0c72d475139f4efe7a0c5  10.0/RPMS/libkdebase4-nsplugins-3.2-79.2.100mdk.i586.rpm
ffc1728d50b17dd3cae6f1e2ad0589e2  10.0/RPMS/libkdebase4-nsplugins-devel-3.2-79.2.100mdk.i586.rpm
82d343a84048b56353c97b72b771ea81  10.0/RPMS/libkdecore4-3.2-36.3.100mdk.i586.rpm
7fd56a29040d0708e5d4650228c3534d  10.0/RPMS/libkdecore4-devel-3.2-36.3.100mdk.i586.rpm
d2a3e8c4391af933ebc2e48cc4aa8dee  10.0/SRPMS/kdebase-3.2-79.2.100mdk.src.rpm
93330083dd59710108f6977107562aaf  10.0/SRPMS/kdelibs-3.2-36.3.100mdk.src.rpm

9.2 amd64

 daf7342d2c27f510597058428738a5d3  amd64/9.2/RPMS/kdebase-3.1.3-79.2.92mdk.amd64.rpm
b03fbd0ebd368d78616c99adbfcbfdd2  amd64/9.2/RPMS/kdebase-common-3.1.3-79.2.92mdk.amd64.rpm
46c62f4ef453fa25213ff26d47e46057  amd64/9.2/RPMS/kdebase-kate-3.1.3-79.2.92mdk.amd64.rpm
5ec5e4dd405ce0605780553ddbd47604  amd64/9.2/RPMS/kdebase-kdeprintfax-3.1.3-79.2.92mdk.amd64.rpm
f124a86ffaa161f8101344c0bda1ae39  amd64/9.2/RPMS/kdebase-kdm-3.1.3-79.2.92mdk.amd64.rpm
36da16dd458a163090098aeefe5eb619  amd64/9.2/RPMS/kdebase-kdm-config-file-3.1.3-79.2.92mdk.amd64.rpm
7c12240ad3e6b73fd0b24ae4d98fc0da  amd64/9.2/RPMS/kdebase-konsole-3.1.3-79.2.92mdk.amd64.rpm
b8c04a16954a7374b6194415f6e5e15a  amd64/9.2/RPMS/kdebase-nsplugins-3.1.3-79.2.92mdk.amd64.rpm
6f855be2d1961dc75c5f1283cd25e71b  amd64/9.2/RPMS/kdebase-progs-3.1.3-79.2.92mdk.amd64.rpm
b9a0ba03005f212d8f2c8f5b952ef8e2  amd64/9.2/RPMS/kdelibs-common-3.1.3-35.3.92mdk.amd64.rpm
999bf091090905ea8d07aec1ec97fed2  amd64/9.2/RPMS/lib64kdebase4-3.1.3-79.2.92mdk.amd64.rpm
b744accc86241864b23662265a6f2c9f  amd64/9.2/RPMS/lib64kdebase4-devel-3.1.3-79.2.92mdk.amd64.rpm
596fefe16698fecd8d7ce04f19d048ff  amd64/9.2/RPMS/lib64kdebase4-kate-3.1.3-79.2.92mdk.amd64.rpm
caa45d71983b623a59923b18f6bb4f69  amd64/9.2/RPMS/lib64kdebase4-kate-devel-3.1.3-79.2.92mdk.amd64.rpm
7dd01ca77c94ff3a018dd5779605e67c  amd64/9.2/RPMS/lib64kdebase4-konsole-3.1.3-79.2.92mdk.amd64.rpm
1d3f7e3e031df08ed17f77df6505cb47  amd64/9.2/RPMS/lib64kdebase4-nsplugins-3.1.3-79.2.92mdk.amd64.rpm
f6f15ceb62c4abde32406bc1ae75b864  amd64/9.2/RPMS/lib64kdebase4-nsplugins-devel-3.1.3-79.2.92mdk.amd64.rpm
9478889d65eff687203a5ccf19ca3a28  amd64/9.2/RPMS/lib64kdecore4-3.1.3-35.3.92mdk.amd64.rpm
3c53063491a5f3a5ca4e51708fd85763  amd64/9.2/RPMS/lib64kdecore4-devel-3.1.3-35.3.92mdk.amd64.rpm
c54061baeb0b3498ccf8d776dc36fd9d  amd64/9.2/SRPMS/kdebase-3.1.3-79.2.92mdk.src.rpm
0e24de240e1a84326df7332499b452c7  amd64/9.2/SRPMS/kdelibs-3.1.3-35.3.92mdk.src.rpm

References

• http://www.kde.org/info/security/advisory-20040811-3.txt
• http://www.kde.org/info/security/advisory-20040811-2.txt
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0746
• http://www.kde.org/info/security/advisory-20040811-1.txt
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0721
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0689
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0690
• http://www.kde.org/info/security/advisory-20040820-1.txt