Nom du paquet
kdelibs
Date
2005-03-16
Advisory ID
MDKSA-2005:058
Affected versions
10.0 amd64 , 10.1 i586 , 10.0 i586 , CS3.0 x86_64 , CS3.0 i586 , 10.1 x86_64

Problem description

A vulnerability in dcopserver was discovered by Sebastian Krahmer of the SUSE security team. A local user can lock up the dcopserver of other users on the same machine by stalling the DCOP authentication process, causing a local Denial of Service. dcopserver is the KDE Desktop Communication Procotol daemon (CAN-2005-0396). As well, the IDN (International Domain Names) support in Konqueror is vulnerable to a phishing technique known as a Homograph attack. This attack is made possible due to IDN allowing a website to use a wide range of international characters that have a strong resemblance to other characters. This can be used to trick users into thinking they are on a different trusted site when they are in fact on a site mocked up to look legitimate using these other characters, known as homographs. This can be used to trick users into providing personal information to a site they think is trusted (CAN-2005-0237). Finally, it was found that the dcopidlng script was vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files of a user when the script is run on behalf of that user. However, this script is only used as part of the build process of KDE itself and may also be used by the build processes of third- party KDE applications (CAN-2005-0365). The updated packages are patched to deal with these issues and Mandrakesoft encourages all users to upgrade immediately.

Updated packages

10.0 amd64

 23bd80fb1b6e29ac30abf8ca030f02ce  amd64/10.0/RPMS/kdelibs-common-3.2-36.12.100mdk.amd64.rpm
f0ed5a6cc839264cb1cf3d6a83a4881a  amd64/10.0/RPMS/lib64kdecore4-3.2-36.12.100mdk.amd64.rpm
a1985658ba14f572ba759482debcef14  amd64/10.0/RPMS/lib64kdecore4-devel-3.2-36.12.100mdk.amd64.rpm
113483436cc05765978f497ba70c300a  amd64/10.0/SRPMS/kdelibs-3.2-36.12.100mdk.src.rpm

10.1 i586

 ec7b57ea845f6c7ab01c8ee67b14b473  10.1/RPMS/kdelibs-common-3.2.3-104.2.101mdk.i586.rpm
9e900e767495f30a02453974855b0497  10.1/RPMS/libkdecore4-3.2.3-104.2.101mdk.i586.rpm
036ba66a047006933c33bc397d9503ee  10.1/RPMS/libkdecore4-devel-3.2.3-104.2.101mdk.i586.rpm
468a28ffcb57e01535ba35fb633f4ee5  10.1/SRPMS/kdelibs-3.2.3-104.2.101mdk.src.rpm

10.0 i586

 6c24906717a7a75fb7c0c7b0267bdca6  10.0/RPMS/kdelibs-common-3.2-36.12.100mdk.i586.rpm
e0cb970bc7efeb6ba447c6cd92398f4b  10.0/RPMS/libkdecore4-3.2-36.12.100mdk.i586.rpm
046bd58e4261238bb8857d3bdd5e09e7  10.0/RPMS/libkdecore4-devel-3.2-36.12.100mdk.i586.rpm
113483436cc05765978f497ba70c300a  10.0/SRPMS/kdelibs-3.2-36.12.100mdk.src.rpm

CS3.0 x86_64

 d42efc7c072d78794750742a0ffa8808  x86_64/corporate/3.0/RPMS/kdelibs-common-3.2-36.12.C30mdk.x86_64.rpm
ed57b05ddc173abc8271516abd47e289  x86_64/corporate/3.0/RPMS/lib64kdecore4-3.2-36.12.C30mdk.x86_64.rpm
99bd9de3205bf4e728987b1267382174  x86_64/corporate/3.0/RPMS/lib64kdecore4-devel-3.2-36.12.C30mdk.x86_64.rpm
f8bb656cb23100dae5da6c7024f89277  x86_64/corporate/3.0/SRPMS/kdelibs-3.2-36.12.C30mdk.src.rpm

CS3.0 i586

 21a462267a1e459b2fe234338667d3c5  corporate/3.0/RPMS/kdelibs-common-3.2-36.12.C30mdk.i586.rpm
221807f377f57439960bdcdfa4ea4a5c  corporate/3.0/RPMS/libkdecore4-3.2-36.12.C30mdk.i586.rpm
b6b4538be00036dca0b983aa55061fb8  corporate/3.0/RPMS/libkdecore4-devel-3.2-36.12.C30mdk.i586.rpm
f8bb656cb23100dae5da6c7024f89277  corporate/3.0/SRPMS/kdelibs-3.2-36.12.C30mdk.src.rpm

10.1 x86_64

 2f0b1d547f7b8f0234606092b3ea2bd4  x86_64/10.1/RPMS/kdelibs-common-3.2.3-104.2.101mdk.x86_64.rpm
96cc9a12ab7c247f2c7c0c478fd3c772  x86_64/10.1/RPMS/lib64kdecore4-3.2.3-104.2.101mdk.x86_64.rpm
cbe167d1624f0a1821de6af47b734771  x86_64/10.1/RPMS/lib64kdecore4-devel-3.2.3-104.2.101mdk.x86_64.rpm
9e900e767495f30a02453974855b0497  x86_64/10.1/RPMS/libkdecore4-3.2.3-104.2.101mdk.i586.rpm
468a28ffcb57e01535ba35fb633f4ee5  x86_64/10.1/SRPMS/kdelibs-3.2.3-104.2.101mdk.src.rpm

References