Published:
23 June 1999
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-1999.084 -- RHSA-1999:015-01
KDE update for Red Hat Linux 6.0
24 June 1999
===========================================================================
Red Hat Software, Inc. has released the following advisory concerning
vulnerabilities in KDE 1.1.1pre2 shipped with Red Hat Linux 6.0.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
- - ---------------------------------------------------------------------
Red Hat, Inc. Security Advisory
Synopsis: KDE update for Red Hat Linux 6.0
Advisory ID: RHSA-1999:015-01
Issue date: 1999-06-21
Keywords: kde kdm kvt kmail 1.1.1
- - ---------------------------------------------------------------------
1. Topic:
New KDE RPMs are available for Red Hat Linux 6.0. These RPMs upgrade
the 1.1.1pre2 release to 1.1.1 final + fixes. Several security holes
have been closed, and other bugs noted in the original RPMs have been
corrected.
2. BugIDs fixed:
2877 3433
3. Relevant releases/architectures:
Red Hat Linux 6.0, all architectures
4. Obsoleted by:
5. Conflicts with:
6. RPMs required:
Intel: ftp://updates.redhat.com/6.0/i386/
kdeadmin-1.1.1-1.i386.rpm
kdebase-1.1.1-1.i386.rpm
kdegames-1.1.1-1.i386.rpm
kdegraphics-1.1.1-1.i386.rpm
kdelibs-1.1.1-1.i386.rpm
kdemultimedia-1.1.1-1.i386.rpm
kdenetwork-1.1.1-1.i386.rpm
kdesupport-1.1.1-1.i386.rpm
kdetoys-1.1.1-1.i386.rpm
kdeutils-1.1.1-1.i386.rpm
korganizer-1.1.1.i386.rpm
kpilot-3.1b9-1.i386.rpm
Alpha: ftp://updates.redhat.com/6.0/alpha/
kdeadmin-1.1.1-1.alpha.rpm
kdebase-1.1.1-1.alpha.rpm
kdegames-1.1.1-1.alpha.rpm
kdegraphics-1.1.1-1.alpha.rpm
kdelibs-1.1.1-1.alpha.rpm
kdemultimedia-1.1.1-1.alpha.rpm
kdenetwork-1.1.1-1.alpha.rpm
kdesupport-1.1.1-1.alpha.rpm
kdetoys-1.1.1-1.alpha.rpm
kdeutils-1.1.1-1.alpha.rpm
korganizer-1.1.1.alpha.rpm
kpilot-3.1b9-1.alpha.rpm
Sparc: ftp://updates.redhat.com/6.0/sparc
kdeadmin-1.1.1-1.sparc.rpm
kdebase-1.1.1-1.sparc.rpm
kdegames-1.1.1-1.sparc.rpm
kdegraphics-1.1.1-1.sparc.rpm
kdelibs-1.1.1-1.sparc.rpm
kdemultimedia-1.1.1-1.sparc.rpm
kdenetwork-1.1.1-1.sparc.rpm
kdesupport-1.1.1-1.sparc.rpm
kdetoys-1.1.1-1.sparc.rpm
kdeutils-1.1.1-1.sparc.rpm
korganizer-1.1.1.sparc.rpm
kpilot-3.1b9-1.sparc.rpm
7. Problem description:
Red Hat Linux 6.0 shipped with KDE 1.1.1pre2, the latest release
available at the time we went into production. There were a number of
configuration and security bugs in the original packages.
kmail, the kde mail reader, had a bug related to decoding mime
attachments in an unsafe manner. Attachments were written using an
easily predictable filename to a temporary directory. This could
could then be be exploited to overwrite arbitrary files owned by the
person using kmail via a symlink attack.
8. Solution:
Upgrade to KDE 1.1.1 final, which fixes a number of bugs present in
the previous release and contains additional patches to correct
security holes in kmail and kvt.
For each RPM for your particular architecture, run:
rpm -Uvh <filename>
where filename is the name of the RPM.
9. Verification:
These packages are PGP signed by Red Hat Inc. for security. Our key
is available at:
http://www.redhat.com/corp/contact.html
You can verify each package with the following command:
rpm --checksig <filename>
If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
rpm --checksig --nopgp <filename>
10. References:
http://www.geek-girl.com/bugtraq/1999_2/0685.html
This URL describes the kmail security hole.
- -----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv
iQCVAwUBN2+dVtLHqShaOYAxAQF6XAQAqNuA491aBD2rL9ubjMd1iKZCA9wSUzNm
BRZ5akb7ZZZQQStIkTAxyODnNlVlnfO0TYHJ+AwAVo76oM5Kdzq1R51BP+PTxev3
C+Unppug5NkUMB+DOt4Cr/jB+u5VvSIBK/s33/SjdUUWupHIesOf6mi7F27f/Lix
yApeMatgLcE=
=lU2O
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to use any or all of this information is
the responsibility of each user or organisation, and should be done so in
accordance with site policies and procedures.
NOTE: This is only the original release of the security bulletin. It will
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the original authors to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/Information/advisories.html
If you believe that your system has been compromised, contact AusCERT or
your representative in FIRST (Forum of Incident Response and Security
Teams).
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for emergencies.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key
iQCVAwUBN3jZbyh9+71yA2DNAQG+/AP/TaE4nWR+STd8qyQrWudFAWq/d8cdHRaf
6ZkgcZD7rIDY4BS2AvnTfk0cN81neV87d95d9Y4Dnom+GmiqD2W0l2oi5jK0jkz3
gY4Hi7hnxyMN+aaPq5ZwCVb9GGqrq76oAFcN+wxQXuWPM/THqDwOT/nvEl8mbdeK
2T+ukeIU81I=
=xoTt
-----END PGP SIGNATURE-----