__________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN kdelibs Security Update [Red Hat RHSA-2006:0720-5] October 18, 2006 18:00 GMT Number R-019 [REVISED 31 Oct 2006] ______________________________________________________________________________ PROBLEM: An interger overflow flaw was found in the way Qt handled pixmap images. PLATFORM: Red Hat Desktop (v. 3 & v. 4) Red Hat Enterprise Linux AS, ES, WS (v.2.1, v.3, & v.4) Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor Debian 3.1 (stable) DAMAGE: An attacher could execute arbitrary code with the privileges of the victim or crash Konqueror. SOLUTION: Upgrade to the appropriate version. ______________________________________________________________________________ VULNERABILITY The risk is MEDIUM. An attacher could execute arbitrary code ASSESSMENT: with the privileges of the victim or crash Konqueror. ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/r-019.shtml ORIGINAL BULLETIN: Red Hat RHSA-2006:0720-5 https://rhn.redhat.com/errata/RHSA-2006-0720.html ADDITIONAL LINK: Debian Security Advisory DSA-1200-1 http://www.debian.org/security/2006/dsa-1200 CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2006-4811 ______________________________________________________________________________ REVISION HISTORY: 10/31/2006 - revised to add a link to Debian Security Advisory DSA-1200-1 for Debian 3.1 (stable). [***** Start Red Hat RHSA-2006:0720-5 *****] Critical: kdelibs security update Advisory: RHSA-2006:0720-5 Type: Security Advisory Issued on: 2006-10-18 Last updated on: 2006-10-18 Affected Products: Red Hat Desktop (v. 3) Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 2.1) Red Hat Enterprise Linux WS (v. 3) Red Hat Enterprise Linux WS (v. 4) Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor CVEs (cve.mitre.org): CVE-2006-4811 Details Updated kdelibs packages that correct an integer overflow flaw are now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. The kdelibs package provides libraries for the K Desktop Environment (KDE). Qt is a GUI software toolkit for the X Window System. An integer overflow flaw was found in the way Qt handled pixmap images. The KDE khtml library uses Qt in such a way that untrusted parameters could be passed to Qt, triggering the overflow. An attacker could for example create a malicious web page that when viewed by a victim in the Konqueror browser would cause Konqueror to crash or possibly execute arbitrary code with the privileges of the victim. (CVE-2006-4811) Users of KDE should upgrade to these updated packages, which contain a backported patch to correct this issue. Solution Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. Updated packages Red Hat Desktop (v. 3) -------------------------------------------------------------------------------- SRPMS: kdelibs-3.1.3-6.12.src.rpm cdeb513ec6b326e719373afb39420b92 IA-32: kdelibs-3.1.3-6.12.i386.rpm 403f8d641cfeda9efd11a3c977b8afe7 kdelibs-devel-3.1.3-6.12.i386.rpm 1d572edb05e3c2fe8c5d77941a568cb8 x86_64: kdelibs-3.1.3-6.12.i386.rpm 403f8d641cfeda9efd11a3c977b8afe7 kdelibs-3.1.3-6.12.x86_64.rpm 05cddb98cc096807430e17eab725d811 kdelibs-devel-3.1.3-6.12.x86_64.rpm 2ec6fcb91b8cf102e915755dd08632bd Red Hat Desktop (v. 4) -------------------------------------------------------------------------------- SRPMS: kdelibs-3.3.1-6.RHEL4.src.rpm d07aedc884e8060bb5cbadce17445170 IA-32: kdelibs-3.3.1-6.RHEL4.i386.rpm 39ca7148c5937f9884163764ade919c6 kdelibs-devel-3.3.1-6.RHEL4.i386.rpm d86a20d022f4ea51d8875b487c1c75da x86_64: kdelibs-3.3.1-6.RHEL4.i386.rpm 39ca7148c5937f9884163764ade919c6 kdelibs-3.3.1-6.RHEL4.x86_64.rpm 84bbed7e29aaab4bba60154ff934985c kdelibs-devel-3.3.1-6.RHEL4.x86_64.rpm cde349bab7f05a191e2d8cdbd150be65 Red Hat Enterprise Linux AS (v. 2.1) -------------------------------------------------------------------------------- SRPMS: kdelibs-2.2.2-21.EL2.src.rpm 7bb39d081bee9bfa1413e78c9ff0f2b3 IA-32: arts-2.2.2-21.EL2.i386.rpm e0ee638b0a77beb375bc060bfaca2641 kdelibs-2.2.2-21.EL2.i386.rpm 03967e80022cf2761be284aa53261e20 kdelibs-devel-2.2.2-21.EL2.i386.rpm 53a1ce03e3f18ef2cd2ebea9ed7435b7 kdelibs-sound-2.2.2-21.EL2.i386.rpm 2c25355a146310d01eef70852d00339a kdelibs-sound-devel-2.2.2-21.EL2.i386.rpm 47e69160a42afe9e96ea35ac0eac4c24 IA-64: arts-2.2.2-21.EL2.ia64.rpm f380e28d6a7d8fe6a9ad2b85db431afe kdelibs-2.2.2-21.EL2.ia64.rpm d36cf8ece25170b621ec363fdaf1c4d7 kdelibs-devel-2.2.2-21.EL2.ia64.rpm 00d5b7cea3e8180f4b75d12162939ffb kdelibs-sound-2.2.2-21.EL2.ia64.rpm d6df99d11aec63bd41fd1c4729500f33 kdelibs-sound-devel-2.2.2-21.EL2.ia64.rpm 294cbf6d4556abe209000a77fe7158c9 Red Hat Enterprise Linux AS (v. 3) -------------------------------------------------------------------------------- SRPMS: kdelibs-3.1.3-6.12.src.rpm cdeb513ec6b326e719373afb39420b92 IA-32: kdelibs-3.1.3-6.12.i386.rpm 403f8d641cfeda9efd11a3c977b8afe7 kdelibs-devel-3.1.3-6.12.i386.rpm 1d572edb05e3c2fe8c5d77941a568cb8 IA-64: kdelibs-3.1.3-6.12.i386.rpm 403f8d641cfeda9efd11a3c977b8afe7 kdelibs-3.1.3-6.12.ia64.rpm e82d1157966f70ecc76b52b24daf0e4e kdelibs-devel-3.1.3-6.12.ia64.rpm 53b498e76562c78677ecba5849c8fe1d PPC: kdelibs-3.1.3-6.12.ppc.rpm 21d58199f68c8397123a2588353804d4 kdelibs-3.1.3-6.12.ppc64.rpm 648937ed5e2debab9a20c359fd98366e kdelibs-devel-3.1.3-6.12.ppc.rpm a42a48b95f9a99818162c5935126b095 s390: kdelibs-3.1.3-6.12.s390.rpm 56c438a932ba65b4cd8cb5eb762c13e2 kdelibs-devel-3.1.3-6.12.s390.rpm a0d89f77b3bbea0645dd4a647fd54418 s390x: kdelibs-3.1.3-6.12.s390.rpm 56c438a932ba65b4cd8cb5eb762c13e2 kdelibs-3.1.3-6.12.s390x.rpm 95a04b9f581838eeb9a5a460888b395d kdelibs-devel-3.1.3-6.12.s390x.rpm 4900daf824ed5a24a7be87951abc7e46 x86_64: kdelibs-3.1.3-6.12.i386.rpm 403f8d641cfeda9efd11a3c977b8afe7 kdelibs-3.1.3-6.12.x86_64.rpm 05cddb98cc096807430e17eab725d811 kdelibs-devel-3.1.3-6.12.x86_64.rpm 2ec6fcb91b8cf102e915755dd08632bd Red Hat Enterprise Linux AS (v. 4) -------------------------------------------------------------------------------- SRPMS: kdelibs-3.3.1-6.RHEL4.src.rpm d07aedc884e8060bb5cbadce17445170 IA-32: kdelibs-3.3.1-6.RHEL4.i386.rpm 39ca7148c5937f9884163764ade919c6 kdelibs-devel-3.3.1-6.RHEL4.i386.rpm d86a20d022f4ea51d8875b487c1c75da IA-64: kdelibs-3.3.1-6.RHEL4.i386.rpm 39ca7148c5937f9884163764ade919c6 kdelibs-3.3.1-6.RHEL4.ia64.rpm e123583a0a21fb489563815c9c9d1868 kdelibs-devel-3.3.1-6.RHEL4.ia64.rpm 44fa4375f7b78e612f9b04b11d8bf8f5 PPC: kdelibs-3.3.1-6.RHEL4.ppc.rpm c18280f098ff9b6d99dd58ad51782041 kdelibs-3.3.1-6.RHEL4.ppc64.rpm 1c334f023c58a14d572454e9b45f1b2b kdelibs-devel-3.3.1-6.RHEL4.ppc.rpm 095995d375aa9760e4a4c1bdb9388634 s390: kdelibs-3.3.1-6.RHEL4.s390.rpm 85f41346ff63f6d21f39dd3febbec970 kdelibs-devel-3.3.1-6.RHEL4.s390.rpm 8ec078b136feb262c48b44ed36c5dc2e s390x: kdelibs-3.3.1-6.RHEL4.s390.rpm 85f41346ff63f6d21f39dd3febbec970 kdelibs-3.3.1-6.RHEL4.s390x.rpm 9e610b0137cce3c69aa0e07a937171e1 kdelibs-devel-3.3.1-6.RHEL4.s390x.rpm f9cbe45ea627ac1239568ec1a71052fb x86_64: kdelibs-3.3.1-6.RHEL4.i386.rpm 39ca7148c5937f9884163764ade919c6 kdelibs-3.3.1-6.RHEL4.x86_64.rpm 84bbed7e29aaab4bba60154ff934985c kdelibs-devel-3.3.1-6.RHEL4.x86_64.rpm cde349bab7f05a191e2d8cdbd150be65 Red Hat Enterprise Linux ES (v. 2.1) -------------------------------------------------------------------------------- SRPMS: kdelibs-2.2.2-21.EL2.src.rpm 7bb39d081bee9bfa1413e78c9ff0f2b3 IA-32: arts-2.2.2-21.EL2.i386.rpm e0ee638b0a77beb375bc060bfaca2641 kdelibs-2.2.2-21.EL2.i386.rpm 03967e80022cf2761be284aa53261e20 kdelibs-devel-2.2.2-21.EL2.i386.rpm 53a1ce03e3f18ef2cd2ebea9ed7435b7 kdelibs-sound-2.2.2-21.EL2.i386.rpm 2c25355a146310d01eef70852d00339a kdelibs-sound-devel-2.2.2-21.EL2.i386.rpm 47e69160a42afe9e96ea35ac0eac4c24 Red Hat Enterprise Linux ES (v. 3) -------------------------------------------------------------------------------- SRPMS: kdelibs-3.1.3-6.12.src.rpm cdeb513ec6b326e719373afb39420b92 IA-32: kdelibs-3.1.3-6.12.i386.rpm 403f8d641cfeda9efd11a3c977b8afe7 kdelibs-devel-3.1.3-6.12.i386.rpm 1d572edb05e3c2fe8c5d77941a568cb8 IA-64: kdelibs-3.1.3-6.12.i386.rpm 403f8d641cfeda9efd11a3c977b8afe7 kdelibs-3.1.3-6.12.ia64.rpm e82d1157966f70ecc76b52b24daf0e4e kdelibs-devel-3.1.3-6.12.ia64.rpm 53b498e76562c78677ecba5849c8fe1d x86_64: kdelibs-3.1.3-6.12.i386.rpm 403f8d641cfeda9efd11a3c977b8afe7 kdelibs-3.1.3-6.12.x86_64.rpm 05cddb98cc096807430e17eab725d811 kdelibs-devel-3.1.3-6.12.x86_64.rpm 2ec6fcb91b8cf102e915755dd08632bd Red Hat Enterprise Linux ES (v. 4) -------------------------------------------------------------------------------- SRPMS: kdelibs-3.3.1-6.RHEL4.src.rpm d07aedc884e8060bb5cbadce17445170 IA-32: kdelibs-3.3.1-6.RHEL4.i386.rpm 39ca7148c5937f9884163764ade919c6 kdelibs-devel-3.3.1-6.RHEL4.i386.rpm d86a20d022f4ea51d8875b487c1c75da IA-64: kdelibs-3.3.1-6.RHEL4.i386.rpm 39ca7148c5937f9884163764ade919c6 kdelibs-3.3.1-6.RHEL4.ia64.rpm e123583a0a21fb489563815c9c9d1868 kdelibs-devel-3.3.1-6.RHEL4.ia64.rpm 44fa4375f7b78e612f9b04b11d8bf8f5 x86_64: kdelibs-3.3.1-6.RHEL4.i386.rpm 39ca7148c5937f9884163764ade919c6 kdelibs-3.3.1-6.RHEL4.x86_64.rpm 84bbed7e29aaab4bba60154ff934985c kdelibs-devel-3.3.1-6.RHEL4.x86_64.rpm cde349bab7f05a191e2d8cdbd150be65 Red Hat Enterprise Linux WS (v. 2.1) -------------------------------------------------------------------------------- SRPMS: kdelibs-2.2.2-21.EL2.src.rpm 7bb39d081bee9bfa1413e78c9ff0f2b3 IA-32: arts-2.2.2-21.EL2.i386.rpm e0ee638b0a77beb375bc060bfaca2641 kdelibs-2.2.2-21.EL2.i386.rpm 03967e80022cf2761be284aa53261e20 kdelibs-devel-2.2.2-21.EL2.i386.rpm 53a1ce03e3f18ef2cd2ebea9ed7435b7 kdelibs-sound-2.2.2-21.EL2.i386.rpm 2c25355a146310d01eef70852d00339a kdelibs-sound-devel-2.2.2-21.EL2.i386.rpm 47e69160a42afe9e96ea35ac0eac4c24 Red Hat Enterprise Linux WS (v. 3) -------------------------------------------------------------------------------- SRPMS: kdelibs-3.1.3-6.12.src.rpm cdeb513ec6b326e719373afb39420b92 IA-32: kdelibs-3.1.3-6.12.i386.rpm 403f8d641cfeda9efd11a3c977b8afe7 kdelibs-devel-3.1.3-6.12.i386.rpm 1d572edb05e3c2fe8c5d77941a568cb8 IA-64: kdelibs-3.1.3-6.12.i386.rpm 403f8d641cfeda9efd11a3c977b8afe7 kdelibs-3.1.3-6.12.ia64.rpm e82d1157966f70ecc76b52b24daf0e4e kdelibs-devel-3.1.3-6.12.ia64.rpm 53b498e76562c78677ecba5849c8fe1d x86_64: kdelibs-3.1.3-6.12.i386.rpm 403f8d641cfeda9efd11a3c977b8afe7 kdelibs-3.1.3-6.12.x86_64.rpm 05cddb98cc096807430e17eab725d811 kdelibs-devel-3.1.3-6.12.x86_64.rpm 2ec6fcb91b8cf102e915755dd08632bd Red Hat Enterprise Linux WS (v. 4) -------------------------------------------------------------------------------- SRPMS: kdelibs-3.3.1-6.RHEL4.src.rpm d07aedc884e8060bb5cbadce17445170 IA-32: kdelibs-3.3.1-6.RHEL4.i386.rpm 39ca7148c5937f9884163764ade919c6 kdelibs-devel-3.3.1-6.RHEL4.i386.rpm d86a20d022f4ea51d8875b487c1c75da IA-64: kdelibs-3.3.1-6.RHEL4.i386.rpm 39ca7148c5937f9884163764ade919c6 kdelibs-3.3.1-6.RHEL4.ia64.rpm e123583a0a21fb489563815c9c9d1868 kdelibs-devel-3.3.1-6.RHEL4.ia64.rpm 44fa4375f7b78e612f9b04b11d8bf8f5 x86_64: kdelibs-3.3.1-6.RHEL4.i386.rpm 39ca7148c5937f9884163764ade919c6 kdelibs-3.3.1-6.RHEL4.x86_64.rpm 84bbed7e29aaab4bba60154ff934985c kdelibs-devel-3.3.1-6.RHEL4.x86_64.rpm cde349bab7f05a191e2d8cdbd150be65 Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor -------------------------------------------------------------------------------- SRPMS: kdelibs-2.2.2-21.EL2.src.rpm 7bb39d081bee9bfa1413e78c9ff0f2b3 IA-64: arts-2.2.2-21.EL2.ia64.rpm f380e28d6a7d8fe6a9ad2b85db431afe kdelibs-2.2.2-21.EL2.ia64.rpm d36cf8ece25170b621ec363fdaf1c4d7 kdelibs-devel-2.2.2-21.EL2.ia64.rpm 00d5b7cea3e8180f4b75d12162939ffb kdelibs-sound-2.2.2-21.EL2.ia64.rpm d6df99d11aec63bd41fd1c4729500f33 kdelibs-sound-devel-2.2.2-21.EL2.ia64.rpm 294cbf6d4556abe209000a77fe7158c9 (The unlinked packages above are only available from the Red Hat Network) Bugs fixed (see bugzilla for more information) 210742 - CVE-2006-4811 qt integer overflow References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4811 http://www.redhat.com/security/updates/classification/#critical -------------------------------------------------------------------------------- These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from: https://www.redhat.com/security/team/key/#package The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/ [***** End Red Hat RHSA-2006:0720-5 *****] _______________________________________________________________________________ CIAC wishes to acknowledge the contributions of Red Hat for the information contained in this bulletin. _______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 (7x24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) R-009: Vulnerabilities in Microsoft Excel R-010: Vulnerabilities in Microsoft Word R-011: Vulnerabilities in Microsoft XML Core Services R-012: Vulnerabilities in Microsoft Office R-013: Vulnerability in ASP.NET 2.0 R-014: Vulnerability in Windows Object Packager R-015: Patch available for ColdFusion MX 7 R-016: HP Version Control Agent R-017: TrendMicro OfficeScan R-018: Vulnerability in the Netscape Portable Runtime API