kdelibs security update

Synopsis

kdelibs security update

Type/Severity

Security Advisory: Moderate

Topic

Updated kdelibs packages are now available for Red Hat Enterprise Linux 4.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

Description

kdelibs contains libraries for the K Desktop Environment.

A flaw was discovered affecting Kate, the KDE advanced text editor, and
Kwrite. Depending on system settings, it may be possible for a local user
to read the backup files created by Kate or Kwrite. The Common
Vulnerabilities and Exposures project assigned the name CAN-2005-1920 to
this issue.

Please note this issue does not affect Red Hat Enterprise Linux 3 or 2.1.

Users of Kate or Kwrite should update to these errata packages which
contains a backported patch from the KDE security team correcting this issue.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Affected Products

• Red Hat Enterprise Linux Server 4 x86_64
• Red Hat Enterprise Linux Server 4 ia64
• Red Hat Enterprise Linux Server 4 i386
• Red Hat Enterprise Linux Workstation 4 x86_64
• Red Hat Enterprise Linux Workstation 4 ia64
• Red Hat Enterprise Linux Workstation 4 i386
• Red Hat Enterprise Linux Desktop 4 x86_64
• Red Hat Enterprise Linux Desktop 4 i386
• Red Hat Enterprise Linux for IBM z Systems 4 s390x
• Red Hat Enterprise Linux for IBM z Systems 4 s390
• Red Hat Enterprise Linux for Power, big endian 4 ppc

Fixes

• BZ - 163130 - CAN-2005-1920 Kate backup file permissions leak

CVEs

• CVE-2005-1920

References

• http://www.kde.org/info/security/advisory-20050718-1.txt