[SECURITY] Fedora 7 Update: kdebase-3.5.8-3.fc7

Tue Nov 13 00:05:02 UTC 2007

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-2985
2007-11-13 00:00:37.754783
--------------------------------------------------------------------------------

Name        : kdebase
Product     : Fedora 7
Version     : 3.5.8
Release     : 3.fc7
URL         : http://www.kde.org
Summary     : K Desktop Environment - core files
Description :
Core applications for the K Desktop Environment.  Included are: kdm
(replacement for xdm), kwin (window manager), konqueror (filemanager,
web browser, ftp client, ...), konsole (xterm replacement), kpanel
(application starter and desktop pager), kaudio (audio server),
kdehelp (viewer for kde help files, info and man pages), kthememgr
(system for managing alternate theme packages) plus other KDE
components (kcheckpass, kikbd, kscreensaver, kcontrol, kfind,
kfontmanager, kmenuedit).

--------------------------------------------------------------------------------
Update Information:

This is an update to the latest kde-3.5.8 release.  For more details, see
http://kde.org/announcements/announce-3.5.8.php

This also addresses a security issue in kpdf, that can cause crashes or possibly execute arbitrary code, see
http://www.kde.org/info/security/advisory-20071107-1.txt
--------------------------------------------------------------------------------
ChangeLog:

* Mon Oct 15 2007 Rex Dieter <rdieter[AT]fedoraproject.org> - 6:3.5.8-3
- respin (for openexr-1.6.0)
- -libs: %post/%postun /sbin/ldconfig (f8+)
* Sat Oct 13 2007 Rex Dieter <rdieter[AT]fedoraproject.org> - 6:3.5.8-2
- update consolekit patch
- omit konsole-bz#244906 (doesn't build)
- --enable-final
- libs subpkg (more multilib friendly) (f8+)
* Sat Oct 13 2007 Rex Dieter <rdieter[AT]fedoraproject.org> - 6:3.5.8-1
- kde-3.5.8
* Wed Oct  3 2007 Rex Dieter <rdieter[AT]fedoraproject.org> - 6:3.5.7-17
- Requires: findutils which (#312611)
* Tue Oct  2 2007 Than Ngo <than at redhat.com> - 6:3.5.7-16
- rh#299731, CVE-2007-4569
* Thu Sep 27 2007 Than Ngo <than at redhat.com> - 6:3.5.7-15
- rh#301841, "Root Shell" sessions will not close
* Thu Aug 30 2007 Than Ngo <than at redhat.com> - 6:3.5.7-14
- fix bz#265801, fuser command not found by kio_media_mounthelper
* Wed Aug 15 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 6:3.5.7-13
- CVE-2007-3820, CVE-2007-4224, CVE-2007-4225
- License: GPLv2
- Requires: kdelibs3(-devel)
* Fri Jul 20 2007 Rex Dieter <rdieter[AT]fedoraproject.org> - 6:3.5.7-12
- fix unpackaged files
* Fri Jul 20 2007 Rex Dieter <rdieter[AT]fedoraproject.org> - 6:3.5.7-9
- %ifnarch s390 s390x: BR: lm_sensors
* Thu Jul 19 2007 Rex Dieter <rdieter[AT]fedoraproject.org> - 6:3.5.7-7
- omit dirs owned by kde-filesystem
* Mon Jul  2 2007 Than Ngo <than at redhat.com> - 6:3.5.7-6
- fix bz#244906
* Wed Jun 20 2007 Rex Dieter <rdieter[AT]fedoraproject.org> - 6:3.5.7-5
- Provides: kdebase3(-devel)
* Wed Jun 20 2007 Rex Dieter <rdieter[AT]fedoraproject.org> - 6:3.5.7-4
- -devel: Requires: %name... 
- portability++
* Fri Jun 15 2007 Rex Dieter <rdieter[AT]fedoraproject.org> - 6:3.5.7-3
- specfile portability
* Mon Jun 11 2007 Rex Dieter <rdieter[AT]fedoraproject.org> - 6:3.5.7-2
- fix BR: kdelibs-devel
- cleanup Req's wrt kde-settings
* Mon Jun 11 2007 Than Ngo <than at redhat.com> -  6:3.5.7-1.fc7.1
- remove kdebase-3.4.2-npapi-64bit-fixes.patch, it's included
  in new upstream
* Wed Jun  6 2007 Than Ngo <than at redhat.com> -  6:3.5.7-0.1
- 3.5.7
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #352391 - kdepim: compacting mbox shows empty folder
        https://bugzilla.redhat.com/show_bug.cgi?id=352391
  [ 2 ] Bug #372561 - CVE-2007-4352 CVE-2007-5392 CVE-2007-5393 Multiple kdegraphics vulnerabilities [f7]
        https://bugzilla.redhat.com/show_bug.cgi?id=372561
  [ 3 ] Bug #377321 - Broken upgrade path: kdelibs3 >= 3.5.8 is needed by package koffice-libs
        https://bugzilla.redhat.com/show_bug.cgi?id=377321
  [ 4 ] CVE-2007-4352
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
  [ 5 ] CVE-2007-5392
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
  [ 6 ] CVE-2007-5393
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393
--------------------------------------------------------------------------------
Updated packages:

efd8508bd2e1bb47f2146a468163d795e30ede47 kdebase-devel-3.5.8-3.fc7.ppc64.rpm
139963dbab720399774d2c0052ac3997e2c78196 kdebase-3.5.8-3.fc7.ppc64.rpm
a94e2d7cf593e666f129ea35ded9349b8a13b4a4 kdebase-debuginfo-3.5.8-3.fc7.ppc64.rpm
8d4e3510f48f7c3f347d5ff43c9fd898942169ae kdebase-extras-3.5.8-3.fc7.ppc64.rpm
6f382d6d9b686f2fa41c33c4b582942315de8dee kdebase-3.5.8-3.fc7.i386.rpm
87f9e031f1657e76892d1aa9148a93222d45007e kdebase-extras-3.5.8-3.fc7.i386.rpm
e76b4dc88a4aa3785b2c9048d04cb72cd269a31b kdebase-devel-3.5.8-3.fc7.i386.rpm
3ef18e75a3ca0d5fba4acd1ff5d402ea63241f18 kdebase-debuginfo-3.5.8-3.fc7.i386.rpm
c10edf1fef77fa85e24f4a823365ce091cbb4220 kdebase-debuginfo-3.5.8-3.fc7.x86_64.rpm
2c586f595f75b339d7980979836d441d68536691 kdebase-3.5.8-3.fc7.x86_64.rpm
2b97521eb3b5be1424f586440ed05c1d47e052a7 kdebase-devel-3.5.8-3.fc7.x86_64.rpm
6f1bd0f507b4a6d74737e68b0e9b7aef8bdb2a42 kdebase-extras-3.5.8-3.fc7.x86_64.rpm
d9c185f49b23f527928b279158105c9a93cbfdfb kdebase-3.5.8-3.fc7.ppc.rpm
27aa126fbdea772ed5caaccc26ee22eeb9561318 kdebase-extras-3.5.8-3.fc7.ppc.rpm
9220e75e2f9834dcc0552cc6a77ff894a2beddfa kdebase-debuginfo-3.5.8-3.fc7.ppc.rpm
496162b29ef39599b5a3850ce85a854279488a2a kdebase-devel-3.5.8-3.fc7.ppc.rpm
20f68972749c40d2584ffdd0684636a4d64c5aba kdebase-3.5.8-3.fc7.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update kdebase' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------