Product SiteDocumentation Site

1.87. kdelibs

1.87.1. RHBA-2009:1464: bug fix update


This update has already been released (prior to the GA of this release) as errata RHBA-2009:1464
Updated kdelibs packages that fix the bugs are now available.
The kdelibs packages contain a set of common libraries used by all applications written for the K Desktop Environment (KDE). kdelibs includes kdecore (KDE core library); kdeui (user interface); kfm (file manager); khtmlw (HTML widget); kio (input/output and networking); kspell (spelling checker); jscript (javascript); kab (addressbook); and kimgio (image manipulation).
This update addresses the following issue:
* the shell script used the keyword "source". The pdksh (Public Domain Korn SHell) package, a new package in Red Hat Enterprise Linux 5.4, does not recognize the "source" keyword in shell scripts. Consequently, if pdksh was used as the shell on systems with KDE installed, the following error message was returned in login shells:
ksh: /etc/profile.d/[7]: source: not found
The shell script in this update has been edited with "source" replaced by "." The full stop keyword (.) is an alias for "source" in Bourne-compatible shells, including pdksh. Once installed, KDE users running the pdksh shell will no longer get the above error message. (BZ#523968)
Note: this bug was a known issue at the release of Red Hat Enterprise Linux 5.4 and a manual version of the fix included in this update was documented in the Red Hat Enterprise Linux 5.4 Technical Notes: tes/Known_Issues-pdksh.html
If /etc/profile.d/ already exists, the new version included with this update is installed as /etc/profile.d/
Therefore, on systems where an extant has been manually edited as per the Red Hat Enterprise Linux 5.4 Technical Notes, the manual fix is retained.
On systems where already exists and the workaround has not been applied, however, installing this update does not, of itself, implement the fix. After installation on such systems, renaming and as follows will implement the fix:
cp /etc/profile.d/ /etc/profile.d/ cp /etc/profile.d/ /etc/profile.d/
All KDE and pdksh users should install this updated package which fixes this bug.

1.87.2. RHSA-2009:1601: Critical security update


This update has already been released (prior to the GA of this release) as the security errata RHSA-2009:1601
Updated kdelibs packages that fix one security issue are now available for Red Hat Enterprise Linux 4 and 5.
This update has been rated as having critical security impact by the Red Hat Security Response Team.
The kdelibs packages provide libraries for the K Desktop Environment (KDE).
A buffer overflow flaw was found in the kdelibs string to floating point conversion routines. A web page containing malicious JavaScript could crash Konqueror or, potentially, execute arbitrary code with the privileges of the user running Konqueror. (CVE-2009-0689)
Users should upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect.

Note: This documentation is provided {and copyrighted} by Red Hat®, Inc. and is released via the Open Publication License. The copyright holder has added the further requirement that Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright holder. The CentOS project redistributes these original works (in their unmodified form) as a reference for CentOS-5 because CentOS-5 is built from publicly available, open source SRPMS. The documentation is unmodified to be compliant with upstream distribution policy. Neither CentOS-5 nor the CentOS Project are in any way affiliated with or sponsored by Red Hat®, Inc.