lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1GadHE-00011l-Uv@mercury.mandriva.com>
Date: Thu, 19 Oct 2006 13:10:00 -0600
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDKSA-2006:186 ] - Updated kdelibs packages fix KHTML vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:186
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : kdelibs
 Date    : October 19, 2006
 Affected: 2007.0, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 A vulnerability was discovered in the way that Qt handled pixmap images
 and the KDE khtml library used Qt in such a way that untrusted
 parameters could be passed to Qt, resulting in an integer overflow. 
 This flaw could be exploited by a remote attacker in a malicious
 website that, when viewed by an individual using Konqueror, would cause
 Konqueror to crash or possibly execute arbitrary code with the
 privileges of the user.

 Updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4811
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 0468fedc69128d4967771b9132b756f4  2007.0/i586/kdelibs-common-3.5.4-19.1mdv2007.0.i586.rpm
 2dc30948c1fdce7e25d9b7a8a9379e51  2007.0/i586/kdelibs-devel-doc-3.5.4-19.1mdv2007.0.i586.rpm
 7c637c18db5254991e86662b4d0a3dbd  2007.0/i586/libkdecore4-3.5.4-19.1mdv2007.0.i586.rpm
 2990a2078b4971d5b3fff5a8282834aa  2007.0/i586/libkdecore4-devel-3.5.4-19.1mdv2007.0.i586.rpm 
 de92b184fd62a8aa54278c0a7aeb5f43  2007.0/SRPMS/kdelibs-3.5.4-19.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 e067573bb458b0606e19c8950fedb860  2007.0/x86_64/kdelibs-common-3.5.4-19.1mdv2007.0.x86_64.rpm
 5143af28520ea05d50bc07a92523bf5a  2007.0/x86_64/kdelibs-devel-doc-3.5.4-19.1mdv2007.0.x86_64.rpm
 452cd5fe9b000d31911cc8b19dbed9ca  2007.0/x86_64/lib64kdecore4-3.5.4-19.1mdv2007.0.x86_64.rpm
 22e66d820ad6e94c332df514e756b06c  2007.0/x86_64/lib64kdecore4-devel-3.5.4-19.1mdv2007.0.x86_64.rpm 
 de92b184fd62a8aa54278c0a7aeb5f43  2007.0/SRPMS/kdelibs-3.5.4-19.1mdv2007.0.src.rpm

 Corporate 3.0:
 692f918e3e7acbe933684d973261ca0c  corporate/3.0/i586/kdelibs-common-3.2-36.16.C30mdk.i586.rpm
 8537e316e30762eb2420e0c2412ffaf8  corporate/3.0/i586/libkdecore4-3.2-36.16.C30mdk.i586.rpm
 37d09cd7b937ac25e98b87fe4161bfe1  corporate/3.0/i586/libkdecore4-devel-3.2-36.16.C30mdk.i586.rpm 
 815b64f8f6d1309414fa128ff049fa8a  corporate/3.0/SRPMS/kdelibs-3.2-36.16.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 80f41ba7cab5c29812574b255487ff75  corporate/3.0/x86_64/kdelibs-common-3.2-36.16.C30mdk.x86_64.rpm
 690b32020e45a8f1e1d7cff8dc3d342b  corporate/3.0/x86_64/lib64kdecore4-3.2-36.16.C30mdk.x86_64.rpm
 39f37ea645b542dfd872b015d7b2db53  corporate/3.0/x86_64/lib64kdecore4-devel-3.2-36.16.C30mdk.x86_64.rpm
 8537e316e30762eb2420e0c2412ffaf8  corporate/3.0/x86_64/libkdecore4-3.2-36.16.C30mdk.i586.rpm 
 815b64f8f6d1309414fa128ff049fa8a  corporate/3.0/SRPMS/kdelibs-3.2-36.16.C30mdk.src.rpm

 Corporate 4.0:
 3561f4ec95d79ede9284cb1ff897681b  corporate/4.0/i586/kdelibs-arts-3.5.4-1.2.20060mlcs4.i586.rpm
 3e19560491f720fd9034a95dfb4f529d  corporate/4.0/i586/kdelibs-common-3.5.4-1.2.20060mlcs4.i586.rpm
 633e83e144a3a0daa1057ecae48a0991  corporate/4.0/i586/kdelibs-devel-doc-3.5.4-1.2.20060mlcs4.i586.rpm
 853c0d7af1b8515c9226eb3ff1ae0e52  corporate/4.0/i586/libkdecore4-3.5.4-1.2.20060mlcs4.i586.rpm
 ffe121c5ed1528769d981a5b5d526b81  corporate/4.0/i586/libkdecore4-devel-3.5.4-1.2.20060mlcs4.i586.rpm 
 52f9f74e64bf4da50df95c02d350fa11  corporate/4.0/SRPMS/kdelibs-3.5.4-1.2.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 6ad107993dc8ba3726eb47bb087393e4  corporate/4.0/x86_64/kdelibs-arts-3.5.4-1.2.20060mlcs4.x86_64.rpm
 4be667bf1d745fedc81314d697e3320a  corporate/4.0/x86_64/kdelibs-common-3.5.4-1.2.20060mlcs4.x86_64.rpm
 a1480b53dcf74c2af2c044c0da4b45d7  corporate/4.0/x86_64/kdelibs-devel-doc-3.5.4-1.2.20060mlcs4.x86_64.rpm
 e40a8bb434849c3976ba57f1e52ba78e  corporate/4.0/x86_64/lib64kdecore4-3.5.4-1.2.20060mlcs4.x86_64.rpm
 4e488a23bad70524ef7d731b834cbe50  corporate/4.0/x86_64/lib64kdecore4-devel-3.5.4-1.2.20060mlcs4.x86_64.rpm 
 52f9f74e64bf4da50df95c02d350fa11  corporate/4.0/SRPMS/kdelibs-3.5.4-1.2.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFN6HxmqjQ0CJFipgRAlhPAJ9upOtzc8Tca3AdO3yKvA5NbUPyDwCgujf4
3inMK/Y7xE5b7lQ2ONGuD0I=
=dWxU
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ