lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070329031212.GO27744@outflux.net>
Date: Wed, 28 Mar 2007 20:12:12 -0700
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [Full-disclosure] [USN-447-1] KDE library vulnerabilities

=========================================================== 
Ubuntu Security Notice USN-447-1             March 28, 2007
kdelibs vulnerabilities
CVE-2007-1308, CVE-2007-1564
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  kdelibs4c2                               4:3.4.3-0ubuntu2.3

Ubuntu 6.06 LTS:
  kdelibs4c2a                              4:3.5.2-0ubuntu18.3

Ubuntu 6.10:
  kdelibs4c2a                              4:3.5.5-0ubuntu3.1.1

After a standard system upgrade you need to restart your session or 
reboot your computer to effect the necessary changes.

Details follow:

It was discovered that Konqueror did not correctly handle iframes from 
JavaScript.  If a user were tricked into visiting a malicious website, 
Konqueror could crash, resulting in a denial of service. (CVE-2007-1308)

A flaw was discovered in how Konqueror handled PASV FTP responses.  If a 
user were tricked into visiting a malicious FTP server, a remote 
attacker could perform a port-scan of machines within the user's 
network, leading to private information disclosure. (CVE-2007-1564)


Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3-0ubuntu2.3.diff.gz
      Size/MD5:   331196 ce7f5a5b496c96f6fa211dbcfca57441
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3-0ubuntu2.3.dsc
      Size/MD5:     1523 207ff389d7fc01840f45c6d67cb213ec
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3.orig.tar.gz
      Size/MD5: 19981388 36e7a8320bd95760b41c4849da170100

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.4.3-0ubuntu2.3_all.deb
      Size/MD5:  6970532 585c27304d3c6c72abfff3c850c35878
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.4.3-0ubuntu2.3_all.deb
      Size/MD5: 29297968 7cba2912be78dbcda4f962598faa47f0
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3-0ubuntu2.3_all.deb
      Size/MD5:    30798 f32995f468d8e55069bb3a9ed3875df3

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.3_amd64.deb
      Size/MD5:   926398 bc31b7ee86b7954a1d7cd160e31368c9
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.3_amd64.deb
      Size/MD5:  1309130 87ffea47867a7d4cdd47252aacc5318a
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.3_amd64.deb
      Size/MD5: 22556030 8363ad9b98e94e483c30fdaaf9b16ece
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.3_amd64.deb
      Size/MD5:  9109046 256b4b9e268d3a196842b94b3291f95f

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.3_i386.deb
      Size/MD5:   814386 e4773b83a7310ceff213428bd6c2945b
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.3_i386.deb
      Size/MD5:  1305728 c2d0974505f004f846129c00c30c95f5
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.3_i386.deb
      Size/MD5: 19412132 1699509bc7a95fbba0c742cbab1976d5
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.3_i386.deb
      Size/MD5:  8073460 b21d7e26c0cd1c1c911c3ff9f3babaa4

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.3_powerpc.deb
      Size/MD5:   909612 e5f632d2bfced6e73551f347d022dc18
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.3_powerpc.deb
      Size/MD5:  1310506 9949361c1d6176e1cff690088008ec22
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.3_powerpc.deb
      Size/MD5: 22765996 e81bc470ff3df6e4d244e536f2cafb0d
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.3_powerpc.deb
      Size/MD5:  8433692 a1a98ca53909d3640c93676752caff9f

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.3_sparc.deb
      Size/MD5:   830600 689a9978f15d3c983cf46fb3d1c99618
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.3_sparc.deb
      Size/MD5:  1307072 f8d6b6c5449f9231816e8a32af2d6217
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.3_sparc.deb
      Size/MD5: 20031914 b54bf0169aec254ae7dae1166e556a9b
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.3_sparc.deb
      Size/MD5:  8241016 515a47bebc8cdd8260e1f2c029e54b0f

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2-0ubuntu18.3.diff.gz
      Size/MD5:   479021 9dfa61a0bc7ac2fa9e231a73f90b907a
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2-0ubuntu18.3.dsc
      Size/MD5:     1609 77a9c85e3eb5c02d2d0c9fed9656218e
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2.orig.tar.gz
      Size/MD5: 18775353 00c878d449522fb8aa2769a4c5ae1fde

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.2-0ubuntu18.3_all.deb
      Size/MD5:  7083776 90b57cb50d0266b46e20345ac1d8f20f
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.5.2-0ubuntu18.3_all.deb
      Size/MD5: 41490386 521920d9adb4f6ef4c8ce376e6638515
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2-0ubuntu18.3_all.deb
      Size/MD5:    35864 877501467e0b55629e9319566acdc0c8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.3_amd64.deb
      Size/MD5:   925354 639051a9d7bc46191f512f259c48cced
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.3_amd64.deb
      Size/MD5: 26450698 05a2e717c1cafaf96db5a6c64c3ee638
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.3_amd64.deb
      Size/MD5:  1355770 079efed78b8e8fc0e9876a892d8f893d
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.3_amd64.deb
      Size/MD5:  9407130 92d094a26b99e85e0047a1beb703ac4d

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.3_i386.deb
      Size/MD5:   815310 0515acdcfa95b11e6765d4fd9e2172fd
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.3_i386.deb
      Size/MD5: 22926532 d68e2b4ff9a8a7e1ae5fd69a6369bbb0
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.3_i386.deb
      Size/MD5:  1352408 a7bc277da74649b4b08d0f11a38733fc
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.3_i386.deb
      Size/MD5:  8334392 f02366d3218c6724a46ed5168d97c24f

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.3_powerpc.deb
      Size/MD5:   905906 b45f51d9ec980e5fe822dc0302553885
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.3_powerpc.deb
      Size/MD5: 26718690 230f4ec07811aa3f0bb2e9ad1b5ec9a1
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.3_powerpc.deb
      Size/MD5:  1357064 574761f420cb663e2b4b8f0d3cb7db89
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.3_powerpc.deb
      Size/MD5:  8689446 68365b5320ca9ebbe2348bab087470b6

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.3_sparc.deb
      Size/MD5:   827102 d8022db2b9c2d51c6b69cf635034eaba
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.3_sparc.deb
      Size/MD5: 23625198 13060539cbaf2cc18b3875a8cca8c51a
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.3_sparc.deb
      Size/MD5:  1353460 e466a3169125c515003d0aaabc0f17db
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.3_sparc.deb
      Size/MD5:  8491674 1aa5103c6c27263aedc32bcca922e387

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.5-0ubuntu3.1.1.diff.gz
      Size/MD5:   735321 5f4e1c600ca46b5bafffb74bd9c1ca43
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.5-0ubuntu3.1.1.dsc
      Size/MD5:     1695 5120fc144d7f0ecfa1092dfa4ef8626a
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.5.orig.tar.gz
      Size/MD5: 18926397 65e455d5814142ee992097230ffe7e80

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.5-0ubuntu3.1.1_all.deb
      Size/MD5:  7210740 63aeab1a13af3105206cfcb2f2dbe4a9
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.5.5-0ubuntu3.1.1_all.deb
      Size/MD5: 39976638 124f2ff227334b94bd4492b899b44c97
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.5-0ubuntu3.1.1_all.deb
      Size/MD5:    37844 b673fdd085cc8e3d1c129329a01732a7

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.5-0ubuntu3.1.1_amd64.deb
      Size/MD5: 27051530 425179ee6a693470307c8624e0e48ebe
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.5-0ubuntu3.1.1_amd64.deb
      Size/MD5:  1345564 0df85adcb1dc05c49c3567e8db7bda6e
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.5-0ubuntu3.1.1_amd64.deb
      Size/MD5: 10401504 53c0bb19f218d73a5a438b27c54425cc

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.5-0ubuntu3.1.1_i386.deb
      Size/MD5: 26229274 42824c9e1e8e6286ed540704c79f1bb8
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.5-0ubuntu3.1.1_i386.deb
      Size/MD5:  1343204 f5ccf2868db42e8681b904106f422239
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.5-0ubuntu3.1.1_i386.deb
      Size/MD5:  9555020 93cc1bea30af44762420bb7b712a5481

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.5-0ubuntu3.1.1_powerpc.deb
      Size/MD5: 28018770 68b00882eac1afcbe6a401f4a26dfac8
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.5-0ubuntu3.1.1_powerpc.deb
      Size/MD5:  1347248 694c63ed6a07b52221a1df1e6dde2952
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.5-0ubuntu3.1.1_powerpc.deb
      Size/MD5:  9782202 0cd4fe24395cbb619444806c7d17925f

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.5-0ubuntu3.1.1_sparc.deb
      Size/MD5: 25365716 87cf32e98d46a76d8b764fa738552f3a
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.5-0ubuntu3.1.1_sparc.deb
      Size/MD5:  1343252 6666efa441a2c2e114f9f95ca4acf187
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.5-0ubuntu3.1.1_sparc.deb
      Size/MD5:  9473036 1c711fe9ed9e4bf29f9d467adabc25dc


Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ