lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 19 Aug 2009 22:33:14 +1000 (EST)
From: (Steffen Joeris)
Subject: [SECURITY] [DSA 1868-1] New kde4libs packages fix several vulnerabilities

Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1868-1                              Steffen Joeris
August 19, 2009             
- ------------------------------------------------------------------------

Package        : kde4libs                             
Vulnerability  : several vulnerabilities              
Problem type   : local (remote)                       
Debian-specific: no
CVE Ids        : CVE-2009-1690 CVE-2009-1698 CVE-2009-1687
Debian Bugs    : 534949

Several security issues have been discovered in kde4libs, core libraries
for all KDE 4 applications. The Common Vulnerabilities and Exposures
project identifies the following problems:


It was discovered that there is a use-after-free flaw in handling
certain DOM event handlers. This could lead to the execution of
arbitrary code, when visiting a malicious website.


It was discovered that there could be an uninitialised pointer when
handling a Cascading Style Sheets (CSS) attr function call. This could
lead to the execution of arbitrary code, when visiting a malicious


It was discovered that the JavaScript garbage collector does not handle
allocation failures properly, which could lead to the execution of
arbitrary code when visiting a malicious website.

For the stable distribution (lenny), these problems have been fixed in
version 4:4.1.0-3+lenny1.

The oldstable distribution (etch) does not contain kde4libs.

For the testing distribution (squeeze), these problems will be fixed

For the unstable distribution (sid), these problems have been fixed in
version 4:4.3.0-1.

We recommend that you upgrade your kde4libs packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:
    Size/MD5 checksum:     2149 7bc7675c4aa9e7afd4fa3f83b3f95810
    Size/MD5 checksum:    91423 ecc50e9bedff96a3285a031141ea15d6
    Size/MD5 checksum: 11264345 05487ff0cbc3da093f19e59184b259c7

Architecture independent packages:
    Size/MD5 checksum:  3140792 47debc16cde2c9a927252ef09d89c1a3

alpha architecture (DEC Alpha)
    Size/MD5 checksum:   485854 b888554c3d2658b0af3abfa842c58588
    Size/MD5 checksum: 67441346 e6d761db09e246d88139e3416de56611
    Size/MD5 checksum:  1468330 b8c3ce39505d2532f2c5d7fc83de01d8
    Size/MD5 checksum: 11132464 6b307db1dd606a5fbbad60745cf51236

amd64 architecture (AMD x86_64 (AMD64))
    Size/MD5 checksum:   450758 dc184603a57dc4bbcedde957086463c3
    Size/MD5 checksum: 65872658 3bc3de5af3ff3722bd7817b6c4a4c4d4
    Size/MD5 checksum: 10078022 aec949a2390e430248089ebb3790ed78
    Size/MD5 checksum:  1454348 51a11bc442e5155ee37bc276c2cb025e

arm architecture (ARM)
    Size/MD5 checksum:   445060 4c9f86c771e9d24459fc1a1369b19d1c
    Size/MD5 checksum: 67062788 8ead631de22e777ac573400dc7829728
    Size/MD5 checksum:  1501464 e90a472bd53283512dda2c5522b1e779
    Size/MD5 checksum: 10159066 44dc0551f1664e6775cca2fc2e9568c8

hppa architecture (HP PA RISC)
    Size/MD5 checksum:   468294 71da7f31e8f21706831abfb597d6c161
    Size/MD5 checksum: 11272148 eae478aac58c1e84cb57c9244bc6e633
    Size/MD5 checksum: 66023980 bc0eeed2957433fdf38f227d464c4dac
    Size/MD5 checksum:  1501146 55ebcb8acd0e29c84dad063f030d4b32

i386 architecture (Intel ia32)
    Size/MD5 checksum:  9495028 0486badbc6a675555500eac834e66770
    Size/MD5 checksum:  1494680 7caef230087548ae9fafc4c9cbfa51a6
    Size/MD5 checksum:   428258 a2154b9e6f111e00d9fafee2e44950d3
    Size/MD5 checksum: 65050706 cc57db2601c136b0ea25aa2aafc9ada4

ia64 architecture (Intel ia64)
    Size/MD5 checksum:   636012 8835da7f0554073419c9bb1ea699be2f
    Size/MD5 checksum: 69462428 1a34d47746eb45a014c6a18d7711437e
    Size/MD5 checksum:  1490832 1731fe69a65e2aaeecbc7c31ba594ea3
    Size/MD5 checksum: 14283690 92e7eaeeb3288d64aad305c1f7b46ace

mips architecture (MIPS (Big Endian))
    Size/MD5 checksum:   411002 fc291f1f164002ffa25f21ab4413d418
    Size/MD5 checksum:  1491562 5ad177aedcac523d4414c1b33590a8aa
    Size/MD5 checksum: 67214842 6bf4782cae7a4bb07600a8c4622d2ba8
    Size/MD5 checksum:  8922858 e2081fa92bc60067bf3fab1d9553d9f0

mipsel architecture (MIPS (Little Endian))
    Size/MD5 checksum:  1445728 0e93a06b9c99da3e19fe9ed57effc2af
    Size/MD5 checksum: 64601046 76bcf6fa57c4c9fe4146996227fd483e
    Size/MD5 checksum:   410088 c1a038807d9bfd9ec21b3d3fb9b4ad3b
    Size/MD5 checksum:  8776788 a4e68c739bc64700c8cba42746337051

powerpc architecture (PowerPC)
    Size/MD5 checksum: 10152880 7c3caef790d31e75030798ff255860f0
    Size/MD5 checksum:  1504080 2a6f91b2f9d251f7c948db16b26b74e6
    Size/MD5 checksum:   488426 f82580483fe29a15a635df5b130889f0
    Size/MD5 checksum: 69005164 b5142561ef43d8f394f69723ecfa101e

s390 architecture (IBM S/390)
    Size/MD5 checksum:  1454438 7f6117ffd81b9a759544a84b129451d2
    Size/MD5 checksum: 69791606 b67cba5028161769d9227e551ce1e3ce
    Size/MD5 checksum:   476722 3871456f5fad8399f14f6711bd483635
    Size/MD5 checksum: 10410196 3a1c94adbe9d2cdf3aab21e684a2ee09

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
Package info: `apt-cache show <pkg>' and<pkg>
Version: GnuPG v1.4.9 (GNU/Linux)


Powered by blists - more mailing lists