lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20091211022940.GM26756@severus.strandboge.com>
Date: Thu, 10 Dec 2009 20:29:40 -0600
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: [USN-871-1] KDE vulnerability

===========================================================
Ubuntu Security Notice USN-871-1          December 11, 2009
kdelibs vulnerability
CVE-2009-0689
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
  kdelibs4c2a                     4:3.5.10-0ubuntu1~hardy1.5

Ubuntu 8.10:
  kdelibs4c2a                     4:3.5.10-0ubuntu6.4

Ubuntu 9.04:
  kdelibs4c2a                     4:3.5.10.dfsg.1-1ubuntu8.4

Ubuntu 9.10:
  kdelibs4c2a                     4:3.5.10.dfsg.1-2ubuntu7.2

After a standard system upgrade you need to restart your session to effect
the necessary changes.

Details follow:

A buffer overflow was found in the KDE libraries when converting a string
to a floating point number. If a user or application linked against kdelibs
were tricked into processing crafted input, an attacker could cause a
denial of service (via application crash) or possibly execute arbitrary
code with the privileges of the user invoking the program. (CVE-2009-0689)

It was discovered that the KDE libraries could use KHTML to process an
unknown MIME type. If a user or application linked against kdelibs were
tricked into opening a crafted file, an attacker could potentially trigger
XMLHTTPRequests to remote sites.


Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10-0ubuntu1~hardy1.5.diff.gz
      Size/MD5:  1793748 3693849d1a4409e8c03f0fde6da39fa5
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10-0ubuntu1~hardy1.5.dsc
      Size/MD5:     1729 0e528a7564f8d3404a3bcaa28538cb2e
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.orig.tar.gz
      Size/MD5: 18631467 5eeb6f132e386668a0395d4d426d495e

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.10-0ubuntu1~hardy1.5_all.deb
      Size/MD5:  7326504 bbc8884536fab2b5af1c3cdb15abc148
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.5.10-0ubuntu1~hardy1.5_all.deb
      Size/MD5: 25454866 2d1266776d28be0be2a314539f3ee38e
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10-0ubuntu1~hardy1.5_all.deb
      Size/MD5:     9328 bde1f5045141764729947822eb7749f7

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu1~hardy1.5_amd64.deb
      Size/MD5: 26758230 0ef2dcb722666b05bbe26b550160c22f
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu1~hardy1.5_amd64.deb
      Size/MD5:  1381590 774d2cd314be51e30660b84ac5565483
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu1~hardy1.5_amd64.deb
      Size/MD5: 10657036 02cf55ef3d63c2789dcfcf351f3fe787

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu1~hardy1.5_i386.deb
      Size/MD5: 25992402 cc525f04d9032e40c9d7f41503cad38f
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu1~hardy1.5_i386.deb
      Size/MD5:  1411164 e01ab41b8e22e5f012055b6dfc8f9b19
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu1~hardy1.5_i386.deb
      Size/MD5:  9615022 b31148854fde22f5f588920fb7266e55

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu1~hardy1.5_lpia.deb
      Size/MD5: 25971380 581ef5985071d294f3663ebc4943ca8a
    http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu1~hardy1.5_lpia.deb
      Size/MD5:  1375934 5a64f795039d022fa270e2b9db4ddb16
    http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu1~hardy1.5_lpia.deb
      Size/MD5:  9642908 1d5304980f9eb82c9972d96eb2bc27a1

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu1~hardy1.5_powerpc.deb
      Size/MD5: 27656998 81cc9e5a1758604597aac298701d86c0
    http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu1~hardy1.5_powerpc.deb
      Size/MD5:  1393476 7bceb13671cc7b26d66ce06c281f2cbe
    http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu1~hardy1.5_powerpc.deb
      Size/MD5: 10453790 2303cad503f7bd4f395be4cceee697f5

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu1~hardy1.5_sparc.deb
      Size/MD5: 25025950 28bb225b11e2e9b312d0f47beddcca90
    http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu1~hardy1.5_sparc.deb
      Size/MD5:  1376534 c874a22da1260dcc046a68d7c8bbef82
    http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu1~hardy1.5_sparc.deb
      Size/MD5:  9596634 a697b75916b628d1547ca9e562712b7e

Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10-0ubuntu6.4.diff.gz
      Size/MD5:   726583 2bae45140ba24ccfe427d1000d2cb937
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10-0ubuntu6.4.dsc
      Size/MD5:     2284 cd10eb858af120c2420b6045e0db2663
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.orig.tar.gz
      Size/MD5: 18631467 5eeb6f132e386668a0395d4d426d495e

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.10-0ubuntu6.4_all.deb
      Size/MD5:  7321288 0ef5e6ac303bd55dbc1a62ef5b12154f
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.5.10-0ubuntu6.4_all.deb
      Size/MD5: 25523888 0df6ca0a7ae1e6cc761f60f190716592
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10-0ubuntu6.4_all.deb
      Size/MD5:     2272 0648e9f4672cff0f6b1a2bde0929b8a6

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu6.4_amd64.deb
      Size/MD5: 27375756 7464f9546f17461652d67b1b751ef962
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu6.4_amd64.deb
      Size/MD5:  1371454 ef8f62dcdf6d6dbb6eaae0447d8cec41
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu6.4_amd64.deb
      Size/MD5: 10930426 168e4c76f3804807b73a3f7c4eee432a

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu6.4_i386.deb
      Size/MD5: 26665714 0e89f87ee569198c85ea7343892e2cb1
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu6.4_i386.deb
      Size/MD5:  1405518 3422db629fbcc2f431610f9cdfc56598
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu6.4_i386.deb
      Size/MD5: 10143624 6d58c8fb72e17a0c5c2d12849e7d97d8

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu6.4_lpia.deb
      Size/MD5: 26675144 f5e947abceb595d9b8b6077468b4f11f
    http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu6.4_lpia.deb
      Size/MD5:  1368234 719a1f05b6f3af1a5cedf2caaa4849f0
    http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu6.4_lpia.deb
      Size/MD5: 10141624 c1410ee0b8dd09532a0d444a09d30bf0

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu6.4_powerpc.deb
      Size/MD5: 28218158 76503bc8d7c7c8e57b7288a6bd91f9c8
    http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu6.4_powerpc.deb
      Size/MD5:  1380874 9a11e892f2c0027c245254844e0a915c
    http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu6.4_powerpc.deb
      Size/MD5: 10749232 c366111b06394b4a869e56a5200a88be

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu6.4_sparc.deb
      Size/MD5: 25441392 307c87143d2a6a11ece50acc5b40291e
    http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu6.4_sparc.deb
      Size/MD5:  1368498 6152dbe3fc1c231b7390d8e00e79fd4a
    http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu6.4_sparc.deb
      Size/MD5:  9801840 d8e14b90ff8453d49504d9cfcef41280

Updated packages for Ubuntu 9.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-1ubuntu8.4.diff.gz
      Size/MD5:   730213 b24ca20a24db817de9901c61f70e90b3
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-1ubuntu8.4.dsc
      Size/MD5:     2342 ccc0ee94d16a854ef9d6930abb8379d5
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.dfsg.1.orig.tar.gz
      Size/MD5: 18639393 4bcfee29b0f939415791f5032a72e7b0

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.10.dfsg.1-1ubuntu8.4_all.deb
      Size/MD5:  6752210 11c8744d3bb2ca49bf0aad89092e926e
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-1ubuntu8.4_all.deb
      Size/MD5:     2270 110eef16875f571661c553d295ffc7e5

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-1ubuntu8.4_amd64.deb
      Size/MD5: 27110360 f91c2909a3c32e4c8b6ff7ec5f762788
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-1ubuntu8.4_amd64.deb
      Size/MD5:  1360062 cb7e2ede68c5fa431ff6b3213f0d6c64
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-1ubuntu8.4_amd64.deb
      Size/MD5: 10783134 25f15bf8d2957c6e4b59fa36aab7f9e2

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-1ubuntu8.4_i386.deb
      Size/MD5: 26383054 9d18f9c1a6c38b95334483cb107c157f
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-1ubuntu8.4_i386.deb
      Size/MD5:  1395328 cf787836d0618dc9ece201e145f6c629
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-1ubuntu8.4_i386.deb
      Size/MD5: 10006430 74959eea23ce24afef3241d43b2d2118

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-1ubuntu8.4_lpia.deb
      Size/MD5: 26385634 308c2ca36d90433724e1f4046089c00b
    http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-1ubuntu8.4_lpia.deb
      Size/MD5:  1356866 32ad3654f7ff480e661b1706252eeb4b
    http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-1ubuntu8.4_lpia.deb
      Size/MD5: 10020864 cfea875c3e64396258bb94a81f1bb9dd

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-1ubuntu8.4_powerpc.deb
      Size/MD5: 27928798 264933dc950a1c7de4a8a27d14a7e655
    http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-1ubuntu8.4_powerpc.deb
      Size/MD5:  1369318 b034946f6860d913ef05429cecefa4e4
    http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-1ubuntu8.4_powerpc.deb
      Size/MD5: 10612072 3191cd83b4d762f1c1069f8e51bd082b

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-1ubuntu8.4_sparc.deb
      Size/MD5: 25158852 e1db11cf38658b133ab5e16241ee5d56
    http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-1ubuntu8.4_sparc.deb
      Size/MD5:  1356962 a7d5a18a02eec881f81bf6feb2a30554
    http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-1ubuntu8.4_sparc.deb
      Size/MD5:  9663708 c2780bac10865f58b53d41b3eb2eccf1

Updated packages for Ubuntu 9.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-2ubuntu7.2.diff.gz
      Size/MD5:   886928 afddbeaeb9d7dd1b8805202629df7a3e
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-2ubuntu7.2.dsc
      Size/MD5:     2342 3b49bfd2ffc8ab9e1240e08eafa47f1a
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.dfsg.1.orig.tar.gz
      Size/MD5: 18639393 4bcfee29b0f939415791f5032a72e7b0

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.10.dfsg.1-2ubuntu7.2_all.deb
      Size/MD5:  6674924 c19977e54488daad70814a047fee31bc
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-2ubuntu7.2_all.deb
      Size/MD5:     2276 1679879f18cb57114249a5c7a6a57785

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-2ubuntu7.2_amd64.deb
      Size/MD5: 26714644 de3e7b175853c728cb3265bae249e068
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-2ubuntu7.2_amd64.deb
      Size/MD5:  1361224 8674d009a291bc7dc091f895462abcb6
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-2ubuntu7.2_amd64.deb
      Size/MD5: 10869100 b5c3d047f60f339718b0be98105aaedc

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-2ubuntu7.2_i386.deb
      Size/MD5: 26410466 6d89bd2826e44581aaaa697c1f212ef5
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-2ubuntu7.2_i386.deb
      Size/MD5:  1398050 99a1a41ba7c4fcc0283f4556bb182d67
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-2ubuntu7.2_i386.deb
      Size/MD5:  9948900 3074338fe0cf50e7314020e693ffdd3b

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-2ubuntu7.2_lpia.deb
      Size/MD5: 26418164 1d671311fe4a96c27148374781b80d15
    http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-2ubuntu7.2_lpia.deb
      Size/MD5:  1359634 8ff78351a0e470adc7ab2b61f307f999
    http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-2ubuntu7.2_lpia.deb
      Size/MD5: 10020080 3b84bcd0e1f7e8273244b218f911206a

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-2ubuntu7.2_powerpc.deb
      Size/MD5: 28194764 807f3facbd2458c480544c3a54ca6def
    http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-2ubuntu7.2_powerpc.deb
      Size/MD5:  1360902 348faaa6840e245d05ba1c6c75b872e4
    http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-2ubuntu7.2_powerpc.deb
      Size/MD5: 10386026 039018f17303abd138e68ae6c343054a

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-2ubuntu7.2_sparc.deb
      Size/MD5: 25012234 381d91aef4d5c73a2c3c3f221ed74d7c
    http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-2ubuntu7.2_sparc.deb
      Size/MD5:  1359422 755e788780d2216e16ee84a7c29ad170
    http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-2ubuntu7.2_sparc.deb
      Size/MD5:  9781308 ae75ebaca64dba4fd804509a75a86b7e



Download attachment "signature.asc" of type "application/pgp-signature" (198 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ