[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20091211025450.GN26756@severus.strandboge.com>
Date: Thu, 10 Dec 2009 20:54:50 -0600
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: [USN-871-2] KDE 4 vulnerabilities
===========================================================
Ubuntu Security Notice USN-871-2 December 11, 2009
kde4libs vulnerabilities
https://launchpad.net/bugs/495301
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.10:
kdelibs5 4:4.1.4-0ubuntu1~intrepid1.5
Ubuntu 9.04:
kdelibs5 4:4.2.2-0ubuntu5.4
Ubuntu 9.10:
kdelibs5 4:4.3.2-0ubuntu7.2
After a standard system upgrade you need to restart your session to effect
the necessary changes.
Details follow:
USN-871-1 fixed vulnerabilities in KDE. This update provides the
corresponding updates for KDE 4.
This update also fixes a directory traversal flaw in KDE when processing
help:// URLs. This issue only affected Ubuntu 8.10.
Original advisory details:
It was discovered that the KDE libraries could use KHTML to process an
unknown MIME type. If a user or application linked against kdelibs were
tricked into opening a crafted file, an attacker could potentially trigger
XMLHTTPRequests to remote sites.
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kde4libs_4.1.4-0ubuntu1~intrepid1.5.diff.gz
Size/MD5: 95977 d9bc80da0287e4a27cb968420d892d4b
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kde4libs_4.1.4-0ubuntu1~intrepid1.5.dsc
Size/MD5: 2308 89059af41fd455cd8591eab8df0b8ce6
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kde4libs_4.1.4.orig.tar.gz
Size/MD5: 11190299 18264580c1d6d978a3049a13fda36f29
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-data_4.1.4-0ubuntu1~intrepid1.5_all.deb
Size/MD5: 3110960 e0b7e12e3bebb6619a000970ea535e97
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-doc_4.1.4-0ubuntu1~intrepid1.5_all.deb
Size/MD5: 69202 2d65a7f3af2064f0071fe7f41235c6df
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs-bin_4.1.4-0ubuntu1~intrepid1.5_amd64.deb
Size/MD5: 395822 33edd1260233852ffc6c5d13de54d32c
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dbg_4.1.4-0ubuntu1~intrepid1.5_amd64.deb
Size/MD5: 66056004 8bc845533fc9a3ab78b3dd17ea5c7a37
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dev_4.1.4-0ubuntu1~intrepid1.5_amd64.deb
Size/MD5: 1441140 ef9268b6681c6787d2dbb17924b58a79
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5_4.1.4-0ubuntu1~intrepid1.5_amd64.deb
Size/MD5: 10103862 f388998bf382659d49a9677679d67dcc
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs-bin_4.1.4-0ubuntu1~intrepid1.5_i386.deb
Size/MD5: 371990 a1835282af9ddb9229117d34c1bef931
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dbg_4.1.4-0ubuntu1~intrepid1.5_i386.deb
Size/MD5: 65218556 73c538baa8a8101fca781ccc66d124bf
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dev_4.1.4-0ubuntu1~intrepid1.5_i386.deb
Size/MD5: 1438690 6c5878c932b90f837183c7f496412f24
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5_4.1.4-0ubuntu1~intrepid1.5_i386.deb
Size/MD5: 9523396 d3e663ccdcc52a1dd7dda5efbc64cda7
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs-bin_4.1.4-0ubuntu1~intrepid1.5_lpia.deb
Size/MD5: 376790 97518d066616d2fbf6b89cfe75e6d117
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dbg_4.1.4-0ubuntu1~intrepid1.5_lpia.deb
Size/MD5: 65334088 1e2c5b4df8f5c91bbc4f92ebe7801375
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dev_4.1.4-0ubuntu1~intrepid1.5_lpia.deb
Size/MD5: 1441160 bf293d1061e06e79403863f55a33b9d4
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5_4.1.4-0ubuntu1~intrepid1.5_lpia.deb
Size/MD5: 9535686 3a180768df11832e5cef0405c7ace583
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs-bin_4.1.4-0ubuntu1~intrepid1.5_powerpc.deb
Size/MD5: 423238 bd3e80909eda46558e4b276739973fc9
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dbg_4.1.4-0ubuntu1~intrepid1.5_powerpc.deb
Size/MD5: 69280176 c9775805d6a90568449e5df0055c8d68
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dev_4.1.4-0ubuntu1~intrepid1.5_powerpc.deb
Size/MD5: 1446080 7f9a904fd5e138a90ebb24ec9762c0cf
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5_4.1.4-0ubuntu1~intrepid1.5_powerpc.deb
Size/MD5: 10238640 2ca68c998ef5001b56599eeead4285bf
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs-bin_4.1.4-0ubuntu1~intrepid1.5_sparc.deb
Size/MD5: 381628 e4c66e47382390f9b18e7fc8a2d70fc2
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dbg_4.1.4-0ubuntu1~intrepid1.5_sparc.deb
Size/MD5: 64525262 3e892b50f4eee4cb61eefda24e7a9612
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dev_4.1.4-0ubuntu1~intrepid1.5_sparc.deb
Size/MD5: 1438444 3b02a43b55ee9c18921cf4dd704ba8cd
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5_4.1.4-0ubuntu1~intrepid1.5_sparc.deb
Size/MD5: 9653902 f9bd9be7d0c97c9fc492eb271d78a2b6
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kde4libs_4.2.2-0ubuntu5.4.diff.gz
Size/MD5: 104020 32d0f05b8444a746a0edd41349c160c2
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kde4libs_4.2.2-0ubuntu5.4.dsc
Size/MD5: 2305 ec9eb15c47913f5ec148ffddca904315
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kde4libs_4.2.2.orig.tar.gz
Size/MD5: 12335659 83d6a0d59e79873bbe0a5a90ef23f27e
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-data_4.2.2-0ubuntu5.4_all.deb
Size/MD5: 1989926 dd442e1cf759169409634e0a55f7bbe8
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs-bin_4.2.2-0ubuntu5.4_amd64.deb
Size/MD5: 281654 85c7bf34df6d9129f5c295e05adae9a4
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dbg_4.2.2-0ubuntu5.4_amd64.deb
Size/MD5: 44154854 ee9068a0c87001d9ec9d3d90ca2ca3da
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dev_4.2.2-0ubuntu5.4_amd64.deb
Size/MD5: 1091202 c1430eb8a84e68e5034c0d97f3ec51f4
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5_4.2.2-0ubuntu5.4_amd64.deb
Size/MD5: 7071844 e1ca3960e074100bf58fd89654103ee5
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/libplasma-dev_4.2.2-0ubuntu5.4_amd64.deb
Size/MD5: 102524 2bbebb2f95726d931579aca0739a62c6
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/libplasma3_4.2.2-0ubuntu5.4_amd64.deb
Size/MD5: 610934 8b5c132c776faf2a029f34c4b30cd656
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs-bin_4.2.2-0ubuntu5.4_i386.deb
Size/MD5: 269104 c4612880c098d4647d13926496adefb9
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dbg_4.2.2-0ubuntu5.4_i386.deb
Size/MD5: 43460726 c7f1491f2fcf451564a2312069dbde92
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dev_4.2.2-0ubuntu5.4_i386.deb
Size/MD5: 1090342 e56a2b8b8daeee653f55baa14be73284
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5_4.2.2-0ubuntu5.4_i386.deb
Size/MD5: 6778280 07b3fa6ce24c085424d102eda7261969
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/libplasma-dev_4.2.2-0ubuntu5.4_i386.deb
Size/MD5: 127322 4ebcee74931d57bcb56b05fc270fde3d
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/libplasma3_4.2.2-0ubuntu5.4_i386.deb
Size/MD5: 567162 9f72ead2cee64f5a3de3917792ab4c0f
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs-bin_4.2.2-0ubuntu5.4_lpia.deb
Size/MD5: 275580 1d5da4de19d017fcfa79a4056c17ae01
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dbg_4.2.2-0ubuntu5.4_lpia.deb
Size/MD5: 43587848 e94aed2b623e0463ef192e3ff19d6d44
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dev_4.2.2-0ubuntu5.4_lpia.deb
Size/MD5: 1092682 d040dc4b0718f148dfc93d81a6ef1454
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5_4.2.2-0ubuntu5.4_lpia.deb
Size/MD5: 6850706 8f0adbd06a0847da5a2d15cfad4c257c
http://ports.ubuntu.com/pool/main/k/kde4libs/libplasma-dev_4.2.2-0ubuntu5.4_lpia.deb
Size/MD5: 102486 239d38e7ee3443c3fdfaff5db8ae2eb9
http://ports.ubuntu.com/pool/main/k/kde4libs/libplasma3_4.2.2-0ubuntu5.4_lpia.deb
Size/MD5: 600146 89db6cb42b9c9a2a43a214205173467c
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs-bin_4.2.2-0ubuntu5.4_powerpc.deb
Size/MD5: 269884 2d1ab31ad761746d55b508fdf9020b03
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dbg_4.2.2-0ubuntu5.4_powerpc.deb
Size/MD5: 43126080 4e40874d089491ab0ad0a6f78dd6fd4d
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dev_4.2.2-0ubuntu5.4_powerpc.deb
Size/MD5: 1089852 50f1e895cf308de02e736bbf4ade19c1
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5_4.2.2-0ubuntu5.4_powerpc.deb
Size/MD5: 6203800 ccee8ec8a8c1da20a3fc50870d454b61
http://ports.ubuntu.com/pool/main/k/kde4libs/libplasma-dev_4.2.2-0ubuntu5.4_powerpc.deb
Size/MD5: 102474 69bde557a52136bbc666fc39550030b5
http://ports.ubuntu.com/pool/main/k/kde4libs/libplasma3_4.2.2-0ubuntu5.4_powerpc.deb
Size/MD5: 555434 4253e3224b0eddab9fd85357b8771756
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs-bin_4.2.2-0ubuntu5.4_sparc.deb
Size/MD5: 250250 7eb83ed7165eb32e59cdd191046c39df
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dbg_4.2.2-0ubuntu5.4_sparc.deb
Size/MD5: 40333438 5dc7af31143fceabcbf3d49929aed2e4
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dev_4.2.2-0ubuntu5.4_sparc.deb
Size/MD5: 1086248 3cd8c1c642149f35a6b04804664b5e1f
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5_4.2.2-0ubuntu5.4_sparc.deb
Size/MD5: 5932388 5a59b3b9df837d93f5ae3ddd59870631
http://ports.ubuntu.com/pool/main/k/kde4libs/libplasma-dev_4.2.2-0ubuntu5.4_sparc.deb
Size/MD5: 102446 2d843ca6ed093eb1641e7e2f5f421ffe
http://ports.ubuntu.com/pool/main/k/kde4libs/libplasma3_4.2.2-0ubuntu5.4_sparc.deb
Size/MD5: 530794 b0b5583c144ed90a855ac9a0b6643f74
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kde4libs_4.3.2-0ubuntu7.2.diff.gz
Size/MD5: 160839 c594eccef7c8ceabff20a8b5bb8da6b0
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kde4libs_4.3.2-0ubuntu7.2.dsc
Size/MD5: 2301 7e7ce51359cf82ec23188479bd81f34f
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kde4libs_4.3.2.orig.tar.gz
Size/MD5: 12961029 076c304e8829229e1f1a5ef8eecda34d
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-data_4.3.2-0ubuntu7.2_all.deb
Size/MD5: 2501328 635e74cea648a785eaca9d5ac7b7a8bf
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs-bin_4.3.2-0ubuntu7.2_amd64.deb
Size/MD5: 236080 ee88e1d5afe4da918c8e362b263ca355
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dbg_4.3.2-0ubuntu7.2_amd64.deb
Size/MD5: 47641692 4502ce2a9d687622a6fe0bfef406f1c6
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dev_4.3.2-0ubuntu7.2_amd64.deb
Size/MD5: 1162282 63050bae7403fb0ba6b7e34d686ecac7
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5_4.3.2-0ubuntu7.2_amd64.deb
Size/MD5: 7276964 d901a84198c938147eb97e364c8a4e7c
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/libplasma3_4.3.2-0ubuntu7.2_amd64.deb
Size/MD5: 657864 1a124d132ca09637458657de0f61a68f
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs-bin_4.3.2-0ubuntu7.2_i386.deb
Size/MD5: 227420 bb3a9991d63988035414bdb8d2d195db
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dbg_4.3.2-0ubuntu7.2_i386.deb
Size/MD5: 47142396 6950b2c99d61bfa71599020eb223aba7
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dev_4.3.2-0ubuntu7.2_i386.deb
Size/MD5: 1161550 829a35f9f7637176d9a4a74923d27cdb
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5_4.3.2-0ubuntu7.2_i386.deb
Size/MD5: 7019572 3c4af34e1fc523ace73a2aa7a53048ef
http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/libplasma3_4.3.2-0ubuntu7.2_i386.deb
Size/MD5: 608938 2b44f507a4ba29aa8d8de059d2674921
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs-bin_4.3.2-0ubuntu7.2_lpia.deb
Size/MD5: 234518 6edda7121cb4e64320eccfbf0ee37d79
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dbg_4.3.2-0ubuntu7.2_lpia.deb
Size/MD5: 47232510 0fedbdd6ec510ac83e9fb6cc59f5293a
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dev_4.3.2-0ubuntu7.2_lpia.deb
Size/MD5: 1163720 66d8939b2a848dd113390438996d31c5
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5_4.3.2-0ubuntu7.2_lpia.deb
Size/MD5: 7163048 0f84dc555132acf0d40f8310a7260c8c
http://ports.ubuntu.com/pool/main/k/kde4libs/libplasma3_4.3.2-0ubuntu7.2_lpia.deb
Size/MD5: 653692 bed649a879d2a387406f91284c27dc94
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs-bin_4.3.2-0ubuntu7.2_powerpc.deb
Size/MD5: 217718 2951df67e37de8dff2380eab9e946b0d
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dbg_4.3.2-0ubuntu7.2_powerpc.deb
Size/MD5: 47000996 1eabf7a08da76c26a4981fdb2b039007
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dev_4.3.2-0ubuntu7.2_powerpc.deb
Size/MD5: 1158764 96a4bdf2699880369d39b8f12fefeb5c
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5_4.3.2-0ubuntu7.2_powerpc.deb
Size/MD5: 6387572 fea74e2bbe2137a7bed4938649612bca
http://ports.ubuntu.com/pool/main/k/kde4libs/libplasma3_4.3.2-0ubuntu7.2_powerpc.deb
Size/MD5: 599074 193adda0adb27083c3643568bb560ea4
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs-bin_4.3.2-0ubuntu7.2_sparc.deb
Size/MD5: 217164 8a2cc000d2afa3daf4745cc9710c1391
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dbg_4.3.2-0ubuntu7.2_sparc.deb
Size/MD5: 43663358 d58f044f914a89c78f5388e70fdc856c
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dev_4.3.2-0ubuntu7.2_sparc.deb
Size/MD5: 1157850 acaef9c86335bedc7133860129de2579
http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5_4.3.2-0ubuntu7.2_sparc.deb
Size/MD5: 6202126 4b1d5c0a92b9a2ab8368d4f649d80bb0
http://ports.ubuntu.com/pool/main/k/kde4libs/libplasma3_4.3.2-0ubuntu7.2_sparc.deb
Size/MD5: 572642 48ab7fa1e805f94334adcf212f86c6f6
Download attachment "signature.asc" of type "application/pgp-signature" (198 bytes)
Powered by blists - more mailing lists