lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050503114955.GA3699@box79162.elkhouse.de>
Date: Tue May  3 13:03:04 2005
From: martin at piware.de (Martin Pitt)
Subject: [USN-114-1] kimgio vulnerability

===========================================================
Ubuntu Security Notice USN-114-1	       May 03, 2005
kdelibs vulnerability
CAN-2005-1046
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

kdelibs

The problem can be corrected by upgrading the affected package to
version 3.4.0-0ubuntu3.1.  In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Bruno Rohee discovered a buffer overflow in the PCX decoder of kimgio.
If an attacker tricked a user into loading a malicious PCX image with
a KDE application, he could exploit this to execute arbitrary code
with the privileges of the user opening the image.

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.0-0ubuntu3.1.diff.gz
      Size/MD5:  359873 e047143bce6bc7c4d513ef39f4d9032d
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.0-0ubuntu3.1.dsc
      Size/MD5:  1334 84191cecdc42f082bb47bf9e0381360e
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.0.orig.tar.gz
      Size/MD5:  20024253 471740de13cfed37d35eb180fc1b9b38

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.0-0ubuntu3.1_i386.deb
      Size/MD5:  1300478 e9cbaccebc510a3ab29de999a83ed709
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.0-0ubuntu3.1_i386.deb
      Size/MD5:  838688 1e6e6725942aeb513c9b441d5c41cb07
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4_3.4.0-0ubuntu3.1_i386.deb
      Size/MD5:  8395642 d44b82cf611cfbd160593bc05762c622

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.0-0ubuntu3.1_all.deb
      Size/MD5:  19822 32b8820b1483ce73ba15ffa9d0330487
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.4.0-0ubuntu3.1_all.deb
      Size/MD5:  8012690 88e4dbac643daaf7235598d8b94a7728
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.4.0-0ubuntu3.1_all.deb
      Size/MD5:  12072382 58c8c8767295c9ef9b11f2889530c840

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4_3.4.0-0ubuntu3.1_amd64.deb
      Size/MD5:  8968464 7674d54d68aea22b36319bf1c6051985
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.0-0ubuntu3.1_amd64.deb
      Size/MD5:  920772 97a404d13d87a8cc93d0562ff60d1fb2
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.0-0ubuntu3.1_amd64.deb
      Size/MD5:  1303100 8f11bcf3fb6748dc8231b55e055d481d

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.0-0ubuntu3.1_powerpc.deb
      Size/MD5:  1303876 0083b3b318bce500c7bf47a2fa06ba67
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4_3.4.0-0ubuntu3.1_powerpc.deb
      Size/MD5:  8367604 80b397e0202fda0ac246797e0ad093e3
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.0-0ubuntu3.1_powerpc.deb
      Size/MD5:  903598 9cc850b736e63ee742dd45edc0b56797

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050503/4d538e2b/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ