[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060724160924.GJ5109@piware.de>
Date: Mon, 24 Jul 2006 18:09:24 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-322-1] Konqueror vulnerability
===========================================================
Ubuntu Security Notice USN-322-1 July 24, 2006
kdelibs vulnerability
CVE-2006-3672
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 5.04:
kdelibs 4:3.4.0-0ubuntu3.6
Ubuntu 5.10:
kdelibs 4:3.4.3-0ubuntu2.1
Ubuntu 6.06 LTS:
kdelibs 4:3.5.2-0ubuntu18.1
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
A Denial of Service vulnerability has been reported in the replaceChild()
method in KDE's DOM handler. A malicious remote web page could exploit
this to cause Konqueror to crash.
Updated packages for Ubuntu 5.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.0-0ubuntu3.6.diff.gz
Size/MD5: 359009 80e19fdd5fc4e09de50e0abc08dbdc64
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.0-0ubuntu3.6.dsc
Size/MD5: 1334 8e9db12a120c7d9aa45ce4a89748150c
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.0.orig.tar.gz
Size/MD5: 20024253 471740de13cfed37d35eb180fc1b9b38
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.4.0-0ubuntu3.6_all.deb
Size/MD5: 8013322 0f58397ee85bc8e94222bd887e3e3ed8
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.4.0-0ubuntu3.6_all.deb
Size/MD5: 12073276 d64b80c5e3f2761a1fee42c4ac61aceb
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.0-0ubuntu3.6_all.deb
Size/MD5: 20560 b926d8254eae60a6dfc2f2383c749e8b
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.0-0ubuntu3.6_amd64.deb
Size/MD5: 921980 3b24d216d30e42fe76f114af2ef79e23
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.0-0ubuntu3.6_amd64.deb
Size/MD5: 1303886 02fdf7d27c3b4191041e1f1ba65dbec3
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4_3.4.0-0ubuntu3.6_amd64.deb
Size/MD5: 8970482 e4d884c6087a940ed951975ecaf70a16
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.0-0ubuntu3.6_i386.deb
Size/MD5: 839684 a51679f1f9d6b0819f1aeaff2929cdb8
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.0-0ubuntu3.6_i386.deb
Size/MD5: 1301354 d5a5d6777bac0d83976ee5d2514a5e36
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4_3.4.0-0ubuntu3.6_i386.deb
Size/MD5: 8397572 e536bdbc12511bec8e8adcf755d10369
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.0-0ubuntu3.6_powerpc.deb
Size/MD5: 904730 5eb02eab700a7844b86ed5337f202f57
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.0-0ubuntu3.6_powerpc.deb
Size/MD5: 1304646 7bc4878395c8c57f20642fb76f0cf0f2
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4_3.4.0-0ubuntu3.6_powerpc.deb
Size/MD5: 8368206 920ad16060f913092914e2de01bbf533
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3-0ubuntu2.1.diff.gz
Size/MD5: 328824 90ae45cf60a62394b61877f0b8829bb7
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3-0ubuntu2.1.dsc
Size/MD5: 1523 ce890db0541122c30d10b77ce8d65871
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3.orig.tar.gz
Size/MD5: 19981388 36e7a8320bd95760b41c4849da170100
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.4.3-0ubuntu2.1_all.deb
Size/MD5: 6969950 9e99951cfed9d47e7a6aa15c4bc8b2a6
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.4.3-0ubuntu2.1_all.deb
Size/MD5: 29296526 6bbe20ef6d29c14fda945f62465cba72
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3-0ubuntu2.1_all.deb
Size/MD5: 30588 32c58feabf9a01d39f0d320f515c47b4
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.1_amd64.deb
Size/MD5: 926460 4d3048c061d7ff0bac8fce46b5a36dbd
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.1_amd64.deb
Size/MD5: 1308904 acee80a54853c4c5f20fd103c33624bf
http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.1_amd64.deb
Size/MD5: 22552926 4e764557784428203e4c92cf5ab59fde
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.1_amd64.deb
Size/MD5: 9109020 781b3293a2da56aa1d72726b9b12ead7
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.1_i386.deb
Size/MD5: 814588 85c95ac51f23734d95f1486e6aea688e
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.1_i386.deb
Size/MD5: 1305556 b4b84167dd7440030468f38f7aa09f9d
http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.1_i386.deb
Size/MD5: 19410458 ad2963d64c42c42af65b5bbcfa2e2bd7
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.1_i386.deb
Size/MD5: 8072046 d3a08494ba8830d09f7023bcbfe3fa58
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.1_powerpc.deb
Size/MD5: 909832 0070a9f392c1d25b32c44d7ba198a825
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.1_powerpc.deb
Size/MD5: 1310248 6a4b7ed6b9dee4232bc3bf56f226faeb
http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.1_powerpc.deb
Size/MD5: 22763910 3248431f4b054df3c004d0694e35cc38
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.1_powerpc.deb
Size/MD5: 8434102 f3b488d7a18ee6c26f0bd64d44fbc847
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.1_sparc.deb
Size/MD5: 831116 ae7b8c8545f312a482715610f91af41d
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.1_sparc.deb
Size/MD5: 1306984 405ed2017fe27e07bf9e6c7dec3dc8d0
http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.1_sparc.deb
Size/MD5: 20031522 6269f1c9b33b15613bc2c4a4cd8cda3f
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.1_sparc.deb
Size/MD5: 8240954 734ee524e79cd4804ada703584251b31
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2-0ubuntu18.1.diff.gz
Size/MD5: 467654 3c060d4dce003028018d064c01749b55
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2-0ubuntu18.1.dsc
Size/MD5: 1611 5d2d8fc33079c007c003a7a59f9746dd
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2.orig.tar.gz
Size/MD5: 18775353 00c878d449522fb8aa2769a4c5ae1fde
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.2-0ubuntu18.1_all.deb
Size/MD5: 7083812 b2a70a68acd6063dbb978b458c11dd2b
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.5.2-0ubuntu18.1_all.deb
Size/MD5: 41489526 bd20265c944ec0426da7dcac34cadeb4
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2-0ubuntu18.1_all.deb
Size/MD5: 35620 c0fefa42c68b682b3826828ac78b14ee
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.1_amd64.deb
Size/MD5: 925402 49c8981901ab09a874acbd8fa26a8116
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.1_amd64.deb
Size/MD5: 26451710 625479b3435ed1c03a86eecfa2677a67
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.1_amd64.deb
Size/MD5: 1355502 9beb852dc6851eab35c21c566c02aeda
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.1_amd64.deb
Size/MD5: 9406952 2bab09a35129dda1b9e0dc878c3baa5f
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.1_i386.deb
Size/MD5: 814926 50317f1790612a4aa22efe9f47588f53
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.1_i386.deb
Size/MD5: 22925228 f5716faf161488b0a947f3e70b46199d
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.1_i386.deb
Size/MD5: 1352158 70f006f893b64aa97649b0d706660286
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.1_i386.deb
Size/MD5: 8334302 356f67a801d8216a4933af023075a75a
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.1_powerpc.deb
Size/MD5: 905982 fb4dbd4f51f9ef9081410018aaeea11e
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.1_powerpc.deb
Size/MD5: 26718448 cc90559402793050714ebc19e478f9e2
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.1_powerpc.deb
Size/MD5: 1356906 d56198454fe16ac81f5d6667f88d5295
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.1_powerpc.deb
Size/MD5: 8689514 dc64ea6dc0a52b403403c21959b2d689
sparc architecture (Sun SPARC/UltraSPARC)
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.1_sparc.deb
Size/MD5: 826778 7cde821cf1da20929486ac2d5fdd6d10
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.1_sparc.deb
Size/MD5: 23623304 9fbe439b0a5ca2862d14cc6b3bddceff
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.1_sparc.deb
Size/MD5: 1353282 76cfc95fb82cc564f130c6f578746b65
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.1_sparc.deb
Size/MD5: 8491430 590d37dae7987f6f75cc3f1315f5cd6d
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists