lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070206192505.GP14771@outflux.net>
Date: Tue, 6 Feb 2007 11:25:05 -0800
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-420-1] KDE library vulnerability

=========================================================== 
Ubuntu Security Notice USN-420-1          February 06, 2007
kdelibs vulnerability
CVE-2007-0537
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  kdelibs4c2                               4:3.4.3-0ubuntu2.2

Ubuntu 6.06 LTS:
  kdelibs4c2a                              4:3.5.2-0ubuntu18.2

Ubuntu 6.10:
  kdelibs4c2a                              4:3.5.5-0ubuntu3.1

After a standard system upgrade you need to restart your session to
effect the necessary changes.

Details follow:

Jose Avila III and Robert Tasarz discovered that the KDE HTML library 
did not correctly parse HTML comments inside the "title" tag.  By 
tricking a Konqueror user into visiting a malicious website, an attacker 
could bypass cross-site scripting protections.


Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3-0ubuntu2.2.diff.gz
      Size/MD5:   330443 7bf67340aef75bbafe1bf0f517ad0677
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3-0ubuntu2.2.dsc
      Size/MD5:     1523 9a013d5dc8f7953036af99dd264f9811
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3.orig.tar.gz
      Size/MD5: 19981388 36e7a8320bd95760b41c4849da170100

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.4.3-0ubuntu2.2_all.deb
      Size/MD5:  6970448 a0a541bd78cb848da8aa97ac4b29d0fe
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.4.3-0ubuntu2.2_all.deb
      Size/MD5: 29298458 f04629ca27bafeaa897a86839fc6e645
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3-0ubuntu2.2_all.deb
      Size/MD5:    30714 8ec392ba5ba0f78e9b12dd9d025019d6

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.2_amd64.deb
      Size/MD5:   926668 3e7c767a9eeb80d0a85640d7dbfb53d7
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.2_amd64.deb
      Size/MD5:  1309046 e73c5de672193ac0385a28dd3accf646
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.2_amd64.deb
      Size/MD5: 22552842 287114119aee64a256f8fce295e9d034
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.2_amd64.deb
      Size/MD5:  9109026 aa34fe2f02d9772ad8e25bb36e573505

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.2_i386.deb
      Size/MD5:   814498 1eace86f58caf3f936c77e749a45ffc6
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.2_i386.deb
      Size/MD5:  1305652 0ce209d9c2c5ed846dbb1edc16fe5606
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.2_i386.deb
      Size/MD5: 19410566 85751508b7f13b790cbda8d795930a72
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.2_i386.deb
      Size/MD5:  8072650 9caf6a826bb790e309036555f40b9b8d

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.2_powerpc.deb
      Size/MD5:   909782 0a1cbec28532ca006c7ddcb6990a6e65
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.2_powerpc.deb
      Size/MD5:  1310430 f31f57e3c37f8c12e586cfa0084dc203
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.2_powerpc.deb
      Size/MD5: 22763768 b1aba1f6b9ef2c454f2172d442302b49
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.2_powerpc.deb
      Size/MD5:  8433768 18b2c898ed6d40844c19635d8b85e8a2

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.2_sparc.deb
      Size/MD5:   831058 158b90fe780e29e6618cf4b7f9f96bc8
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.2_sparc.deb
      Size/MD5:  1307028 b1c14bf29a7622ac3844c68a652bf21c
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.2_sparc.deb
      Size/MD5: 20031538 f2778deea8ef14eb9b3e90f5ed97ab50
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.2_sparc.deb
      Size/MD5:  8241130 26c0145f1abb71b0a3ea5a89214df223

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2-0ubuntu18.2.diff.gz
      Size/MD5:   477706 5d236a3b69a4bae7b81d337e58a2c3fe
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2-0ubuntu18.2.dsc
      Size/MD5:     1609 0a27d1f21c1374d8abf8ea0dba0abf79
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2.orig.tar.gz
      Size/MD5: 18775353 00c878d449522fb8aa2769a4c5ae1fde

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.2-0ubuntu18.2_all.deb
      Size/MD5:  7083858 f74b97726f683b5eca3798bd8f7ae2a1
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.5.2-0ubuntu18.2_all.deb
      Size/MD5: 41496444 87e2fc31c4dd95cd7d87aeee51dec330
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2-0ubuntu18.2_all.deb
      Size/MD5:    35748 636e14773798c30ddf4c0a87b3d5cd39

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.2_amd64.deb
      Size/MD5:   925624 1ba9b88fc6456c6dac97693532412fde
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.2_amd64.deb
      Size/MD5: 26451886 2eaed22c02f68909ebe219629a774dc6
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.2_amd64.deb
      Size/MD5:  1355626 1458250a60303a07ad551ce343ae23ec
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.2_amd64.deb
      Size/MD5:  9406898 7f952f591c7345216bfc0bb42277875d

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.2_i386.deb
      Size/MD5:   814970 cc6ae65176411013a8dea78a77151e25
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.2_i386.deb
      Size/MD5: 22925204 60d4c71b837e82da16d2b1ad75cbf628
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.2_i386.deb
      Size/MD5:  1352256 1ceee31122ff0fe680fbdbebbd6c8ced
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.2_i386.deb
      Size/MD5:  8334452 427cd25652287fc52ba2bdbd028c2f33

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.2_powerpc.deb
      Size/MD5:   905950 4b29acb4cc1a8fb52ff9bb7b3715b0d3
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.2_powerpc.deb
      Size/MD5: 26718664 f92f6f62ab9b9bbd0da8cb649dbeb132
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.2_powerpc.deb
      Size/MD5:  1356968 a6e62679f09dbafa54137204af905494
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.2_powerpc.deb
      Size/MD5:  8689506 0b3b6f533712eb6a8143827d2b01b015

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.2_sparc.deb
      Size/MD5:   827096 17f46503797d14c6be17c7fd890ac843
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.2_sparc.deb
      Size/MD5: 23623320 36aefb75ec36a60d3308392842556130
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.2_sparc.deb
      Size/MD5:  1353298 9627c92acea5abc671668d0b5ecfd744
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.2_sparc.deb
      Size/MD5:  8491558 dd2fe11d276e78bb16bd42bc34452c20

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.5-0ubuntu3.1.diff.gz
      Size/MD5:   734200 8d5db0d6c6070468a32841b75a9e0d83
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.5-0ubuntu3.1.dsc
      Size/MD5:     1691 7a23f4f003e66e4a4fb90f620a0de347
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.5.orig.tar.gz
      Size/MD5: 18926397 65e455d5814142ee992097230ffe7e80

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.5-0ubuntu3.1_all.deb
      Size/MD5:  7210528 1e62a8249a44e98da5ba24c1eaa1d4f0
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.5.5-0ubuntu3.1_all.deb
      Size/MD5: 39981890 5469fd4b98d68f0e01ddb4bd5ba7d904
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.5-0ubuntu3.1_all.deb
      Size/MD5:    37742 2b1ebdb5648cbd390ecd1fa8d6b2d7e4

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.5-0ubuntu3.1_amd64.deb
      Size/MD5: 27050664 b7884e4a85307416811f755e2ed967aa
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.5-0ubuntu3.1_amd64.deb
      Size/MD5:  1345432 c2cd5e2b9433e629ae366965b47c30c6
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.5-0ubuntu3.1_amd64.deb
      Size/MD5: 10401586 f02e2f09dfd27d09f2a00daaaa6a7969

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.5-0ubuntu3.1_i386.deb
      Size/MD5: 26229446 ae021c2a0a95f237a934962a39e13821
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.5-0ubuntu3.1_i386.deb
      Size/MD5:  1343076 5e46eaa9d38a6876671efd18ac052ef5
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.5-0ubuntu3.1_i386.deb
      Size/MD5:  9555316 4573d9f461ff2a441a13ac744e8f27e5

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.5-0ubuntu3.1_powerpc.deb
      Size/MD5: 28018226 74bc9b1b1e11817b33e3027213462fa0
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.5-0ubuntu3.1_powerpc.deb
      Size/MD5:  1347170 df48d8bc10826c2805d607f4d52eb738
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.5-0ubuntu3.1_powerpc.deb
      Size/MD5:  9782346 4d5986ecf7ace1bd5bf275d101f98e03

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.5-0ubuntu3.1_sparc.deb
      Size/MD5: 25362410 e80c7336df062cac6690d745d91730fc
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.5-0ubuntu3.1_sparc.deb
      Size/MD5:  1343134 cc62c0d393cacc36a552c304cee9b2a1
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.5-0ubuntu3.1_sparc.deb
      Size/MD5:  9473018 dfff27cb2bcb323d51d4b16e11453d49


Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ