lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1HYuYn-0002s2-6S@artemis.annvix.ca>
Date: Tue, 03 Apr 2007 19:45:17 -0600
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDKSA-2007:076 ] - Updated kdelibs packages to
	address UTF8 issue in KJS


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:076
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : kdelibs
 Date    : April 3, 2007
 Affected: 2007.0, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 A bug was discovered in KJS where UTF8 decoding did not reject
 overlong sequences.  This vulnerability is similar to that discovered
 by Andreas Nolden in QT3 and QT4, but at this current time there is
 no known exploit for this issue.
 
 Updated packages have been patched to address this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0242
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 0aa169f71ee453bfae98225220c331cc  2007.0/i586/kdelibs-common-3.5.4-19.5mdv2007.0.i586.rpm
 540a3bc9d82874b836b30a6948ef3bc9  2007.0/i586/kdelibs-devel-doc-3.5.4-19.5mdv2007.0.i586.rpm
 825e626133ee2026b57a734d4afa8b44  2007.0/i586/libkdecore4-3.5.4-19.5mdv2007.0.i586.rpm
 506795606555cd7ece65961e2a9b2b3a  2007.0/i586/libkdecore4-devel-3.5.4-19.5mdv2007.0.i586.rpm 
 75268625fe932b3031f10b431263c4a2  2007.0/SRPMS/kdelibs-3.5.4-19.5mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 1e3ce972420dfd5fa9f59f7488aad8ec  2007.0/x86_64/kdelibs-common-3.5.4-19.5mdv2007.0.x86_64.rpm
 5dd0d9118284bed00433f49758507199  2007.0/x86_64/kdelibs-devel-doc-3.5.4-19.5mdv2007.0.x86_64.rpm
 59e713d7e771adc76c681a748661f7df  2007.0/x86_64/lib64kdecore4-3.5.4-19.5mdv2007.0.x86_64.rpm
 0c927e5eeaf866777896e3931dbdc8a1  2007.0/x86_64/lib64kdecore4-devel-3.5.4-19.5mdv2007.0.x86_64.rpm 
 75268625fe932b3031f10b431263c4a2  2007.0/SRPMS/kdelibs-3.5.4-19.5mdv2007.0.src.rpm

 Corporate 3.0:
 f770e85fb181f424d3540f59c9fc1bd9  corporate/3.0/i586/kdelibs-common-3.2-36.19.C30mdk.i586.rpm
 38bd33a2679b4b5674e066873bec271b  corporate/3.0/i586/libkdecore4-3.2-36.19.C30mdk.i586.rpm
 218a3e5b7b0878e5b311480058541471  corporate/3.0/i586/libkdecore4-devel-3.2-36.19.C30mdk.i586.rpm 
 19207b2c9f959c3ebbd5f79a56623019  corporate/3.0/SRPMS/kdelibs-3.2-36.19.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 e05e552edb1f2fdecc958b10d4dcd690  corporate/3.0/x86_64/kdelibs-common-3.2-36.19.C30mdk.x86_64.rpm
 4b745bb2df2bf4a27f8fc1a771a2ed69  corporate/3.0/x86_64/lib64kdecore4-3.2-36.19.C30mdk.x86_64.rpm
 52dee8f032dad49e3d7be1b1b2ec5e0d  corporate/3.0/x86_64/lib64kdecore4-devel-3.2-36.19.C30mdk.x86_64.rpm 
 19207b2c9f959c3ebbd5f79a56623019  corporate/3.0/SRPMS/kdelibs-3.2-36.19.C30mdk.src.rpm

 Corporate 4.0:
 5f5ef89ea729076d60807144b008ce8e  corporate/4.0/i586/kdelibs-arts-3.5.4-2.6.20060mlcs4.i586.rpm
 26b0905eb396fc655ddae0544d968b17  corporate/4.0/i586/kdelibs-common-3.5.4-2.6.20060mlcs4.i586.rpm
 30ecb24ea79e5a351e92e908db2f2041  corporate/4.0/i586/kdelibs-devel-doc-3.5.4-2.6.20060mlcs4.i586.rpm
 888dca62168338a4c2132aa65fca2194  corporate/4.0/i586/libkdecore4-3.5.4-2.6.20060mlcs4.i586.rpm
 cccd180b1203fbc89ffa829b4ede997b  corporate/4.0/i586/libkdecore4-devel-3.5.4-2.6.20060mlcs4.i586.rpm 
 9d916dfabd10de831d0d7e4bad1531e4  corporate/4.0/SRPMS/kdelibs-3.5.4-2.6.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 0f32189c5c8206c675d239041a259228  corporate/4.0/x86_64/kdelibs-arts-3.5.4-2.6.20060mlcs4.x86_64.rpm
 94ca6193db1cfeca24243e71189eecb9  corporate/4.0/x86_64/kdelibs-common-3.5.4-2.6.20060mlcs4.x86_64.rpm
 5cb2db298db9ce38e72f148807cbe57d  corporate/4.0/x86_64/kdelibs-devel-doc-3.5.4-2.6.20060mlcs4.x86_64.rpm
 347e22ee06124bd9be049d18d2a91963  corporate/4.0/x86_64/lib64kdecore4-3.5.4-2.6.20060mlcs4.x86_64.rpm
 e6a02d2d4981c8f4afefc3c95e8346b8  corporate/4.0/x86_64/lib64kdecore4-devel-3.5.4-2.6.20060mlcs4.x86_64.rpm 
 9d916dfabd10de831d0d7e4bad1531e4  corporate/4.0/SRPMS/kdelibs-3.5.4-2.6.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGEtfEmqjQ0CJFipgRAg+JAJ94gIRpk7Gda9aourGg32e6qE6wVACgr3AK
VKq+8OMccmSaPwPYFb8kGWs=
=2T7U
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ