[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20091211022940.GM26756@severus.strandboge.com>
Date: Thu, 10 Dec 2009 20:29:40 -0600
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-871-1] KDE vulnerability
===========================================================
Ubuntu Security Notice USN-871-1 December 11, 2009
kdelibs vulnerability
CVE-2009-0689
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.04 LTS:
kdelibs4c2a 4:3.5.10-0ubuntu1~hardy1.5
Ubuntu 8.10:
kdelibs4c2a 4:3.5.10-0ubuntu6.4
Ubuntu 9.04:
kdelibs4c2a 4:3.5.10.dfsg.1-1ubuntu8.4
Ubuntu 9.10:
kdelibs4c2a 4:3.5.10.dfsg.1-2ubuntu7.2
After a standard system upgrade you need to restart your session to effect
the necessary changes.
Details follow:
A buffer overflow was found in the KDE libraries when converting a string
to a floating point number. If a user or application linked against kdelibs
were tricked into processing crafted input, an attacker could cause a
denial of service (via application crash) or possibly execute arbitrary
code with the privileges of the user invoking the program. (CVE-2009-0689)
It was discovered that the KDE libraries could use KHTML to process an
unknown MIME type. If a user or application linked against kdelibs were
tricked into opening a crafted file, an attacker could potentially trigger
XMLHTTPRequests to remote sites.
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10-0ubuntu1~hardy1.5.diff.gz
Size/MD5: 1793748 3693849d1a4409e8c03f0fde6da39fa5
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10-0ubuntu1~hardy1.5.dsc
Size/MD5: 1729 0e528a7564f8d3404a3bcaa28538cb2e
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.orig.tar.gz
Size/MD5: 18631467 5eeb6f132e386668a0395d4d426d495e
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.10-0ubuntu1~hardy1.5_all.deb
Size/MD5: 7326504 bbc8884536fab2b5af1c3cdb15abc148
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.5.10-0ubuntu1~hardy1.5_all.deb
Size/MD5: 25454866 2d1266776d28be0be2a314539f3ee38e
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10-0ubuntu1~hardy1.5_all.deb
Size/MD5: 9328 bde1f5045141764729947822eb7749f7
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu1~hardy1.5_amd64.deb
Size/MD5: 26758230 0ef2dcb722666b05bbe26b550160c22f
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu1~hardy1.5_amd64.deb
Size/MD5: 1381590 774d2cd314be51e30660b84ac5565483
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu1~hardy1.5_amd64.deb
Size/MD5: 10657036 02cf55ef3d63c2789dcfcf351f3fe787
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu1~hardy1.5_i386.deb
Size/MD5: 25992402 cc525f04d9032e40c9d7f41503cad38f
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu1~hardy1.5_i386.deb
Size/MD5: 1411164 e01ab41b8e22e5f012055b6dfc8f9b19
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu1~hardy1.5_i386.deb
Size/MD5: 9615022 b31148854fde22f5f588920fb7266e55
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu1~hardy1.5_lpia.deb
Size/MD5: 25971380 581ef5985071d294f3663ebc4943ca8a
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu1~hardy1.5_lpia.deb
Size/MD5: 1375934 5a64f795039d022fa270e2b9db4ddb16
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu1~hardy1.5_lpia.deb
Size/MD5: 9642908 1d5304980f9eb82c9972d96eb2bc27a1
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu1~hardy1.5_powerpc.deb
Size/MD5: 27656998 81cc9e5a1758604597aac298701d86c0
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu1~hardy1.5_powerpc.deb
Size/MD5: 1393476 7bceb13671cc7b26d66ce06c281f2cbe
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu1~hardy1.5_powerpc.deb
Size/MD5: 10453790 2303cad503f7bd4f395be4cceee697f5
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu1~hardy1.5_sparc.deb
Size/MD5: 25025950 28bb225b11e2e9b312d0f47beddcca90
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu1~hardy1.5_sparc.deb
Size/MD5: 1376534 c874a22da1260dcc046a68d7c8bbef82
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu1~hardy1.5_sparc.deb
Size/MD5: 9596634 a697b75916b628d1547ca9e562712b7e
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10-0ubuntu6.4.diff.gz
Size/MD5: 726583 2bae45140ba24ccfe427d1000d2cb937
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10-0ubuntu6.4.dsc
Size/MD5: 2284 cd10eb858af120c2420b6045e0db2663
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.orig.tar.gz
Size/MD5: 18631467 5eeb6f132e386668a0395d4d426d495e
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.10-0ubuntu6.4_all.deb
Size/MD5: 7321288 0ef5e6ac303bd55dbc1a62ef5b12154f
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.5.10-0ubuntu6.4_all.deb
Size/MD5: 25523888 0df6ca0a7ae1e6cc761f60f190716592
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10-0ubuntu6.4_all.deb
Size/MD5: 2272 0648e9f4672cff0f6b1a2bde0929b8a6
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu6.4_amd64.deb
Size/MD5: 27375756 7464f9546f17461652d67b1b751ef962
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu6.4_amd64.deb
Size/MD5: 1371454 ef8f62dcdf6d6dbb6eaae0447d8cec41
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu6.4_amd64.deb
Size/MD5: 10930426 168e4c76f3804807b73a3f7c4eee432a
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu6.4_i386.deb
Size/MD5: 26665714 0e89f87ee569198c85ea7343892e2cb1
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu6.4_i386.deb
Size/MD5: 1405518 3422db629fbcc2f431610f9cdfc56598
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu6.4_i386.deb
Size/MD5: 10143624 6d58c8fb72e17a0c5c2d12849e7d97d8
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu6.4_lpia.deb
Size/MD5: 26675144 f5e947abceb595d9b8b6077468b4f11f
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu6.4_lpia.deb
Size/MD5: 1368234 719a1f05b6f3af1a5cedf2caaa4849f0
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu6.4_lpia.deb
Size/MD5: 10141624 c1410ee0b8dd09532a0d444a09d30bf0
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu6.4_powerpc.deb
Size/MD5: 28218158 76503bc8d7c7c8e57b7288a6bd91f9c8
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu6.4_powerpc.deb
Size/MD5: 1380874 9a11e892f2c0027c245254844e0a915c
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu6.4_powerpc.deb
Size/MD5: 10749232 c366111b06394b4a869e56a5200a88be
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu6.4_sparc.deb
Size/MD5: 25441392 307c87143d2a6a11ece50acc5b40291e
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu6.4_sparc.deb
Size/MD5: 1368498 6152dbe3fc1c231b7390d8e00e79fd4a
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu6.4_sparc.deb
Size/MD5: 9801840 d8e14b90ff8453d49504d9cfcef41280
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-1ubuntu8.4.diff.gz
Size/MD5: 730213 b24ca20a24db817de9901c61f70e90b3
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-1ubuntu8.4.dsc
Size/MD5: 2342 ccc0ee94d16a854ef9d6930abb8379d5
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.dfsg.1.orig.tar.gz
Size/MD5: 18639393 4bcfee29b0f939415791f5032a72e7b0
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.10.dfsg.1-1ubuntu8.4_all.deb
Size/MD5: 6752210 11c8744d3bb2ca49bf0aad89092e926e
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-1ubuntu8.4_all.deb
Size/MD5: 2270 110eef16875f571661c553d295ffc7e5
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-1ubuntu8.4_amd64.deb
Size/MD5: 27110360 f91c2909a3c32e4c8b6ff7ec5f762788
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-1ubuntu8.4_amd64.deb
Size/MD5: 1360062 cb7e2ede68c5fa431ff6b3213f0d6c64
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-1ubuntu8.4_amd64.deb
Size/MD5: 10783134 25f15bf8d2957c6e4b59fa36aab7f9e2
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-1ubuntu8.4_i386.deb
Size/MD5: 26383054 9d18f9c1a6c38b95334483cb107c157f
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-1ubuntu8.4_i386.deb
Size/MD5: 1395328 cf787836d0618dc9ece201e145f6c629
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-1ubuntu8.4_i386.deb
Size/MD5: 10006430 74959eea23ce24afef3241d43b2d2118
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-1ubuntu8.4_lpia.deb
Size/MD5: 26385634 308c2ca36d90433724e1f4046089c00b
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-1ubuntu8.4_lpia.deb
Size/MD5: 1356866 32ad3654f7ff480e661b1706252eeb4b
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-1ubuntu8.4_lpia.deb
Size/MD5: 10020864 cfea875c3e64396258bb94a81f1bb9dd
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-1ubuntu8.4_powerpc.deb
Size/MD5: 27928798 264933dc950a1c7de4a8a27d14a7e655
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-1ubuntu8.4_powerpc.deb
Size/MD5: 1369318 b034946f6860d913ef05429cecefa4e4
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-1ubuntu8.4_powerpc.deb
Size/MD5: 10612072 3191cd83b4d762f1c1069f8e51bd082b
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-1ubuntu8.4_sparc.deb
Size/MD5: 25158852 e1db11cf38658b133ab5e16241ee5d56
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-1ubuntu8.4_sparc.deb
Size/MD5: 1356962 a7d5a18a02eec881f81bf6feb2a30554
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-1ubuntu8.4_sparc.deb
Size/MD5: 9663708 c2780bac10865f58b53d41b3eb2eccf1
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-2ubuntu7.2.diff.gz
Size/MD5: 886928 afddbeaeb9d7dd1b8805202629df7a3e
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-2ubuntu7.2.dsc
Size/MD5: 2342 3b49bfd2ffc8ab9e1240e08eafa47f1a
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.dfsg.1.orig.tar.gz
Size/MD5: 18639393 4bcfee29b0f939415791f5032a72e7b0
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.10.dfsg.1-2ubuntu7.2_all.deb
Size/MD5: 6674924 c19977e54488daad70814a047fee31bc
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-2ubuntu7.2_all.deb
Size/MD5: 2276 1679879f18cb57114249a5c7a6a57785
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-2ubuntu7.2_amd64.deb
Size/MD5: 26714644 de3e7b175853c728cb3265bae249e068
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-2ubuntu7.2_amd64.deb
Size/MD5: 1361224 8674d009a291bc7dc091f895462abcb6
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-2ubuntu7.2_amd64.deb
Size/MD5: 10869100 b5c3d047f60f339718b0be98105aaedc
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-2ubuntu7.2_i386.deb
Size/MD5: 26410466 6d89bd2826e44581aaaa697c1f212ef5
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-2ubuntu7.2_i386.deb
Size/MD5: 1398050 99a1a41ba7c4fcc0283f4556bb182d67
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-2ubuntu7.2_i386.deb
Size/MD5: 9948900 3074338fe0cf50e7314020e693ffdd3b
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-2ubuntu7.2_lpia.deb
Size/MD5: 26418164 1d671311fe4a96c27148374781b80d15
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-2ubuntu7.2_lpia.deb
Size/MD5: 1359634 8ff78351a0e470adc7ab2b61f307f999
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-2ubuntu7.2_lpia.deb
Size/MD5: 10020080 3b84bcd0e1f7e8273244b218f911206a
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-2ubuntu7.2_powerpc.deb
Size/MD5: 28194764 807f3facbd2458c480544c3a54ca6def
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-2ubuntu7.2_powerpc.deb
Size/MD5: 1360902 348faaa6840e245d05ba1c6c75b872e4
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-2ubuntu7.2_powerpc.deb
Size/MD5: 10386026 039018f17303abd138e68ae6c343054a
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-2ubuntu7.2_sparc.deb
Size/MD5: 25012234 381d91aef4d5c73a2c3c3f221ed74d7c
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-2ubuntu7.2_sparc.deb
Size/MD5: 1359422 755e788780d2216e16ee84a7c29ad170
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-2ubuntu7.2_sparc.deb
Size/MD5: 9781308 ae75ebaca64dba4fd804509a75a86b7e
Download attachment "signature.asc" of type "application/pgp-signature" (198 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists