lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20091211025450.GN26756@severus.strandboge.com>
Date: Thu, 10 Dec 2009 20:54:50 -0600
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-871-2] KDE 4 vulnerabilities

===========================================================
Ubuntu Security Notice USN-871-2          December 11, 2009
kde4libs vulnerabilities
https://launchpad.net/bugs/495301
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.10:
  kdelibs5                        4:4.1.4-0ubuntu1~intrepid1.5

Ubuntu 9.04:
  kdelibs5                        4:4.2.2-0ubuntu5.4

Ubuntu 9.10:
  kdelibs5                        4:4.3.2-0ubuntu7.2

After a standard system upgrade you need to restart your session to effect
the necessary changes.

Details follow:

USN-871-1 fixed vulnerabilities in KDE. This update provides the
corresponding updates for KDE 4.

This update also fixes a directory traversal flaw in KDE when processing
help:// URLs. This issue only affected Ubuntu 8.10.

Original advisory details:

 It was discovered that the KDE libraries could use KHTML to process an
 unknown MIME type. If a user or application linked against kdelibs were
 tricked into opening a crafted file, an attacker could potentially trigger
 XMLHTTPRequests to remote sites.


Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kde4libs_4.1.4-0ubuntu1~intrepid1.5.diff.gz
      Size/MD5:    95977 d9bc80da0287e4a27cb968420d892d4b
    http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kde4libs_4.1.4-0ubuntu1~intrepid1.5.dsc
      Size/MD5:     2308 89059af41fd455cd8591eab8df0b8ce6
    http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kde4libs_4.1.4.orig.tar.gz
      Size/MD5: 11190299 18264580c1d6d978a3049a13fda36f29

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-data_4.1.4-0ubuntu1~intrepid1.5_all.deb
      Size/MD5:  3110960 e0b7e12e3bebb6619a000970ea535e97
    http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-doc_4.1.4-0ubuntu1~intrepid1.5_all.deb
      Size/MD5:    69202 2d65a7f3af2064f0071fe7f41235c6df

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs-bin_4.1.4-0ubuntu1~intrepid1.5_amd64.deb
      Size/MD5:   395822 33edd1260233852ffc6c5d13de54d32c
    http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dbg_4.1.4-0ubuntu1~intrepid1.5_amd64.deb
      Size/MD5: 66056004 8bc845533fc9a3ab78b3dd17ea5c7a37
    http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dev_4.1.4-0ubuntu1~intrepid1.5_amd64.deb
      Size/MD5:  1441140 ef9268b6681c6787d2dbb17924b58a79
    http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5_4.1.4-0ubuntu1~intrepid1.5_amd64.deb
      Size/MD5: 10103862 f388998bf382659d49a9677679d67dcc

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs-bin_4.1.4-0ubuntu1~intrepid1.5_i386.deb
      Size/MD5:   371990 a1835282af9ddb9229117d34c1bef931
    http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dbg_4.1.4-0ubuntu1~intrepid1.5_i386.deb
      Size/MD5: 65218556 73c538baa8a8101fca781ccc66d124bf
    http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dev_4.1.4-0ubuntu1~intrepid1.5_i386.deb
      Size/MD5:  1438690 6c5878c932b90f837183c7f496412f24
    http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5_4.1.4-0ubuntu1~intrepid1.5_i386.deb
      Size/MD5:  9523396 d3e663ccdcc52a1dd7dda5efbc64cda7

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs-bin_4.1.4-0ubuntu1~intrepid1.5_lpia.deb
      Size/MD5:   376790 97518d066616d2fbf6b89cfe75e6d117
    http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dbg_4.1.4-0ubuntu1~intrepid1.5_lpia.deb
      Size/MD5: 65334088 1e2c5b4df8f5c91bbc4f92ebe7801375
    http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dev_4.1.4-0ubuntu1~intrepid1.5_lpia.deb
      Size/MD5:  1441160 bf293d1061e06e79403863f55a33b9d4
    http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5_4.1.4-0ubuntu1~intrepid1.5_lpia.deb
      Size/MD5:  9535686 3a180768df11832e5cef0405c7ace583

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs-bin_4.1.4-0ubuntu1~intrepid1.5_powerpc.deb
      Size/MD5:   423238 bd3e80909eda46558e4b276739973fc9
    http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dbg_4.1.4-0ubuntu1~intrepid1.5_powerpc.deb
      Size/MD5: 69280176 c9775805d6a90568449e5df0055c8d68
    http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dev_4.1.4-0ubuntu1~intrepid1.5_powerpc.deb
      Size/MD5:  1446080 7f9a904fd5e138a90ebb24ec9762c0cf
    http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5_4.1.4-0ubuntu1~intrepid1.5_powerpc.deb
      Size/MD5: 10238640 2ca68c998ef5001b56599eeead4285bf

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs-bin_4.1.4-0ubuntu1~intrepid1.5_sparc.deb
      Size/MD5:   381628 e4c66e47382390f9b18e7fc8a2d70fc2
    http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dbg_4.1.4-0ubuntu1~intrepid1.5_sparc.deb
      Size/MD5: 64525262 3e892b50f4eee4cb61eefda24e7a9612
    http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dev_4.1.4-0ubuntu1~intrepid1.5_sparc.deb
      Size/MD5:  1438444 3b02a43b55ee9c18921cf4dd704ba8cd
    http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5_4.1.4-0ubuntu1~intrepid1.5_sparc.deb
      Size/MD5:  9653902 f9bd9be7d0c97c9fc492eb271d78a2b6

Updated packages for Ubuntu 9.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kde4libs_4.2.2-0ubuntu5.4.diff.gz
      Size/MD5:   104020 32d0f05b8444a746a0edd41349c160c2
    http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kde4libs_4.2.2-0ubuntu5.4.dsc
      Size/MD5:     2305 ec9eb15c47913f5ec148ffddca904315
    http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kde4libs_4.2.2.orig.tar.gz
      Size/MD5: 12335659 83d6a0d59e79873bbe0a5a90ef23f27e

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-data_4.2.2-0ubuntu5.4_all.deb
      Size/MD5:  1989926 dd442e1cf759169409634e0a55f7bbe8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs-bin_4.2.2-0ubuntu5.4_amd64.deb
      Size/MD5:   281654 85c7bf34df6d9129f5c295e05adae9a4
    http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dbg_4.2.2-0ubuntu5.4_amd64.deb
      Size/MD5: 44154854 ee9068a0c87001d9ec9d3d90ca2ca3da
    http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dev_4.2.2-0ubuntu5.4_amd64.deb
      Size/MD5:  1091202 c1430eb8a84e68e5034c0d97f3ec51f4
    http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5_4.2.2-0ubuntu5.4_amd64.deb
      Size/MD5:  7071844 e1ca3960e074100bf58fd89654103ee5
    http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/libplasma-dev_4.2.2-0ubuntu5.4_amd64.deb
      Size/MD5:   102524 2bbebb2f95726d931579aca0739a62c6
    http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/libplasma3_4.2.2-0ubuntu5.4_amd64.deb
      Size/MD5:   610934 8b5c132c776faf2a029f34c4b30cd656

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs-bin_4.2.2-0ubuntu5.4_i386.deb
      Size/MD5:   269104 c4612880c098d4647d13926496adefb9
    http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dbg_4.2.2-0ubuntu5.4_i386.deb
      Size/MD5: 43460726 c7f1491f2fcf451564a2312069dbde92
    http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dev_4.2.2-0ubuntu5.4_i386.deb
      Size/MD5:  1090342 e56a2b8b8daeee653f55baa14be73284
    http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5_4.2.2-0ubuntu5.4_i386.deb
      Size/MD5:  6778280 07b3fa6ce24c085424d102eda7261969
    http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/libplasma-dev_4.2.2-0ubuntu5.4_i386.deb
      Size/MD5:   127322 4ebcee74931d57bcb56b05fc270fde3d
    http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/libplasma3_4.2.2-0ubuntu5.4_i386.deb
      Size/MD5:   567162 9f72ead2cee64f5a3de3917792ab4c0f

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs-bin_4.2.2-0ubuntu5.4_lpia.deb
      Size/MD5:   275580 1d5da4de19d017fcfa79a4056c17ae01
    http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dbg_4.2.2-0ubuntu5.4_lpia.deb
      Size/MD5: 43587848 e94aed2b623e0463ef192e3ff19d6d44
    http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dev_4.2.2-0ubuntu5.4_lpia.deb
      Size/MD5:  1092682 d040dc4b0718f148dfc93d81a6ef1454
    http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5_4.2.2-0ubuntu5.4_lpia.deb
      Size/MD5:  6850706 8f0adbd06a0847da5a2d15cfad4c257c
    http://ports.ubuntu.com/pool/main/k/kde4libs/libplasma-dev_4.2.2-0ubuntu5.4_lpia.deb
      Size/MD5:   102486 239d38e7ee3443c3fdfaff5db8ae2eb9
    http://ports.ubuntu.com/pool/main/k/kde4libs/libplasma3_4.2.2-0ubuntu5.4_lpia.deb
      Size/MD5:   600146 89db6cb42b9c9a2a43a214205173467c

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs-bin_4.2.2-0ubuntu5.4_powerpc.deb
      Size/MD5:   269884 2d1ab31ad761746d55b508fdf9020b03
    http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dbg_4.2.2-0ubuntu5.4_powerpc.deb
      Size/MD5: 43126080 4e40874d089491ab0ad0a6f78dd6fd4d
    http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dev_4.2.2-0ubuntu5.4_powerpc.deb
      Size/MD5:  1089852 50f1e895cf308de02e736bbf4ade19c1
    http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5_4.2.2-0ubuntu5.4_powerpc.deb
      Size/MD5:  6203800 ccee8ec8a8c1da20a3fc50870d454b61
    http://ports.ubuntu.com/pool/main/k/kde4libs/libplasma-dev_4.2.2-0ubuntu5.4_powerpc.deb
      Size/MD5:   102474 69bde557a52136bbc666fc39550030b5
    http://ports.ubuntu.com/pool/main/k/kde4libs/libplasma3_4.2.2-0ubuntu5.4_powerpc.deb
      Size/MD5:   555434 4253e3224b0eddab9fd85357b8771756

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs-bin_4.2.2-0ubuntu5.4_sparc.deb
      Size/MD5:   250250 7eb83ed7165eb32e59cdd191046c39df
    http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dbg_4.2.2-0ubuntu5.4_sparc.deb
      Size/MD5: 40333438 5dc7af31143fceabcbf3d49929aed2e4
    http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dev_4.2.2-0ubuntu5.4_sparc.deb
      Size/MD5:  1086248 3cd8c1c642149f35a6b04804664b5e1f
    http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5_4.2.2-0ubuntu5.4_sparc.deb
      Size/MD5:  5932388 5a59b3b9df837d93f5ae3ddd59870631
    http://ports.ubuntu.com/pool/main/k/kde4libs/libplasma-dev_4.2.2-0ubuntu5.4_sparc.deb
      Size/MD5:   102446 2d843ca6ed093eb1641e7e2f5f421ffe
    http://ports.ubuntu.com/pool/main/k/kde4libs/libplasma3_4.2.2-0ubuntu5.4_sparc.deb
      Size/MD5:   530794 b0b5583c144ed90a855ac9a0b6643f74

Updated packages for Ubuntu 9.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kde4libs_4.3.2-0ubuntu7.2.diff.gz
      Size/MD5:   160839 c594eccef7c8ceabff20a8b5bb8da6b0
    http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kde4libs_4.3.2-0ubuntu7.2.dsc
      Size/MD5:     2301 7e7ce51359cf82ec23188479bd81f34f
    http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kde4libs_4.3.2.orig.tar.gz
      Size/MD5: 12961029 076c304e8829229e1f1a5ef8eecda34d

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-data_4.3.2-0ubuntu7.2_all.deb
      Size/MD5:  2501328 635e74cea648a785eaca9d5ac7b7a8bf

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs-bin_4.3.2-0ubuntu7.2_amd64.deb
      Size/MD5:   236080 ee88e1d5afe4da918c8e362b263ca355
    http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dbg_4.3.2-0ubuntu7.2_amd64.deb
      Size/MD5: 47641692 4502ce2a9d687622a6fe0bfef406f1c6
    http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dev_4.3.2-0ubuntu7.2_amd64.deb
      Size/MD5:  1162282 63050bae7403fb0ba6b7e34d686ecac7
    http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5_4.3.2-0ubuntu7.2_amd64.deb
      Size/MD5:  7276964 d901a84198c938147eb97e364c8a4e7c
    http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/libplasma3_4.3.2-0ubuntu7.2_amd64.deb
      Size/MD5:   657864 1a124d132ca09637458657de0f61a68f

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs-bin_4.3.2-0ubuntu7.2_i386.deb
      Size/MD5:   227420 bb3a9991d63988035414bdb8d2d195db
    http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dbg_4.3.2-0ubuntu7.2_i386.deb
      Size/MD5: 47142396 6950b2c99d61bfa71599020eb223aba7
    http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5-dev_4.3.2-0ubuntu7.2_i386.deb
      Size/MD5:  1161550 829a35f9f7637176d9a4a74923d27cdb
    http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/kdelibs5_4.3.2-0ubuntu7.2_i386.deb
      Size/MD5:  7019572 3c4af34e1fc523ace73a2aa7a53048ef
    http://security.ubuntu.com/ubuntu/pool/main/k/kde4libs/libplasma3_4.3.2-0ubuntu7.2_i386.deb
      Size/MD5:   608938 2b44f507a4ba29aa8d8de059d2674921

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs-bin_4.3.2-0ubuntu7.2_lpia.deb
      Size/MD5:   234518 6edda7121cb4e64320eccfbf0ee37d79
    http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dbg_4.3.2-0ubuntu7.2_lpia.deb
      Size/MD5: 47232510 0fedbdd6ec510ac83e9fb6cc59f5293a
    http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dev_4.3.2-0ubuntu7.2_lpia.deb
      Size/MD5:  1163720 66d8939b2a848dd113390438996d31c5
    http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5_4.3.2-0ubuntu7.2_lpia.deb
      Size/MD5:  7163048 0f84dc555132acf0d40f8310a7260c8c
    http://ports.ubuntu.com/pool/main/k/kde4libs/libplasma3_4.3.2-0ubuntu7.2_lpia.deb
      Size/MD5:   653692 bed649a879d2a387406f91284c27dc94

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs-bin_4.3.2-0ubuntu7.2_powerpc.deb
      Size/MD5:   217718 2951df67e37de8dff2380eab9e946b0d
    http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dbg_4.3.2-0ubuntu7.2_powerpc.deb
      Size/MD5: 47000996 1eabf7a08da76c26a4981fdb2b039007
    http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dev_4.3.2-0ubuntu7.2_powerpc.deb
      Size/MD5:  1158764 96a4bdf2699880369d39b8f12fefeb5c
    http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5_4.3.2-0ubuntu7.2_powerpc.deb
      Size/MD5:  6387572 fea74e2bbe2137a7bed4938649612bca
    http://ports.ubuntu.com/pool/main/k/kde4libs/libplasma3_4.3.2-0ubuntu7.2_powerpc.deb
      Size/MD5:   599074 193adda0adb27083c3643568bb560ea4

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs-bin_4.3.2-0ubuntu7.2_sparc.deb
      Size/MD5:   217164 8a2cc000d2afa3daf4745cc9710c1391
    http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dbg_4.3.2-0ubuntu7.2_sparc.deb
      Size/MD5: 43663358 d58f044f914a89c78f5388e70fdc856c
    http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5-dev_4.3.2-0ubuntu7.2_sparc.deb
      Size/MD5:  1157850 acaef9c86335bedc7133860129de2579
    http://ports.ubuntu.com/pool/main/k/kde4libs/kdelibs5_4.3.2-0ubuntu7.2_sparc.deb
      Size/MD5:  6202126 4b1d5c0a92b9a2ab8368d4f649d80bb0
    http://ports.ubuntu.com/pool/main/k/kde4libs/libplasma3_4.3.2-0ubuntu7.2_sparc.deb
      Size/MD5:   572642 48ab7fa1e805f94334adcf212f86c6f6



Download attachment "signature.asc" of type "application/pgp-signature" (198 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ