lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1Na6QG-00033Q-Bb@titan.mandriva.com>
Date: Wed, 27 Jan 2010 12:51:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:027 ] kdelibs4


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:027
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : kdelibs4
 Date    : January 27, 2010
 Affected: 2009.1
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities was discovered and corrected in kdelibs4:
 
 KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a
 \'\0\' (NUL) character in a domain name in the Subject Alternative
 Name field of an X.509 certificate, which allows man-in-the-middle
 attackers to spoof arbitrary SSL servers via a crafted certificate
 issued by a legitimate Certification Authority, a related issue to
 CVE-2009-2408 (CVE-2009-2702).
 
 The JavaScript garbage collector in WebKit in Apple Safari before
 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1
 through 2.2.1 does not properly handle allocation failures, which
 allows remote attackers to execute arbitrary code or cause a denial
 of service (memory corruption and application crash) via a crafted
 HTML document that triggers write access to an offset of a NULL
 pointer. (CVE-2009-1687).
 
 WebKit in Apple Safari before 4.0.2, KHTML in kdelibs in KDE, QtWebKit
 (aka Qt toolkit), and possibly other products does not properly handle
 numeric character references, which allows remote attackers to execute
 arbitrary code or cause a denial of service (memory corruption and
 application crash) via a crafted HTML document (CVE-2009-1725).
 
 Use-after-free vulnerability in WebKit, as used in Apple Safari
 before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1
 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products,
 allows remote attackers to execute arbitrary code or cause a denial
 of service (memory corruption and application crash) by setting an
 unspecified property of an HTML tag that causes child elements to
 be freed and later accessed when an HTML error occurs, related to
 recursion in certain DOM event handlers. (CVE-2009-1690).
 
 WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1,
 and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a
 pointer during handling of a Cascading Style Sheets (CSS) attr function
 call with a large numerical argument, which allows remote attackers to
 execute arbitrary code or cause a denial of service (memory corruption
 and application crash) via a crafted HTML document (CVE-2009-1698).
 
 KDE Konqueror allows remote attackers to cause a denial of service
 (memory consumption) via a large integer value for the length property
 of a Select object, a related issue to CVE-2009-1692 (CVE-2009-2537).
 
 The gdtoa (aka new dtoa) implementation in gdtoa/misc.c in
 libc in FreeBSD 6.4 and 7.2, NetBSD 5.0, and OpenBSD 4.5 allows
 context-dependent attackers to cause a denial of service (application
 crash) or possibly have unspecified other impact via a large precision
 value in the format argument to a printf function, related to an
 array overrun. (CVE-2009-0689).
 
 WebKit, as used in Safari before 3.2.3 and 4 Public Beta, on Apple
 Mac OS X 10.4.11 and 10.5 before 10.5.7 and Windows allows remote
 attackers to execute arbitrary code via a crafted SVGList object that
 triggers memory corruption (CVE-2009-0945).
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2702
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1687
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1725
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1690
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1698
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2537
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0689
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0945
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.1:
 c08161eacba6cdb1b0ba26babe5f8cc5  2009.1/i586/kdelibs4-core-4.2.4-0.8mdv2009.1.i586.rpm
 933468cf4109252dac5119edd958f73d  2009.1/i586/kdelibs4-devel-4.2.4-0.8mdv2009.1.i586.rpm
 96703a0ef0baf299647ff27d64cb0680  2009.1/i586/libkde3support4-4.2.4-0.8mdv2009.1.i586.rpm
 e5f60ba41e5919fa77c313b204e1f712  2009.1/i586/libkdecore5-4.2.4-0.8mdv2009.1.i586.rpm
 cf8af6e467cd1585c44e1cce01362526  2009.1/i586/libkdefakes5-4.2.4-0.8mdv2009.1.i586.rpm
 1c9c04b5f6c0c59d2e5860b077e0c6e3  2009.1/i586/libkdesu5-4.2.4-0.8mdv2009.1.i586.rpm
 89fe7c33c7e5bcc23595560ae4664bf6  2009.1/i586/libkdeui5-4.2.4-0.8mdv2009.1.i586.rpm
 30b73ef58ac3a45ff86756ad09d0d555  2009.1/i586/libkdnssd4-4.2.4-0.8mdv2009.1.i586.rpm
 a1f00af00ea7e52d9f187f1fe5ccdfe2  2009.1/i586/libkfile4-4.2.4-0.8mdv2009.1.i586.rpm
 553486988b945307ee038cb41dcb76e6  2009.1/i586/libkhtml5-4.2.4-0.8mdv2009.1.i586.rpm
 9d9501ff70e709c5ea32b35aa985688a  2009.1/i586/libkimproxy4-4.2.4-0.8mdv2009.1.i586.rpm
 a2ec3f440eb6cf545abbc63a3d34c1e5  2009.1/i586/libkio5-4.2.4-0.8mdv2009.1.i586.rpm
 4168e955b60a5a69d8f1e085b30d0424  2009.1/i586/libkjs4-4.2.4-0.8mdv2009.1.i586.rpm
 bfcece9c73348c6415c48ec266877908  2009.1/i586/libkjsapi4-4.2.4-0.8mdv2009.1.i586.rpm
 228ca7dc2a86fdc868a5937b16a7a08c  2009.1/i586/libkjsembed4-4.2.4-0.8mdv2009.1.i586.rpm
 f6297ae0630eb6207895df9f2f971eb6  2009.1/i586/libkmediaplayer4-4.2.4-0.8mdv2009.1.i586.rpm
 cf6113c17858d5e6e3c0e04622f8a66c  2009.1/i586/libknewstuff2_4-4.2.4-0.8mdv2009.1.i586.rpm
 da55a2f428ad020834f7b91c0023ecf6  2009.1/i586/libknotifyconfig4-4.2.4-0.8mdv2009.1.i586.rpm
 9fef466138ff78a3d6d3244998a9ba30  2009.1/i586/libkntlm4-4.2.4-0.8mdv2009.1.i586.rpm
 4f7c0ad254ec1990f5dab1c0b959629d  2009.1/i586/libkparts4-4.2.4-0.8mdv2009.1.i586.rpm
 8c58d6a9a6ec7fc21f287b2f4c2e9858  2009.1/i586/libkpty4-4.2.4-0.8mdv2009.1.i586.rpm
 8ed500d050b95560d7eff6db26fa05ee  2009.1/i586/libkrosscore4-4.2.4-0.8mdv2009.1.i586.rpm
 2d8d12d8a7bbfe18f6b04b9807795077  2009.1/i586/libkrossui4-4.2.4-0.8mdv2009.1.i586.rpm
 8cc5c226e381b122983440b3440c1476  2009.1/i586/libktexteditor4-4.2.4-0.8mdv2009.1.i586.rpm
 3c53941130fb8cc6d12b8cdea488f536  2009.1/i586/libkunittest4-4.2.4-0.8mdv2009.1.i586.rpm
 3996bfcff0b2465c39c6ccdb8367f401  2009.1/i586/libkutils4-4.2.4-0.8mdv2009.1.i586.rpm
 129a26ab20c792994113b5db00b7f7c4  2009.1/i586/libnepomuk4-4.2.4-0.8mdv2009.1.i586.rpm
 0b88090e1cba0db59a3fb85c34e6b726  2009.1/i586/libplasma3-4.2.4-0.8mdv2009.1.i586.rpm
 79b484a6c8e20db156fbe130c81e2001  2009.1/i586/libsolid4-4.2.4-0.8mdv2009.1.i586.rpm
 ddd09e03af15f421b2e38b6f06c0247a  2009.1/i586/libthreadweaver4-4.2.4-0.8mdv2009.1.i586.rpm 
 fe70dc01416cc986d1e19c15a0b5cfa7  2009.1/SRPMS/kdelibs4-4.2.4-0.8mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 89f77418ccda86b51c7d32d011e88e9b  2009.1/x86_64/kdelibs4-core-4.2.4-0.8mdv2009.1.x86_64.rpm
 d0b009e595350648b12cca1ee094802e  2009.1/x86_64/kdelibs4-devel-4.2.4-0.8mdv2009.1.x86_64.rpm
 03db494c356e0b0823ddf697d42c0f50  2009.1/x86_64/lib64kde3support4-4.2.4-0.8mdv2009.1.x86_64.rpm
 6d98531ba95a096fd49801f7df452776  2009.1/x86_64/lib64kdecore5-4.2.4-0.8mdv2009.1.x86_64.rpm
 bf3845f586eeeaafab5e25442f4d8950  2009.1/x86_64/lib64kdefakes5-4.2.4-0.8mdv2009.1.x86_64.rpm
 b9767fb69262886d60a7844ad6569e27  2009.1/x86_64/lib64kdesu5-4.2.4-0.8mdv2009.1.x86_64.rpm
 d709c9fb8874c432d1b4e415e9c06858  2009.1/x86_64/lib64kdeui5-4.2.4-0.8mdv2009.1.x86_64.rpm
 6d062780a7629eed7e93ab9e66daf633  2009.1/x86_64/lib64kdnssd4-4.2.4-0.8mdv2009.1.x86_64.rpm
 f39c44bc7572d06921061c0ac5ef78c9  2009.1/x86_64/lib64kfile4-4.2.4-0.8mdv2009.1.x86_64.rpm
 90f8ecd4967830ebff3b81732162fe33  2009.1/x86_64/lib64khtml5-4.2.4-0.8mdv2009.1.x86_64.rpm
 005d7de69a0063a8dc396b9dffdf20ed  2009.1/x86_64/lib64kimproxy4-4.2.4-0.8mdv2009.1.x86_64.rpm
 3924d83bf43990f7a7ba5d2eea29ef5d  2009.1/x86_64/lib64kio5-4.2.4-0.8mdv2009.1.x86_64.rpm
 9124f0ce5f1643e4310ef0bfc5fda970  2009.1/x86_64/lib64kjs4-4.2.4-0.8mdv2009.1.x86_64.rpm
 573504d0c305e757b3c163b9132264e4  2009.1/x86_64/lib64kjsapi4-4.2.4-0.8mdv2009.1.x86_64.rpm
 917e5b175a3a5480e848dee6201e99d9  2009.1/x86_64/lib64kjsembed4-4.2.4-0.8mdv2009.1.x86_64.rpm
 604cce29c11b2452b2744ff72e248b7c  2009.1/x86_64/lib64kmediaplayer4-4.2.4-0.8mdv2009.1.x86_64.rpm
 bd75d3e4feaa98a3659ae5d113fe45f6  2009.1/x86_64/lib64knewstuff2_4-4.2.4-0.8mdv2009.1.x86_64.rpm
 0a7d48b91c673f5908ce2d47a77746e2  2009.1/x86_64/lib64knotifyconfig4-4.2.4-0.8mdv2009.1.x86_64.rpm
 a91967cfec8b470cc7520ac17590d41b  2009.1/x86_64/lib64kntlm4-4.2.4-0.8mdv2009.1.x86_64.rpm
 0159bb033c507f20fb8bd77a7a8be43a  2009.1/x86_64/lib64kparts4-4.2.4-0.8mdv2009.1.x86_64.rpm
 a062d0124cdea9dfcafb82ed2c5dfd54  2009.1/x86_64/lib64kpty4-4.2.4-0.8mdv2009.1.x86_64.rpm
 8c0950479a23531a03836f7744d6b90d  2009.1/x86_64/lib64krosscore4-4.2.4-0.8mdv2009.1.x86_64.rpm
 ca61efacf989bd4421d2c88abc440e3f  2009.1/x86_64/lib64krossui4-4.2.4-0.8mdv2009.1.x86_64.rpm
 bcd31e87995de0f86ad9c363e87ea0d4  2009.1/x86_64/lib64ktexteditor4-4.2.4-0.8mdv2009.1.x86_64.rpm
 23a0f2c640a20dd1be2b4475a9102cd6  2009.1/x86_64/lib64kunittest4-4.2.4-0.8mdv2009.1.x86_64.rpm
 e49987a6d8016b6ac39011b6cac0b570  2009.1/x86_64/lib64kutils4-4.2.4-0.8mdv2009.1.x86_64.rpm
 90d6806fa9dcd2ac1b71fc3b72dd4f81  2009.1/x86_64/lib64nepomuk4-4.2.4-0.8mdv2009.1.x86_64.rpm
 4808080c578223d0bcb156e78f5d661f  2009.1/x86_64/lib64plasma3-4.2.4-0.8mdv2009.1.x86_64.rpm
 e8cecb137634dfc738617b67a6d34122  2009.1/x86_64/lib64solid4-4.2.4-0.8mdv2009.1.x86_64.rpm
 35c8778eaaa5465a8f15c27a57d8ed60  2009.1/x86_64/lib64threadweaver4-4.2.4-0.8mdv2009.1.x86_64.rpm 
 fe70dc01416cc986d1e19c15a0b5cfa7  2009.1/SRPMS/kdelibs4-4.2.4-0.8mdv2009.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLX/3wmqjQ0CJFipgRApr4AKC7I0w56Y9GFgmZeeNIeUDGaXgxHQCg6N5C
YuntVxGlOXktJ3qUQl1SZ1Y=
=5Avg
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ