lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1Na6oS-00035u-Nj@titan.mandriva.com>
Date: Wed, 27 Jan 2010 13:16:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:028 ] kdelibs4


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:028
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : kdelibs4
 Date    : January 27, 2010
 Affected: 2010.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities was discovered and corrected in kdelibs4:
 
 KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a
 \'\0\' (NUL) character in a domain name in the Subject Alternative
 Name field of an X.509 certificate, which allows man-in-the-middle
 attackers to spoof arbitrary SSL servers via a crafted certificate
 issued by a legitimate Certification Authority, a related issue to
 CVE-2009-2408 (CVE-2009-2702).
 
 KDE Konqueror allows remote attackers to cause a denial of service
 (memory consumption) via a large integer value for the length property
 of a Select object, a related issue to CVE-2009-1692 (CVE-2009-2537).
 
 The gdtoa (aka new dtoa) implementation in gdtoa/misc.c in
 libc in FreeBSD 6.4 and 7.2, NetBSD 5.0, and OpenBSD 4.5 allows
 context-dependent attackers to cause a denial of service (application
 crash) or possibly have unspecified other impact via a large precision
 value in the format argument to a printf function, related to an
 array overrun. (CVE-2009-0689).
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2702
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2537
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0689
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.0:
 33710e4c127e3f066d4ee4dbb48c489b  2010.0/i586/kdelibs4-core-4.3.2-11.14mdv2010.0.i586.rpm
 729ae2fa1575e10820480d0bea2629a1  2010.0/i586/kdelibs4-devel-4.3.2-11.14mdv2010.0.i586.rpm
 5c2e90329653954110f1385bc404ea1f  2010.0/i586/libkde3support4-4.3.2-11.14mdv2010.0.i586.rpm
 5255f87e774bea4fa38d2fd0397a82bd  2010.0/i586/libkdecore5-4.3.2-11.14mdv2010.0.i586.rpm
 e40f53bb3caee308f0ab81d5f091a5db  2010.0/i586/libkdefakes5-4.3.2-11.14mdv2010.0.i586.rpm
 e027288fdb8d917f934641ea934432c7  2010.0/i586/libkdesu5-4.3.2-11.14mdv2010.0.i586.rpm
 e9ca80075872c1e68ca1f5ddeb9ce2a4  2010.0/i586/libkdeui5-4.3.2-11.14mdv2010.0.i586.rpm
 9d9b22a86b5b0684801cf652afb6791a  2010.0/i586/libkdnssd4-4.3.2-11.14mdv2010.0.i586.rpm
 b70ed737e0f857d68d9fefb3fad2cfa1  2010.0/i586/libkfile4-4.3.2-11.14mdv2010.0.i586.rpm
 27bfe29c5952d58c1eaf2bb130668d2c  2010.0/i586/libkhtml5-4.3.2-11.14mdv2010.0.i586.rpm
 a2e2456a104d6085479229bc3edf3370  2010.0/i586/libkimproxy4-4.3.2-11.14mdv2010.0.i586.rpm
 b152961f2b3c06134ae0ca2bdabe77b0  2010.0/i586/libkio5-4.3.2-11.14mdv2010.0.i586.rpm
 1e8d3dc384c46afb23bb4dace40df5f6  2010.0/i586/libkjs4-4.3.2-11.14mdv2010.0.i586.rpm
 64736a9db93696bf4e1658cc9cbed0f5  2010.0/i586/libkjsapi4-4.3.2-11.14mdv2010.0.i586.rpm
 fd005b1db52fbe95b163428e9f1edd43  2010.0/i586/libkjsembed4-4.3.2-11.14mdv2010.0.i586.rpm
 5eb298a371bb5fc31494856a2cddd3a6  2010.0/i586/libkmediaplayer4-4.3.2-11.14mdv2010.0.i586.rpm
 3013d74cdf48c0e6e0c55f8af5bf83a0  2010.0/i586/libknewstuff2_4-4.3.2-11.14mdv2010.0.i586.rpm
 2c31f4c0fa71ec35ec5a5f0e68ff4847  2010.0/i586/libknotifyconfig4-4.3.2-11.14mdv2010.0.i586.rpm
 361a0aa31fb34f77d99a3b2bcc08d06b  2010.0/i586/libkntlm4-4.3.2-11.14mdv2010.0.i586.rpm
 f383eeec52164d5122ea6125b2e9b02f  2010.0/i586/libkparts4-4.3.2-11.14mdv2010.0.i586.rpm
 0d8db89b62359ac9fe6c61661987708f  2010.0/i586/libkpty4-4.3.2-11.14mdv2010.0.i586.rpm
 9bfd72866126f8fbae7b15af580385d5  2010.0/i586/libkrosscore4-4.3.2-11.14mdv2010.0.i586.rpm
 9c5d90d57dbacadd0472c167a3c7a6a5  2010.0/i586/libkrossui4-4.3.2-11.14mdv2010.0.i586.rpm
 2fbe8d729b997df8105edf5595e5fc5f  2010.0/i586/libktexteditor4-4.3.2-11.14mdv2010.0.i586.rpm
 8396960aaa8c205602b4d48bff64f1cb  2010.0/i586/libkunittest4-4.3.2-11.14mdv2010.0.i586.rpm
 a50fa982912201b0785ee37b6e776fc3  2010.0/i586/libkutils4-4.3.2-11.14mdv2010.0.i586.rpm
 6caf366e3455479e9d95fee1a1a36bcc  2010.0/i586/libnepomuk4-4.3.2-11.14mdv2010.0.i586.rpm
 8250fed72d654f5c61cd9cb4d868e06d  2010.0/i586/libplasma3-4.3.2-11.14mdv2010.0.i586.rpm
 a6201c4800f363cba18afdfd8a9fbc15  2010.0/i586/libsolid4-4.3.2-11.14mdv2010.0.i586.rpm
 2a6d763d74f0d420429a1943fc8f288b  2010.0/i586/libthreadweaver4-4.3.2-11.14mdv2010.0.i586.rpm 
 efa77a322ba85ef9fe3382173a73d96f  2010.0/SRPMS/kdelibs4-4.3.2-11.14mdv2010.0.src.rpm

 Mandriva Linux 2010.0/X86_64:
 628c96841b4fe1ae8f60d091fa14f4a8  2010.0/x86_64/kdelibs4-core-4.3.2-11.14mdv2010.0.x86_64.rpm
 49b2d3b07b9972a4ce96c7165365877b  2010.0/x86_64/kdelibs4-devel-4.3.2-11.14mdv2010.0.x86_64.rpm
 653348d413757079608374479aabf7af  2010.0/x86_64/lib64kde3support4-4.3.2-11.14mdv2010.0.x86_64.rpm
 310b1c2d870c6b49b24359ef3f48c5b2  2010.0/x86_64/lib64kdecore5-4.3.2-11.14mdv2010.0.x86_64.rpm
 2204c6207c7d9832f1c9b08e44bab933  2010.0/x86_64/lib64kdefakes5-4.3.2-11.14mdv2010.0.x86_64.rpm
 ded542c4f600ec4ee9578a84eecba90d  2010.0/x86_64/lib64kdesu5-4.3.2-11.14mdv2010.0.x86_64.rpm
 61e898c4a9986d30c9fb5df8cab0c6a2  2010.0/x86_64/lib64kdeui5-4.3.2-11.14mdv2010.0.x86_64.rpm
 2c1372cf3ceb6ccc2b576fd2391f265e  2010.0/x86_64/lib64kdnssd4-4.3.2-11.14mdv2010.0.x86_64.rpm
 5c9c1bc90773a78df10e0c31b7c415a2  2010.0/x86_64/lib64kfile4-4.3.2-11.14mdv2010.0.x86_64.rpm
 154c30e99ce9c2d956fd9bab69a32eb8  2010.0/x86_64/lib64khtml5-4.3.2-11.14mdv2010.0.x86_64.rpm
 6b4fd189b0068c859653f1c0a95d169a  2010.0/x86_64/lib64kimproxy4-4.3.2-11.14mdv2010.0.x86_64.rpm
 599dbbf7689d9ea31991d6b9ce86e0fa  2010.0/x86_64/lib64kio5-4.3.2-11.14mdv2010.0.x86_64.rpm
 2e31f04cb9871f6fa54033281c9fbcfd  2010.0/x86_64/lib64kjs4-4.3.2-11.14mdv2010.0.x86_64.rpm
 ba8d5f97e0d2cc07ac379d12160dc710  2010.0/x86_64/lib64kjsapi4-4.3.2-11.14mdv2010.0.x86_64.rpm
 dac95aac7d233a11f3b920819d120c96  2010.0/x86_64/lib64kjsembed4-4.3.2-11.14mdv2010.0.x86_64.rpm
 3acd8d0df72a1206091397e3f30dc23e  2010.0/x86_64/lib64kmediaplayer4-4.3.2-11.14mdv2010.0.x86_64.rpm
 8d45de302d9197e5956f4559523939ce  2010.0/x86_64/lib64knewstuff2_4-4.3.2-11.14mdv2010.0.x86_64.rpm
 2218d8ca6ab9c49c5302377cbf3fb6d6  2010.0/x86_64/lib64knotifyconfig4-4.3.2-11.14mdv2010.0.x86_64.rpm
 b0f7f7966ecacb227bdf8e5a6f7ec1f4  2010.0/x86_64/lib64kntlm4-4.3.2-11.14mdv2010.0.x86_64.rpm
 df1c765779d67ef5ed75259888f1a399  2010.0/x86_64/lib64kparts4-4.3.2-11.14mdv2010.0.x86_64.rpm
 13a37eefc1eaf718817ab9d4a61ad0d5  2010.0/x86_64/lib64kpty4-4.3.2-11.14mdv2010.0.x86_64.rpm
 77db36915eac2265b955c9730fdc6611  2010.0/x86_64/lib64krosscore4-4.3.2-11.14mdv2010.0.x86_64.rpm
 47f9b8a7070adc1028f3b8dcdf14ed26  2010.0/x86_64/lib64krossui4-4.3.2-11.14mdv2010.0.x86_64.rpm
 8cd7275deff482953895f7d71f232160  2010.0/x86_64/lib64ktexteditor4-4.3.2-11.14mdv2010.0.x86_64.rpm
 5c5b666d4ae0fb58c0d6e012c7522161  2010.0/x86_64/lib64kunittest4-4.3.2-11.14mdv2010.0.x86_64.rpm
 d67c086990110f1fac519f7d3948b053  2010.0/x86_64/lib64kutils4-4.3.2-11.14mdv2010.0.x86_64.rpm
 c9692f6851972ba9fbc9dd1773891db5  2010.0/x86_64/lib64nepomuk4-4.3.2-11.14mdv2010.0.x86_64.rpm
 36674939e5e7ffb36427fbc504e097a8  2010.0/x86_64/lib64plasma3-4.3.2-11.14mdv2010.0.x86_64.rpm
 29087c6119008e740c13e4ac48d6a4d0  2010.0/x86_64/lib64solid4-4.3.2-11.14mdv2010.0.x86_64.rpm
 775291372adee37558c25d9b0f3e0348  2010.0/x86_64/lib64threadweaver4-4.3.2-11.14mdv2010.0.x86_64.rpm 
 efa77a322ba85ef9fe3382173a73d96f  2010.0/SRPMS/kdelibs4-4.3.2-11.14mdv2010.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLYAPjmqjQ0CJFipgRAlWCAJ45g7YqrzFHMj4n1CTe7bDmTtElDQCg9tEz
jCRztpSQwDQQjyfD+MvizBM=
=SRaf
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ