Debian: DSA-1867-1: New kdelibs packages fix several vulnerabilities

    Date19 Aug 2009
    CategoryDebian
    102
    Posted ByLinuxSecurity Advisories
    Several security issues have been discovered in kdelibs, core libraries from the official KDE release. The Common Vulnerabilities and Exposures project identifies the following problems:
    
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1867-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                      Steffen Joeris
    August 19, 2009                       http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : kdelibs                
    Vulnerability  : several vulnerabilities
    Problem type   : local (remote)
    Debian-specific: no
    CVE Ids        : CVE-2009-1690 CVE-2009-1698 CVE-2009-1687
    Debian Bugs    : 534952
    
    Several security issues have been discovered in kdelibs, core libraries
    from the official KDE release. The Common Vulnerabilities and Exposures
    project identifies the following problems:
    
    CVE-2009-1690
    
    It was discovered that there is a use-after-free flaw in handling
    certain DOM event handlers. This could lead to the execution of
    arbitrary code, when visiting a malicious website.
    
    CVE-2009-1698
    
    It was discovered that there could be an uninitialised pointer when
    handling a Cascading Style Sheets (CSS) attr function call. This could
    lead to the execution of arbitrary code, when visiting a malicious
    website.
    
    CVE-2009-1687
    
    It was discovered that the JavaScript garbage collector does not handle
    allocation failures properly, which could lead to the execution of
    arbitrary code when visiting a malicious website.
    
    
    For the stable distribution (lenny), these problems have been fixed in
    version 4:3.5.10.dfsg.1-0lenny2.
    
    For the oldstable distribution (etch), these problems have been fixed
    in version 4:3.5.5a.dfsg.1-8etch2.
    
    For the testing distribution (squeeze) and the unstable distribution
    (sid), these problems will be fixed soon.
    
    
    We recommend that you upgrade your kdelibs packages.
    
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    
    Debian (oldstable)
    - ------------------
    
    Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.5a.dfsg.1.orig.tar.gz
        Size/MD5 checksum: 18684663 a3f13367dcadef4749ba0173c8bc5f8e
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.5a.dfsg.1-8etch2.dsc
        Size/MD5 checksum:     1635 0eb586c194525c6efbfda4c7505faf97
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.5a.dfsg.1-8etch2.diff.gz
        Size/MD5 checksum:   601893 1452f9edd815d35268c580caba07c69b
    
    Architecture independent packages:
    
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.5a.dfsg.1-8etch2_all.deb
        Size/MD5 checksum:    34590 8d069056020a0d76c5657105c764c4c4
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-data_3.5.5a.dfsg.1-8etch2_all.deb
        Size/MD5 checksum:  8599236 93a407c519ffef8ecfb182aadb59a86f
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-doc_3.5.5a.dfsg.1-8etch2_all.deb
        Size/MD5 checksum: 40223822 95cdb51e0f3104ff26fe2d3419c79ab7
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch2_alpha.deb
        Size/MD5 checksum: 11344306 6348981220a7b68267630b03e9b9c981
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch2_alpha.deb
        Size/MD5 checksum:  1385806 e64b605767065b4dff321c01caf5b037
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch2_alpha.deb
        Size/MD5 checksum: 47403994 898f8d449d4fcbf7ff69db361b1f5335
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch2_amd64.deb
        Size/MD5 checksum:  1341342 ae284490ea0849d87071e87a83a1c687
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch2_amd64.deb
        Size/MD5 checksum: 27018282 3866668423626ca47f92d01e7b643e6d
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch2_amd64.deb
        Size/MD5 checksum: 10400204 9bec5c062bbd4d58a9da7f024f0e04c3
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch2_arm.deb
        Size/MD5 checksum:  1382100 bc7e214c08ebed30226eb8f42bebe172
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch2_arm.deb
        Size/MD5 checksum: 46418580 f720c63d08017ccd553bc7d12ae93008
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch2_arm.deb
        Size/MD5 checksum:  9302584 f661269d0085547f5993fcf28fb93a96
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch2_hppa.deb
        Size/MD5 checksum:  1385038 5b9a334a18f36f23d76a7cad7618368e
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch2_hppa.deb
        Size/MD5 checksum: 11295246 676e6d6bd97a1a0eef8476cdf12a2fc2
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch2_hppa.deb
        Size/MD5 checksum: 27634968 7630102f5f57d2ccf39013aa1689bd70
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch2_i386.deb
        Size/MD5 checksum: 26268130 9562a77ad5b8dd761c1514bae672c35b
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch2_i386.deb
        Size/MD5 checksum:  1382698 415adb54c701be487552a24280e4e1cb
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch2_i386.deb
        Size/MD5 checksum:  9742340 44d58eccf0d6de0626ee627821aab8b0
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch2_ia64.deb
        Size/MD5 checksum: 13676054 8683ddc99ac43cb8c554b9122f745993
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch2_ia64.deb
        Size/MD5 checksum:  1358118 fbd168ec39d501f6a9b24f0e1ffd4646
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch2_ia64.deb
        Size/MD5 checksum: 26570192 145d7dd0d22a84df2f6ccc3204150e40
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch2_mips.deb
        Size/MD5 checksum:  9206542 e7beeba1b3b3f7b06168c687bdedd0f7
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch2_mips.deb
        Size/MD5 checksum:  1338644 68a2b55d8ab44bb3e950cd6185bfc4d7
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch2_mips.deb
        Size/MD5 checksum: 27982962 edd2487d14887990a689cead8b1debe0
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch2_powerpc.deb
        Size/MD5 checksum:  9766678 5a45281e031bb4191c5bc2b38f79fc0a
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch2_powerpc.deb
        Size/MD5 checksum:  1342998 7a4a69fea4f60bb15902c00a10259f30
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch2_powerpc.deb
        Size/MD5 checksum: 27962154 d339d9e69a0bd65e0543729fd2303d3c
    
    
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    
    Debian (stable)
    - ---------------
    
    Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.10.dfsg.1.orig.tar.gz
        Size/MD5 checksum: 18639393 4bcfee29b0f939415791f5032a72e7b0
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-0lenny2.dsc
        Size/MD5 checksum:     2245 61102e1ac7ad325720bc2bcac16d481f
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-0lenny2.diff.gz
        Size/MD5 checksum:   412545 a09c6aa2f0d3c0c44af5e713f75f35b6
    
    Architecture independent packages:
    
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-0lenny2_all.deb
        Size/MD5 checksum:    29918 eb82b39b6c29628767a9ecaa46bf4652
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-data_3.5.10.dfsg.1-0lenny2_all.deb
        Size/MD5 checksum:  8713862 1ab162c4a5a27a71431f1ed045105609
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-doc_3.5.10.dfsg.1-0lenny2_all.deb
        Size/MD5 checksum: 26418020 693390c0455a96a718bf9a8171534e2c
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny2_alpha.deb
        Size/MD5 checksum: 46875062 802dfd910368c4687cc58ccb173f6d5d
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny2_alpha.deb
        Size/MD5 checksum:  1409188 57c6036c0e3150cdd4c6ed0c13698585
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny2_alpha.deb
        Size/MD5 checksum: 11642814 611f239a71e238aba134c2b18cc58f63
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny2_amd64.deb
        Size/MD5 checksum:  1446092 f2dc70fbd2c819ec6892c1ec326c9adf
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny2_amd64.deb
        Size/MD5 checksum: 27421620 ecfdbab0c17f28ddb4d6657e8b5bb85c
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny2_amd64.deb
        Size/MD5 checksum: 11078338 0bd469ce635822cbf855117c6e2c36df
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny2_arm.deb
        Size/MD5 checksum: 47031552 c7011743542219d32f1ff51cee3c09b1
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny2_arm.deb
        Size/MD5 checksum:  1435266 e4108db76596c6e2955ab07f3a640fc9
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny2_arm.deb
        Size/MD5 checksum:  9649440 7b594344fc51dded877e0eba7a38fd41
    
    armel architecture (ARM EABI)
    
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny2_armel.deb
        Size/MD5 checksum:  1433610 082d4d9b9670a95f65e52e56f58d7ffd
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny2_armel.deb
        Size/MD5 checksum: 46538448 75b0a1414d8c96c6e0127813f54b07b2
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny2_armel.deb
        Size/MD5 checksum:  9563166 05ddaccd75ed56790c4703d368e5292f
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny2_hppa.deb
        Size/MD5 checksum:  1447370 4a29564a22f028949d2711c5ac886fd0
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny2_hppa.deb
        Size/MD5 checksum: 27839178 cec10294eb73039132cc6ebbf8eb294c
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny2_hppa.deb
        Size/MD5 checksum: 11577680 13148f1415df0fc78511de7cd9244a73
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny2_i386.deb
        Size/MD5 checksum: 26686156 ae4b51c616894dc41b1070f0c413445a
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny2_i386.deb
        Size/MD5 checksum:  1442054 42dc420f8dbe8f5b342e25909801ce4c
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny2_i386.deb
        Size/MD5 checksum: 10383036 707b9b42744a1106727b710d06b6eeba
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny2_ia64.deb
        Size/MD5 checksum: 14729408 a28f89e4cfa1fe99dfa622a53c2d19bd
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny2_ia64.deb
        Size/MD5 checksum: 27244156 32eefa104364bd29443b008b6336c06f
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny2_ia64.deb
        Size/MD5 checksum:  1446920 42c549d030a4cf5d6e9931368c1cf583
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny2_mips.deb
        Size/MD5 checksum:  9431520 2999560f7739c5b01f1f4b6b3f899d49
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny2_mips.deb
        Size/MD5 checksum:  1395188 e861d47d3f4806ec08fb8d33e4f28107
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny2_mips.deb
        Size/MD5 checksum: 28269758 a33cd4dbfde5bb7565365c1ad07c8806
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny2_powerpc.deb
        Size/MD5 checksum: 10944564 6b53163fe7c9ccc44f72a1fde8161851
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny2_powerpc.deb
        Size/MD5 checksum:  1418938 b7a98a3ea8b63d59494f151594e326d2
      http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny2_powerpc.deb
        Size/MD5 checksum: 28183670 cc1fb778ca0573b006ccf73429764245
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"15","type":"x","order":"1","pct":53.57,"resources":[]},{"id":"88","title":"Should be more technical","votes":"4","type":"x","order":"2","pct":14.29,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"9","type":"x","order":"3","pct":32.14,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.