Submit a story to LinuxSecurity!

Thanks very much for your interest in sharing your story with us. Our site is driven by users like you.

Post anonymously

Please also feel free to using our GPG key (found on our About page) or email us at This email address is being protected from spambots. You need JavaScript enabled to view it.

 

    Back

    Debian: DSA-1867-1: New kdelibs packages fix several vulnerabilities

    Date19 Aug 2009
    CategoryDebian
    136
    Posted ByLinuxSecurity Advisories
    Several security issues have been discovered in kdelibs, core libraries from the official KDE release. The Common Vulnerabilities and Exposures project identifies the following problems: 
    
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1867-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
http://www.debian.org/security/                      Steffen Joeris
August 19, 2009                       http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : kdelibs                
Vulnerability  : several vulnerabilities
Problem type   : local (remote)
Debian-specific: no
CVE Ids        : CVE-2009-1690 CVE-2009-1698 CVE-2009-1687
Debian Bugs    : 534952

Several security issues have been discovered in kdelibs, core libraries
from the official KDE release. The Common Vulnerabilities and Exposures
project identifies the following problems:

CVE-2009-1690

It was discovered that there is a use-after-free flaw in handling
certain DOM event handlers. This could lead to the execution of
arbitrary code, when visiting a malicious website.

CVE-2009-1698

It was discovered that there could be an uninitialised pointer when
handling a Cascading Style Sheets (CSS) attr function call. This could
lead to the execution of arbitrary code, when visiting a malicious
website.

CVE-2009-1687

It was discovered that the JavaScript garbage collector does not handle
allocation failures properly, which could lead to the execution of
arbitrary code when visiting a malicious website.


For the stable distribution (lenny), these problems have been fixed in
version 4:3.5.10.dfsg.1-0lenny2.

For the oldstable distribution (etch), these problems have been fixed
in version 4:3.5.5a.dfsg.1-8etch2.

For the testing distribution (squeeze) and the unstable distribution
(sid), these problems will be fixed soon.


We recommend that you upgrade your kdelibs packages.


Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Debian (oldstable)
- ------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.5a.dfsg.1.orig.tar.gz
    Size/MD5 checksum: 18684663 a3f13367dcadef4749ba0173c8bc5f8e
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.5a.dfsg.1-8etch2.dsc
    Size/MD5 checksum:     1635 0eb586c194525c6efbfda4c7505faf97
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.5a.dfsg.1-8etch2.diff.gz
    Size/MD5 checksum:   601893 1452f9edd815d35268c580caba07c69b

Architecture independent packages:

  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.5a.dfsg.1-8etch2_all.deb
    Size/MD5 checksum:    34590 8d069056020a0d76c5657105c764c4c4
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-data_3.5.5a.dfsg.1-8etch2_all.deb
    Size/MD5 checksum:  8599236 93a407c519ffef8ecfb182aadb59a86f
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-doc_3.5.5a.dfsg.1-8etch2_all.deb
    Size/MD5 checksum: 40223822 95cdb51e0f3104ff26fe2d3419c79ab7

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch2_alpha.deb
    Size/MD5 checksum: 11344306 6348981220a7b68267630b03e9b9c981
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch2_alpha.deb
    Size/MD5 checksum:  1385806 e64b605767065b4dff321c01caf5b037
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch2_alpha.deb
    Size/MD5 checksum: 47403994 898f8d449d4fcbf7ff69db361b1f5335

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch2_amd64.deb
    Size/MD5 checksum:  1341342 ae284490ea0849d87071e87a83a1c687
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch2_amd64.deb
    Size/MD5 checksum: 27018282 3866668423626ca47f92d01e7b643e6d
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch2_amd64.deb
    Size/MD5 checksum: 10400204 9bec5c062bbd4d58a9da7f024f0e04c3

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch2_arm.deb
    Size/MD5 checksum:  1382100 bc7e214c08ebed30226eb8f42bebe172
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch2_arm.deb
    Size/MD5 checksum: 46418580 f720c63d08017ccd553bc7d12ae93008
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch2_arm.deb
    Size/MD5 checksum:  9302584 f661269d0085547f5993fcf28fb93a96

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch2_hppa.deb
    Size/MD5 checksum:  1385038 5b9a334a18f36f23d76a7cad7618368e
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch2_hppa.deb
    Size/MD5 checksum: 11295246 676e6d6bd97a1a0eef8476cdf12a2fc2
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch2_hppa.deb
    Size/MD5 checksum: 27634968 7630102f5f57d2ccf39013aa1689bd70

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch2_i386.deb
    Size/MD5 checksum: 26268130 9562a77ad5b8dd761c1514bae672c35b
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch2_i386.deb
    Size/MD5 checksum:  1382698 415adb54c701be487552a24280e4e1cb
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch2_i386.deb
    Size/MD5 checksum:  9742340 44d58eccf0d6de0626ee627821aab8b0

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch2_ia64.deb
    Size/MD5 checksum: 13676054 8683ddc99ac43cb8c554b9122f745993
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch2_ia64.deb
    Size/MD5 checksum:  1358118 fbd168ec39d501f6a9b24f0e1ffd4646
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch2_ia64.deb
    Size/MD5 checksum: 26570192 145d7dd0d22a84df2f6ccc3204150e40

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch2_mips.deb
    Size/MD5 checksum:  9206542 e7beeba1b3b3f7b06168c687bdedd0f7
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch2_mips.deb
    Size/MD5 checksum:  1338644 68a2b55d8ab44bb3e950cd6185bfc4d7
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch2_mips.deb
    Size/MD5 checksum: 27982962 edd2487d14887990a689cead8b1debe0

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch2_powerpc.deb
    Size/MD5 checksum:  9766678 5a45281e031bb4191c5bc2b38f79fc0a
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch2_powerpc.deb
    Size/MD5 checksum:  1342998 7a4a69fea4f60bb15902c00a10259f30
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch2_powerpc.deb
    Size/MD5 checksum: 27962154 d339d9e69a0bd65e0543729fd2303d3c


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.10.dfsg.1.orig.tar.gz
    Size/MD5 checksum: 18639393 4bcfee29b0f939415791f5032a72e7b0
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-0lenny2.dsc
    Size/MD5 checksum:     2245 61102e1ac7ad325720bc2bcac16d481f
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-0lenny2.diff.gz
    Size/MD5 checksum:   412545 a09c6aa2f0d3c0c44af5e713f75f35b6

Architecture independent packages:

  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-0lenny2_all.deb
    Size/MD5 checksum:    29918 eb82b39b6c29628767a9ecaa46bf4652
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-data_3.5.10.dfsg.1-0lenny2_all.deb
    Size/MD5 checksum:  8713862 1ab162c4a5a27a71431f1ed045105609
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-doc_3.5.10.dfsg.1-0lenny2_all.deb
    Size/MD5 checksum: 26418020 693390c0455a96a718bf9a8171534e2c

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny2_alpha.deb
    Size/MD5 checksum: 46875062 802dfd910368c4687cc58ccb173f6d5d
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny2_alpha.deb
    Size/MD5 checksum:  1409188 57c6036c0e3150cdd4c6ed0c13698585
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny2_alpha.deb
    Size/MD5 checksum: 11642814 611f239a71e238aba134c2b18cc58f63

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny2_amd64.deb
    Size/MD5 checksum:  1446092 f2dc70fbd2c819ec6892c1ec326c9adf
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny2_amd64.deb
    Size/MD5 checksum: 27421620 ecfdbab0c17f28ddb4d6657e8b5bb85c
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny2_amd64.deb
    Size/MD5 checksum: 11078338 0bd469ce635822cbf855117c6e2c36df

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny2_arm.deb
    Size/MD5 checksum: 47031552 c7011743542219d32f1ff51cee3c09b1
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny2_arm.deb
    Size/MD5 checksum:  1435266 e4108db76596c6e2955ab07f3a640fc9
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny2_arm.deb
    Size/MD5 checksum:  9649440 7b594344fc51dded877e0eba7a38fd41

armel architecture (ARM EABI)

  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny2_armel.deb
    Size/MD5 checksum:  1433610 082d4d9b9670a95f65e52e56f58d7ffd
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny2_armel.deb
    Size/MD5 checksum: 46538448 75b0a1414d8c96c6e0127813f54b07b2
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny2_armel.deb
    Size/MD5 checksum:  9563166 05ddaccd75ed56790c4703d368e5292f

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny2_hppa.deb
    Size/MD5 checksum:  1447370 4a29564a22f028949d2711c5ac886fd0
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny2_hppa.deb
    Size/MD5 checksum: 27839178 cec10294eb73039132cc6ebbf8eb294c
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny2_hppa.deb
    Size/MD5 checksum: 11577680 13148f1415df0fc78511de7cd9244a73

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny2_i386.deb
    Size/MD5 checksum: 26686156 ae4b51c616894dc41b1070f0c413445a
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny2_i386.deb
    Size/MD5 checksum:  1442054 42dc420f8dbe8f5b342e25909801ce4c
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny2_i386.deb
    Size/MD5 checksum: 10383036 707b9b42744a1106727b710d06b6eeba

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny2_ia64.deb
    Size/MD5 checksum: 14729408 a28f89e4cfa1fe99dfa622a53c2d19bd
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny2_ia64.deb
    Size/MD5 checksum: 27244156 32eefa104364bd29443b008b6336c06f
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny2_ia64.deb
    Size/MD5 checksum:  1446920 42c549d030a4cf5d6e9931368c1cf583

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny2_mips.deb
    Size/MD5 checksum:  9431520 2999560f7739c5b01f1f4b6b3f899d49
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny2_mips.deb
    Size/MD5 checksum:  1395188 e861d47d3f4806ec08fb8d33e4f28107
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny2_mips.deb
    Size/MD5 checksum: 28269758 a33cd4dbfde5bb7565365c1ad07c8806

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny2_powerpc.deb
    Size/MD5 checksum: 10944564 6b53163fe7c9ccc44f72a1fde8161851
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny2_powerpc.deb
    Size/MD5 checksum:  1418938 b7a98a3ea8b63d59494f151594e326d2
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny2_powerpc.deb
    Size/MD5 checksum: 28183670 cc1fb778ca0573b006ccf73429764245


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
Package info: `apt-cache show ' and http://packages.debian.org/

    Related News

    Research: 5G Networks Still Vulnerable to Location Tracking, Downgrading Attacks
    Research: 5G Networks Still Vulnerable to Location Tracking, Downgrading Attacks
    Portland Seeks to Become First City in Maine to Ban Facial Recognition Technology
    Portland Seeks to Become First City in Maine to Ban Facial Recognition Technology
    NSA won’t collect phone location data, promises US government
    NSA won’t collect phone location data, promises US government
    How the Linux kernel balances the risks of public bug disclosure
    How the Linux kernel balances the risks of public bug disclosure
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"39","type":"x","order":"1","pct":50.65,"resources":[]},{"id":"88","title":"Should be more technical","votes":"11","type":"x","order":"2","pct":14.29,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"27","type":"x","order":"3","pct":35.06,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    RedHat: RHSA-2019-3908:01 Important: kernel-rt security update
    Date18 Nov 2019 @ 23:43
    Debian LTS: DLA-1999-1: symfony security update
    Date18 Nov 2019 @ 15:38
    Fedora 31: ghostscript FEDORA-2019-6cdb10aa59
    Date18 Nov 2019 @ 12:48
    Fedora 31: gd FEDORA-2019-7a06c0e6b4
    Date18 Nov 2019 @ 12:47

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

    Learn More