Debian: DSA-1867-1: New kdelibs packages fix several vulnerabilities
Debian: DSA-1867-1: New kdelibs packages fix several vulnerabilities
Several security issues have been discovered in kdelibs, core libraries from the official KDE release. The Common Vulnerabilities and Exposures project identifies the following problems:
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1867-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Steffen Joeris August 19, 2009 https://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : kdelibs Vulnerability : several vulnerabilities Problem type : local (remote) Debian-specific: no CVE Ids : CVE-2009-1690 CVE-2009-1698 CVE-2009-1687 Debian Bugs : 534952 Several security issues have been discovered in kdelibs, core libraries from the official KDE release. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1690 It was discovered that there is a use-after-free flaw in handling certain DOM event handlers. This could lead to the execution of arbitrary code, when visiting a malicious website. CVE-2009-1698 It was discovered that there could be an uninitialised pointer when handling a Cascading Style Sheets (CSS) attr function call. This could lead to the execution of arbitrary code, when visiting a malicious website. CVE-2009-1687 It was discovered that the JavaScript garbage collector does not handle allocation failures properly, which could lead to the execution of arbitrary code when visiting a malicious website. For the stable distribution (lenny), these problems have been fixed in version 4:3.5.10.dfsg.1-0lenny2. For the oldstable distribution (etch), these problems have been fixed in version 4:3.5.5a.dfsg.1-8etch2. For the testing distribution (squeeze) and the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your kdelibs packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Debian (oldstable) - ------------------ Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.5a.dfsg.1.orig.tar.gz Size/MD5 checksum: 18684663 a3f13367dcadef4749ba0173c8bc5f8e https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.5a.dfsg.1-8etch2.dsc Size/MD5 checksum: 1635 0eb586c194525c6efbfda4c7505faf97 https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.5a.dfsg.1-8etch2.diff.gz Size/MD5 checksum: 601893 1452f9edd815d35268c580caba07c69b Architecture independent packages: https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.5a.dfsg.1-8etch2_all.deb Size/MD5 checksum: 34590 8d069056020a0d76c5657105c764c4c4 https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-data_3.5.5a.dfsg.1-8etch2_all.deb Size/MD5 checksum: 8599236 93a407c519ffef8ecfb182aadb59a86f https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-doc_3.5.5a.dfsg.1-8etch2_all.deb Size/MD5 checksum: 40223822 95cdb51e0f3104ff26fe2d3419c79ab7 alpha architecture (DEC Alpha) https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch2_alpha.deb Size/MD5 checksum: 11344306 6348981220a7b68267630b03e9b9c981 https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch2_alpha.deb Size/MD5 checksum: 1385806 e64b605767065b4dff321c01caf5b037 https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch2_alpha.deb Size/MD5 checksum: 47403994 898f8d449d4fcbf7ff69db361b1f5335 amd64 architecture (AMD x86_64 (AMD64)) https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch2_amd64.deb Size/MD5 checksum: 1341342 ae284490ea0849d87071e87a83a1c687 https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch2_amd64.deb Size/MD5 checksum: 27018282 3866668423626ca47f92d01e7b643e6d https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch2_amd64.deb Size/MD5 checksum: 10400204 9bec5c062bbd4d58a9da7f024f0e04c3 arm architecture (ARM) https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch2_arm.deb Size/MD5 checksum: 1382100 bc7e214c08ebed30226eb8f42bebe172 https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch2_arm.deb Size/MD5 checksum: 46418580 f720c63d08017ccd553bc7d12ae93008 https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch2_arm.deb Size/MD5 checksum: 9302584 f661269d0085547f5993fcf28fb93a96 hppa architecture (HP PA RISC) https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch2_hppa.deb Size/MD5 checksum: 1385038 5b9a334a18f36f23d76a7cad7618368e https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch2_hppa.deb Size/MD5 checksum: 11295246 676e6d6bd97a1a0eef8476cdf12a2fc2 https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch2_hppa.deb Size/MD5 checksum: 27634968 7630102f5f57d2ccf39013aa1689bd70 i386 architecture (Intel ia32) https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch2_i386.deb Size/MD5 checksum: 26268130 9562a77ad5b8dd761c1514bae672c35b https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch2_i386.deb Size/MD5 checksum: 1382698 415adb54c701be487552a24280e4e1cb https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch2_i386.deb Size/MD5 checksum: 9742340 44d58eccf0d6de0626ee627821aab8b0 ia64 architecture (Intel ia64) https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch2_ia64.deb Size/MD5 checksum: 13676054 8683ddc99ac43cb8c554b9122f745993 https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch2_ia64.deb Size/MD5 checksum: 1358118 fbd168ec39d501f6a9b24f0e1ffd4646 https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch2_ia64.deb Size/MD5 checksum: 26570192 145d7dd0d22a84df2f6ccc3204150e40 mips architecture (MIPS (Big Endian)) https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch2_mips.deb Size/MD5 checksum: 9206542 e7beeba1b3b3f7b06168c687bdedd0f7 https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch2_mips.deb Size/MD5 checksum: 1338644 68a2b55d8ab44bb3e950cd6185bfc4d7 https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch2_mips.deb Size/MD5 checksum: 27982962 edd2487d14887990a689cead8b1debe0 powerpc architecture (PowerPC) https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch2_powerpc.deb Size/MD5 checksum: 9766678 5a45281e031bb4191c5bc2b38f79fc0a https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch2_powerpc.deb Size/MD5 checksum: 1342998 7a4a69fea4f60bb15902c00a10259f30 https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch2_powerpc.deb Size/MD5 checksum: 27962154 d339d9e69a0bd65e0543729fd2303d3c Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.10.dfsg.1.orig.tar.gz Size/MD5 checksum: 18639393 4bcfee29b0f939415791f5032a72e7b0 https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-0lenny2.dsc Size/MD5 checksum: 2245 61102e1ac7ad325720bc2bcac16d481f https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-0lenny2.diff.gz Size/MD5 checksum: 412545 a09c6aa2f0d3c0c44af5e713f75f35b6 Architecture independent packages: https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-0lenny2_all.deb Size/MD5 checksum: 29918 eb82b39b6c29628767a9ecaa46bf4652 https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-data_3.5.10.dfsg.1-0lenny2_all.deb Size/MD5 checksum: 8713862 1ab162c4a5a27a71431f1ed045105609 https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-doc_3.5.10.dfsg.1-0lenny2_all.deb Size/MD5 checksum: 26418020 693390c0455a96a718bf9a8171534e2c alpha architecture (DEC Alpha) https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny2_alpha.deb Size/MD5 checksum: 46875062 802dfd910368c4687cc58ccb173f6d5d https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny2_alpha.deb Size/MD5 checksum: 1409188 57c6036c0e3150cdd4c6ed0c13698585 https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny2_alpha.deb Size/MD5 checksum: 11642814 611f239a71e238aba134c2b18cc58f63 amd64 architecture (AMD x86_64 (AMD64)) https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny2_amd64.deb Size/MD5 checksum: 1446092 f2dc70fbd2c819ec6892c1ec326c9adf https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny2_amd64.deb Size/MD5 checksum: 27421620 ecfdbab0c17f28ddb4d6657e8b5bb85c https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny2_amd64.deb Size/MD5 checksum: 11078338 0bd469ce635822cbf855117c6e2c36df arm architecture (ARM) https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny2_arm.deb Size/MD5 checksum: 47031552 c7011743542219d32f1ff51cee3c09b1 https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny2_arm.deb Size/MD5 checksum: 1435266 e4108db76596c6e2955ab07f3a640fc9 https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny2_arm.deb Size/MD5 checksum: 9649440 7b594344fc51dded877e0eba7a38fd41 armel architecture (ARM EABI) https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny2_armel.deb Size/MD5 checksum: 1433610 082d4d9b9670a95f65e52e56f58d7ffd https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny2_armel.deb Size/MD5 checksum: 46538448 75b0a1414d8c96c6e0127813f54b07b2 https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny2_armel.deb Size/MD5 checksum: 9563166 05ddaccd75ed56790c4703d368e5292f hppa architecture (HP PA RISC) https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny2_hppa.deb Size/MD5 checksum: 1447370 4a29564a22f028949d2711c5ac886fd0 https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny2_hppa.deb Size/MD5 checksum: 27839178 cec10294eb73039132cc6ebbf8eb294c https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny2_hppa.deb Size/MD5 checksum: 11577680 13148f1415df0fc78511de7cd9244a73 i386 architecture (Intel ia32) https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny2_i386.deb Size/MD5 checksum: 26686156 ae4b51c616894dc41b1070f0c413445a https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny2_i386.deb Size/MD5 checksum: 1442054 42dc420f8dbe8f5b342e25909801ce4c https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny2_i386.deb Size/MD5 checksum: 10383036 707b9b42744a1106727b710d06b6eeba ia64 architecture (Intel ia64) https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny2_ia64.deb Size/MD5 checksum: 14729408 a28f89e4cfa1fe99dfa622a53c2d19bd https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny2_ia64.deb Size/MD5 checksum: 27244156 32eefa104364bd29443b008b6336c06f https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny2_ia64.deb Size/MD5 checksum: 1446920 42c549d030a4cf5d6e9931368c1cf583 mips architecture (MIPS (Big Endian)) https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny2_mips.deb Size/MD5 checksum: 9431520 2999560f7739c5b01f1f4b6b3f899d49 https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny2_mips.deb Size/MD5 checksum: 1395188 e861d47d3f4806ec08fb8d33e4f28107 https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny2_mips.deb Size/MD5 checksum: 28269758 a33cd4dbfde5bb7565365c1ad07c8806 powerpc architecture (PowerPC) https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny2_powerpc.deb Size/MD5 checksum: 10944564 6b53163fe7c9ccc44f72a1fde8161851 https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny2_powerpc.deb Size/MD5 checksum: 1418938 b7a98a3ea8b63d59494f151594e326d2 https://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny2_powerpc.deb Size/MD5 checksum: 28183670 cc1fb778ca0573b006ccf73429764245 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb https://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. Package info: `apt-cache show' and https://packages.debian.org/