Debian: DSA-1868-1: New kde4libs packages fix several vulnerabilities

    Date19 Aug 2009
    CategoryDebian
    124
    Posted ByLinuxSecurity Advisories
    Several security issues have been discovered in kde4libs, core libraries for all KDE 4 applications. The Common Vulnerabilities and Exposures project identifies the following problems:
    
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1868-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    	
    http://www.debian.org/security/                      Steffen Joeris
    August 19, 2009                       http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : kde4libs                             
    Vulnerability  : several vulnerabilities              
    Problem type   : local (remote)                       
    Debian-specific: no
    CVE Ids        : CVE-2009-1690 CVE-2009-1698 CVE-2009-1687
    Debian Bugs    : 534949
    
    Several security issues have been discovered in kde4libs, core libraries
    for all KDE 4 applications. The Common Vulnerabilities and Exposures
    project identifies the following problems:
    
    CVE-2009-1690
    
    It was discovered that there is a use-after-free flaw in handling
    certain DOM event handlers. This could lead to the execution of
    arbitrary code, when visiting a malicious website.
    
    CVE-2009-1698
    
    It was discovered that there could be an uninitialised pointer when
    handling a Cascading Style Sheets (CSS) attr function call. This could
    lead to the execution of arbitrary code, when visiting a malicious
    website.
    
    CVE-2009-1687
    
    It was discovered that the JavaScript garbage collector does not handle
    allocation failures properly, which could lead to the execution of
    arbitrary code when visiting a malicious website.
    
    
    For the stable distribution (lenny), these problems have been fixed in
    version 4:4.1.0-3+lenny1.
    
    The oldstable distribution (etch) does not contain kde4libs.
    
    For the testing distribution (squeeze), these problems will be fixed
    soon.
    
    For the unstable distribution (sid), these problems have been fixed in
    version 4:4.3.0-1.
    
    
    We recommend that you upgrade your kde4libs packages.
    
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    
    Debian (stable)
    - ---------------
    
    Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/k/kde4libs/kde4libs_4.1.0-3+lenny1.dsc
        Size/MD5 checksum:     2149 7bc7675c4aa9e7afd4fa3f83b3f95810
      http://security.debian.org/pool/updates/main/k/kde4libs/kde4libs_4.1.0-3+lenny1.diff.gz
        Size/MD5 checksum:    91423 ecc50e9bedff96a3285a031141ea15d6
      http://security.debian.org/pool/updates/main/k/kde4libs/kde4libs_4.1.0.orig.tar.gz
        Size/MD5 checksum: 11264345 05487ff0cbc3da093f19e59184b259c7
    
    Architecture independent packages:
    
      http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-data_4.1.0-3+lenny1_all.deb
        Size/MD5 checksum:  3140792 47debc16cde2c9a927252ef09d89c1a3
    
    alpha architecture (DEC Alpha)
    
      http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs-bin_4.1.0-3+lenny1_alpha.deb
        Size/MD5 checksum:   485854 b888554c3d2658b0af3abfa842c58588
      http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dbg_4.1.0-3+lenny1_alpha.deb
        Size/MD5 checksum: 67441346 e6d761db09e246d88139e3416de56611
      http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dev_4.1.0-3+lenny1_alpha.deb
        Size/MD5 checksum:  1468330 b8c3ce39505d2532f2c5d7fc83de01d8
      http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5_4.1.0-3+lenny1_alpha.deb
        Size/MD5 checksum: 11132464 6b307db1dd606a5fbbad60745cf51236
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs-bin_4.1.0-3+lenny1_amd64.deb
        Size/MD5 checksum:   450758 dc184603a57dc4bbcedde957086463c3
      http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dbg_4.1.0-3+lenny1_amd64.deb
        Size/MD5 checksum: 65872658 3bc3de5af3ff3722bd7817b6c4a4c4d4
      http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5_4.1.0-3+lenny1_amd64.deb
        Size/MD5 checksum: 10078022 aec949a2390e430248089ebb3790ed78
      http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dev_4.1.0-3+lenny1_amd64.deb
        Size/MD5 checksum:  1454348 51a11bc442e5155ee37bc276c2cb025e
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs-bin_4.1.0-3+lenny1_arm.deb
        Size/MD5 checksum:   445060 4c9f86c771e9d24459fc1a1369b19d1c
      http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dbg_4.1.0-3+lenny1_arm.deb
        Size/MD5 checksum: 67062788 8ead631de22e777ac573400dc7829728
      http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dev_4.1.0-3+lenny1_arm.deb
        Size/MD5 checksum:  1501464 e90a472bd53283512dda2c5522b1e779
      http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5_4.1.0-3+lenny1_arm.deb
        Size/MD5 checksum: 10159066 44dc0551f1664e6775cca2fc2e9568c8
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs-bin_4.1.0-3+lenny1_hppa.deb
        Size/MD5 checksum:   468294 71da7f31e8f21706831abfb597d6c161
      http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5_4.1.0-3+lenny1_hppa.deb
        Size/MD5 checksum: 11272148 eae478aac58c1e84cb57c9244bc6e633
      http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dbg_4.1.0-3+lenny1_hppa.deb
        Size/MD5 checksum: 66023980 bc0eeed2957433fdf38f227d464c4dac
      http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dev_4.1.0-3+lenny1_hppa.deb
        Size/MD5 checksum:  1501146 55ebcb8acd0e29c84dad063f030d4b32
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5_4.1.0-3+lenny1_i386.deb
        Size/MD5 checksum:  9495028 0486badbc6a675555500eac834e66770
      http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dev_4.1.0-3+lenny1_i386.deb
        Size/MD5 checksum:  1494680 7caef230087548ae9fafc4c9cbfa51a6
      http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs-bin_4.1.0-3+lenny1_i386.deb
        Size/MD5 checksum:   428258 a2154b9e6f111e00d9fafee2e44950d3
      http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dbg_4.1.0-3+lenny1_i386.deb
        Size/MD5 checksum: 65050706 cc57db2601c136b0ea25aa2aafc9ada4
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs-bin_4.1.0-3+lenny1_ia64.deb
        Size/MD5 checksum:   636012 8835da7f0554073419c9bb1ea699be2f
      http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dbg_4.1.0-3+lenny1_ia64.deb
        Size/MD5 checksum: 69462428 1a34d47746eb45a014c6a18d7711437e
      http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dev_4.1.0-3+lenny1_ia64.deb
        Size/MD5 checksum:  1490832 1731fe69a65e2aaeecbc7c31ba594ea3
      http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5_4.1.0-3+lenny1_ia64.deb
        Size/MD5 checksum: 14283690 92e7eaeeb3288d64aad305c1f7b46ace
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs-bin_4.1.0-3+lenny1_mips.deb
        Size/MD5 checksum:   411002 fc291f1f164002ffa25f21ab4413d418
      http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dev_4.1.0-3+lenny1_mips.deb
        Size/MD5 checksum:  1491562 5ad177aedcac523d4414c1b33590a8aa
      http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dbg_4.1.0-3+lenny1_mips.deb
        Size/MD5 checksum: 67214842 6bf4782cae7a4bb07600a8c4622d2ba8
      http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5_4.1.0-3+lenny1_mips.deb
        Size/MD5 checksum:  8922858 e2081fa92bc60067bf3fab1d9553d9f0
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dev_4.1.0-3+lenny1_mipsel.deb
        Size/MD5 checksum:  1445728 0e93a06b9c99da3e19fe9ed57effc2af
      http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dbg_4.1.0-3+lenny1_mipsel.deb
        Size/MD5 checksum: 64601046 76bcf6fa57c4c9fe4146996227fd483e
      http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs-bin_4.1.0-3+lenny1_mipsel.deb
        Size/MD5 checksum:   410088 c1a038807d9bfd9ec21b3d3fb9b4ad3b
      http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5_4.1.0-3+lenny1_mipsel.deb
        Size/MD5 checksum:  8776788 a4e68c739bc64700c8cba42746337051
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5_4.1.0-3+lenny1_powerpc.deb
        Size/MD5 checksum: 10152880 7c3caef790d31e75030798ff255860f0
      http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dev_4.1.0-3+lenny1_powerpc.deb
        Size/MD5 checksum:  1504080 2a6f91b2f9d251f7c948db16b26b74e6
      http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs-bin_4.1.0-3+lenny1_powerpc.deb
        Size/MD5 checksum:   488426 f82580483fe29a15a635df5b130889f0
      http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dbg_4.1.0-3+lenny1_powerpc.deb
        Size/MD5 checksum: 69005164 b5142561ef43d8f394f69723ecfa101e
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dev_4.1.0-3+lenny1_s390.deb
        Size/MD5 checksum:  1454438 7f6117ffd81b9a759544a84b129451d2
      http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dbg_4.1.0-3+lenny1_s390.deb
        Size/MD5 checksum: 69791606 b67cba5028161769d9227e551ce1e3ce
      http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs-bin_4.1.0-3+lenny1_s390.deb
        Size/MD5 checksum:   476722 3871456f5fad8399f14f6711bd483635
      http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5_4.1.0-3+lenny1_s390.deb
        Size/MD5 checksum: 10410196 3a1c94adbe9d2cdf3aab21e684a2ee09
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"37","type":"x","order":"1","pct":51.39,"resources":[]},{"id":"88","title":"Should be more technical","votes":"10","type":"x","order":"2","pct":13.89,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"25","type":"x","order":"3","pct":34.72,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.