Fedora Core 4 Update: kdelibs-3.5.0-0.4.fc4

    Date27 Jan 2006
    CategoryFedora
    4885
    Posted ByJoe Shakespeare
    A heap overflow flaw was discovered affecting kjs, the JavaScript interpreter engine used by Konqueror and other parts of KDE. An attacker could create a malicious web site containing carefully crafted JavaScript code that would trigger this flaw and possibly lead to arbitrary code execution. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0019 to this issue. Users of KDE should upgrade to these updated packages, which contain a backported patch from the KDE security team correcting this issue
    ---------------------------------------------------------------------
    Fedora Update Notification
    FEDORA-2006-050
    2006-01-20
    ---------------------------------------------------------------------
    
    Product     : Fedora Core 4
    Name        : kdelibs
    Version     : 3.5.0                      
    Release     : 0.4.fc4                  
    Summary     : K Desktop Environment - Libraries
    Description :
    Libraries for the K Desktop Environment:
    KDE Libraries included: kdecore (KDE core library), kdeui (user interface),
    kfm (file manager), khtmlw (HTML widget), kio (Input/Output, networking),
    kspell (spelling checker), jscript (javascript), kab (addressbook),
    kimgio (image manipulation).
    
    ---------------------------------------------------------------------
    Update Information:
    
    A heap overflow flaw was discovered affecting kjs, the
    JavaScript interpreter engine used by Konqueror and other
    parts of KDE. An attacker could create a malicious web site
    containing carefully crafted JavaScript code that would
    trigger this flaw and possibly lead to arbitrary code
    execution. The Common Vulnerabilities and Exposures project
    assigned the name CVE-2006-0019 to this issue. 
    
    Users of KDE should upgrade to these updated packages, which
    contain a backported patch from the KDE security team
    correcting this issue
    ---------------------------------------------------------------------
    * Wed Jan 18 2006 Than Ngo  3.5.0-0.4.fc4 
    - apply patch to fix a printing problem
    - add requires on iceauth #176571
    * Wed Jan 11 2006 Karsten Hopp  6:3.5.0-0.3.fc4
    - fix kjs encodeuri/decodeuri heap overflow vulnerability, CVE-2006-0019
    
    ---------------------------------------------------------------------
    This update can be downloaded from:
      http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
    
    db86b76009dfd868772600e2b643197fd7d7be1a  SRPMS/kdelibs-3.5.0-0.4.fc4.src.rpm
    93b3eada75276675171f62e8f82602fc9d4174e8  ppc/kdelibs-3.5.0-0.4.fc4.ppc.rpm
    eaa612bac27317b96a0c88d6f122a8595acb1b7a  ppc/kdelibs-devel-3.5.0-0.4.fc4.ppc.rpm
    81d47e47869fceaba8a83207577e7e88eadd7eb4  ppc/debug/kdelibs-debuginfo-3.5.0-0.4.fc4.ppc.rpm
    e57159f6621915c22645ce3e35dfb34d9e1e8e80  x86_64/kdelibs-3.5.0-0.4.fc4.x86_64.rpm
    5558a0aeda509ec10a618c0a7e44532bced642da  x86_64/kdelibs-devel-3.5.0-0.4.fc4.x86_64.rpm
    8e0602b9f6f2b307b8317acad389c72e68110b2a  x86_64/debug/kdelibs-debuginfo-3.5.0-0.4.fc4.x86_64.rpm
    ba4d3840f602dedb774231eb821fd6dcbe73e3cf  i386/kdelibs-3.5.0-0.4.fc4.i386.rpm
    86d01df92bfc26b56e1dfba9f196c2d6aacf1ef8  i386/kdelibs-devel-3.5.0-0.4.fc4.i386.rpm
    397f3f220aa17b36ada0a165b31d225f5fd6580d  i386/debug/kdelibs-debuginfo-3.5.0-0.4.fc4.i386.rpm
    
    This update can be installed with the 'yum' update program.  Use 'yum update
    package-name' at the command line.  For more information, refer to 'Managing
    Software with yum,' available at http://fedora.redhat.com/docs/yum/.
    ---------------------------------------------------------------------
    
    -- 
    fedora-announce-list mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.redhat.com/mailman/listinfo/fedora-announce-list
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"65","type":"x","order":"1","pct":57.52,"resources":[]},{"id":"88","title":"Should be more technical","votes":"15","type":"x","order":"2","pct":13.27,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"33","type":"x","order":"3","pct":29.2,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.