[ MDKSA-2006:186 ] - Updated kdelibs packages fix KHTML vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2006:186
http://www.mandriva.com/security/
_______________________________________________________________________
Package : kdelibs
Date : October 19, 2006
Affected: 2007.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
A vulnerability was discovered in the way that Qt handled pixmap images
and the KDE khtml library used Qt in such a way that untrusted
parameters could be passed to Qt, resulting in an integer overflow.
This flaw could be exploited by a remote attacker in a malicious
website that, when viewed by an individual using Konqueror, would cause
Konqueror to crash or possibly execute arbitrary code with the
privileges of the user.
Updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4811
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
0468fedc69128d4967771b9132b756f4
2007.0/i586/kdelibs-common-3.5.4-19.1mdv2007.0.i586.rpm
2dc30948c1fdce7e25d9b7a8a9379e51
2007.0/i586/kdelibs-devel-doc-3.5.4-19.1mdv2007.0.i586.rpm
7c637c18db5254991e86662b4d0a3dbd
2007.0/i586/libkdecore4-3.5.4-19.1mdv2007.0.i586.rpm
2990a2078b4971d5b3fff5a8282834aa
2007.0/i586/libkdecore4-devel-3.5.4-19.1mdv2007.0.i586.rpm
de92b184fd62a8aa54278c0a7aeb5f43
2007.0/SRPMS/kdelibs-3.5.4-19.1mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
e067573bb458b0606e19c8950fedb860
2007.0/x86_64/kdelibs-common-3.5.4-19.1mdv2007.0.x86_64.rpm
5143af28520ea05d50bc07a92523bf5a
2007.0/x86_64/kdelibs-devel-doc-3.5.4-19.1mdv2007.0.x86_64.rpm
452cd5fe9b000d31911cc8b19dbed9ca
2007.0/x86_64/lib64kdecore4-3.5.4-19.1mdv2007.0.x86_64.rpm
22e66d820ad6e94c332df514e756b06c
2007.0/x86_64/lib64kdecore4-devel-3.5.4-19.1mdv2007.0.x86_64.rpm
de92b184fd62a8aa54278c0a7aeb5f43
2007.0/SRPMS/kdelibs-3.5.4-19.1mdv2007.0.src.rpm
Corporate 3.0:
692f918e3e7acbe933684d973261ca0c
corporate/3.0/i586/kdelibs-common-3.2-36.16.C30mdk.i586.rpm
8537e316e30762eb2420e0c2412ffaf8
corporate/3.0/i586/libkdecore4-3.2-36.16.C30mdk.i586.rpm
37d09cd7b937ac25e98b87fe4161bfe1
corporate/3.0/i586/libkdecore4-devel-3.2-36.16.C30mdk.i586.rpm
815b64f8f6d1309414fa128ff049fa8a
corporate/3.0/SRPMS/kdelibs-3.2-36.16.C30mdk.src.rpm
Corporate 3.0/X86_64:
80f41ba7cab5c29812574b255487ff75
corporate/3.0/x86_64/kdelibs-common-3.2-36.16.C30mdk.x86_64.rpm
690b32020e45a8f1e1d7cff8dc3d342b
corporate/3.0/x86_64/lib64kdecore4-3.2-36.16.C30mdk.x86_64.rpm
39f37ea645b542dfd872b015d7b2db53
corporate/3.0/x86_64/lib64kdecore4-devel-3.2-36.16.C30mdk.x86_64.rpm
8537e316e30762eb2420e0c2412ffaf8
corporate/3.0/x86_64/libkdecore4-3.2-36.16.C30mdk.i586.rpm
815b64f8f6d1309414fa128ff049fa8a
corporate/3.0/SRPMS/kdelibs-3.2-36.16.C30mdk.src.rpm
Corporate 4.0:
3561f4ec95d79ede9284cb1ff897681b
corporate/4.0/i586/kdelibs-arts-3.5.4-1.2.20060mlcs4.i586.rpm
3e19560491f720fd9034a95dfb4f529d
corporate/4.0/i586/kdelibs-common-3.5.4-1.2.20060mlcs4.i586.rpm
633e83e144a3a0daa1057ecae48a0991
corporate/4.0/i586/kdelibs-devel-doc-3.5.4-1.2.20060mlcs4.i586.rpm
853c0d7af1b8515c9226eb3ff1ae0e52
corporate/4.0/i586/libkdecore4-3.5.4-1.2.20060mlcs4.i586.rpm
ffe121c5ed1528769d981a5b5d526b81
corporate/4.0/i586/libkdecore4-devel-3.5.4-1.2.20060mlcs4.i586.rpm
52f9f74e64bf4da50df95c02d350fa11
corporate/4.0/SRPMS/kdelibs-3.5.4-1.2.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
6ad107993dc8ba3726eb47bb087393e4
corporate/4.0/x86_64/kdelibs-arts-3.5.4-1.2.20060mlcs4.x86_64.rpm
4be667bf1d745fedc81314d697e3320a
corporate/4.0/x86_64/kdelibs-common-3.5.4-1.2.20060mlcs4.x86_64.rpm
a1480b53dcf74c2af2c044c0da4b45d7
corporate/4.0/x86_64/kdelibs-devel-doc-3.5.4-1.2.20060mlcs4.x86_64.rpm
e40a8bb434849c3976ba57f1e52ba78e
corporate/4.0/x86_64/lib64kdecore4-3.5.4-1.2.20060mlcs4.x86_64.rpm
4e488a23bad70524ef7d731b834cbe50
corporate/4.0/x86_64/lib64kdecore4-devel-3.5.4-1.2.20060mlcs4.x86_64.rpm
52f9f74e64bf4da50df95c02d350fa11
corporate/4.0/SRPMS/kdelibs-3.5.4-1.2.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFFN6HxmqjQ0CJFipgRAlhPAJ9upOtzc8Tca3AdO3yKvA5NbUPyDwCgujf4
3inMK/Y7xE5b7lQ2ONGuD0I=
=dWxU
-----END PGP SIGNATURE-----