=========================================================== Ubuntu Security Notice USN-447-1 March 28, 2007 kdelibs vulnerabilities CVE-2007-1308, CVE-2007-1564 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.06 LTS Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.10: kdelibs4c2 4:3.4.3-0ubuntu2.3 Ubuntu 6.06 LTS: kdelibs4c2a 4:3.5.2-0ubuntu18.3 Ubuntu 6.10: kdelibs4c2a 4:3.5.5-0ubuntu3.1.1 After a standard system upgrade you need to restart your session or reboot your computer to effect the necessary changes. Details follow: It was discovered that Konqueror did not correctly handle iframes from JavaScript. If a user were tricked into visiting a malicious website, Konqueror could crash, resulting in a denial of service. (CVE-2007-1308) A flaw was discovered in how Konqueror handled PASV FTP responses. If a user were tricked into visiting a malicious FTP server, a remote attacker could perform a port-scan of machines within the user's network, leading to private information disclosure. (CVE-2007-1564) Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3-0ubuntu2.3.diff.gz Size/MD5: 331196 ce7f5a5b496c96f6fa211dbcfca57441 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3-0ubuntu2.3.dsc Size/MD5: 1523 207ff389d7fc01840f45c6d67cb213ec http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3.orig.tar.gz Size/MD5: 19981388 36e7a8320bd95760b41c4849da170100 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.4.3-0ubuntu2.3_all.deb Size/MD5: 6970532 585c27304d3c6c72abfff3c850c35878 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.4.3-0ubuntu2.3_all.deb Size/MD5: 29297968 7cba2912be78dbcda4f962598faa47f0 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3-0ubuntu2.3_all.deb Size/MD5: 30798 f32995f468d8e55069bb3a9ed3875df3 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.3_amd64.deb Size/MD5: 926398 bc31b7ee86b7954a1d7cd160e31368c9 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.3_amd64.deb Size/MD5: 1309130 87ffea47867a7d4cdd47252aacc5318a http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.3_amd64.deb Size/MD5: 22556030 8363ad9b98e94e483c30fdaaf9b16ece http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.3_amd64.deb Size/MD5: 9109046 256b4b9e268d3a196842b94b3291f95f i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.3_i386.deb Size/MD5: 814386 e4773b83a7310ceff213428bd6c2945b http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.3_i386.deb Size/MD5: 1305728 c2d0974505f004f846129c00c30c95f5 http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.3_i386.deb Size/MD5: 19412132 1699509bc7a95fbba0c742cbab1976d5 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.3_i386.deb Size/MD5: 8073460 b21d7e26c0cd1c1c911c3ff9f3babaa4 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.3_powerpc.deb Size/MD5: 909612 e5f632d2bfced6e73551f347d022dc18 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.3_powerpc.deb Size/MD5: 1310506 9949361c1d6176e1cff690088008ec22 http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.3_powerpc.deb Size/MD5: 22765996 e81bc470ff3df6e4d244e536f2cafb0d http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.3_powerpc.deb Size/MD5: 8433692 a1a98ca53909d3640c93676752caff9f sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.3_sparc.deb Size/MD5: 830600 689a9978f15d3c983cf46fb3d1c99618 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.3_sparc.deb Size/MD5: 1307072 f8d6b6c5449f9231816e8a32af2d6217 http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.3_sparc.deb Size/MD5: 20031914 b54bf0169aec254ae7dae1166e556a9b http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.3_sparc.deb Size/MD5: 8241016 515a47bebc8cdd8260e1f2c029e54b0f Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2-0ubuntu18.3.diff.gz Size/MD5: 479021 9dfa61a0bc7ac2fa9e231a73f90b907a http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2-0ubuntu18.3.dsc Size/MD5: 1609 77a9c85e3eb5c02d2d0c9fed9656218e http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2.orig.tar.gz Size/MD5: 18775353 00c878d449522fb8aa2769a4c5ae1fde Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.2-0ubuntu18.3_all.deb Size/MD5: 7083776 90b57cb50d0266b46e20345ac1d8f20f http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.5.2-0ubuntu18.3_all.deb Size/MD5: 41490386 521920d9adb4f6ef4c8ce376e6638515 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2-0ubuntu18.3_all.deb Size/MD5: 35864 877501467e0b55629e9319566acdc0c8 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.3_amd64.deb Size/MD5: 925354 639051a9d7bc46191f512f259c48cced http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.3_amd64.deb Size/MD5: 26450698 05a2e717c1cafaf96db5a6c64c3ee638 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.3_amd64.deb Size/MD5: 1355770 079efed78b8e8fc0e9876a892d8f893d http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.3_amd64.deb Size/MD5: 9407130 92d094a26b99e85e0047a1beb703ac4d i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.3_i386.deb Size/MD5: 815310 0515acdcfa95b11e6765d4fd9e2172fd http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.3_i386.deb Size/MD5: 22926532 d68e2b4ff9a8a7e1ae5fd69a6369bbb0 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.3_i386.deb Size/MD5: 1352408 a7bc277da74649b4b08d0f11a38733fc http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.3_i386.deb Size/MD5: 8334392 f02366d3218c6724a46ed5168d97c24f powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.3_powerpc.deb Size/MD5: 905906 b45f51d9ec980e5fe822dc0302553885 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.3_powerpc.deb Size/MD5: 26718690 230f4ec07811aa3f0bb2e9ad1b5ec9a1 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.3_powerpc.deb Size/MD5: 1357064 574761f420cb663e2b4b8f0d3cb7db89 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.3_powerpc.deb Size/MD5: 8689446 68365b5320ca9ebbe2348bab087470b6 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.3_sparc.deb Size/MD5: 827102 d8022db2b9c2d51c6b69cf635034eaba http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.3_sparc.deb Size/MD5: 23625198 13060539cbaf2cc18b3875a8cca8c51a http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.3_sparc.deb Size/MD5: 1353460 e466a3169125c515003d0aaabc0f17db http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.3_sparc.deb Size/MD5: 8491674 1aa5103c6c27263aedc32bcca922e387 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.5-0ubuntu3.1.1.diff.gz Size/MD5: 735321 5f4e1c600ca46b5bafffb74bd9c1ca43 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.5-0ubuntu3.1.1.dsc Size/MD5: 1695 5120fc144d7f0ecfa1092dfa4ef8626a http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.5.orig.tar.gz Size/MD5: 18926397 65e455d5814142ee992097230ffe7e80 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.5-0ubuntu3.1.1_all.deb Size/MD5: 7210740 63aeab1a13af3105206cfcb2f2dbe4a9 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.5.5-0ubuntu3.1.1_all.deb Size/MD5: 39976638 124f2ff227334b94bd4492b899b44c97 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.5-0ubuntu3.1.1_all.deb Size/MD5: 37844 b673fdd085cc8e3d1c129329a01732a7 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.5-0ubuntu3.1.1_amd64.deb Size/MD5: 27051530 425179ee6a693470307c8624e0e48ebe http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.5-0ubuntu3.1.1_amd64.deb Size/MD5: 1345564 0df85adcb1dc05c49c3567e8db7bda6e http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.5-0ubuntu3.1.1_amd64.deb Size/MD5: 10401504 53c0bb19f218d73a5a438b27c54425cc i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.5-0ubuntu3.1.1_i386.deb Size/MD5: 26229274 42824c9e1e8e6286ed540704c79f1bb8 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.5-0ubuntu3.1.1_i386.deb Size/MD5: 1343204 f5ccf2868db42e8681b904106f422239 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.5-0ubuntu3.1.1_i386.deb Size/MD5: 9555020 93cc1bea30af44762420bb7b712a5481 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.5-0ubuntu3.1.1_powerpc.deb Size/MD5: 28018770 68b00882eac1afcbe6a401f4a26dfac8 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.5-0ubuntu3.1.1_powerpc.deb Size/MD5: 1347248 694c63ed6a07b52221a1df1e6dde2952 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.5-0ubuntu3.1.1_powerpc.deb Size/MD5: 9782202 0cd4fe24395cbb619444806c7d17925f sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.5-0ubuntu3.1.1_sparc.deb Size/MD5: 25365716 87cf32e98d46a76d8b764fa738552f3a http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.5-0ubuntu3.1.1_sparc.deb Size/MD5: 1343252 6666efa441a2c2e114f9f95ca4acf187 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.5-0ubuntu3.1.1_sparc.deb Size/MD5: 9473036 1c711fe9ed9e4bf29f9d467adabc25dc
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/