[ MDKSA-2007:076 ] - Updated kdelibs packages to address UTF8 issue in KJS
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2007:076
http://www.mandriva.com/security/
_______________________________________________________________________
Package : kdelibs
Date : April 3, 2007
Affected: 2007.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
A bug was discovered in KJS where UTF8 decoding did not reject
overlong sequences. This vulnerability is similar to that discovered
by Andreas Nolden in QT3 and QT4, but at this current time there is
no known exploit for this issue.
Updated packages have been patched to address this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0242
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2007.0:
0aa169f71ee453bfae98225220c331cc
2007.0/i586/kdelibs-common-3.5.4-19.5mdv2007.0.i586.rpm
540a3bc9d82874b836b30a6948ef3bc9
2007.0/i586/kdelibs-devel-doc-3.5.4-19.5mdv2007.0.i586.rpm
825e626133ee2026b57a734d4afa8b44
2007.0/i586/libkdecore4-3.5.4-19.5mdv2007.0.i586.rpm
506795606555cd7ece65961e2a9b2b3a
2007.0/i586/libkdecore4-devel-3.5.4-19.5mdv2007.0.i586.rpm
75268625fe932b3031f10b431263c4a2
2007.0/SRPMS/kdelibs-3.5.4-19.5mdv2007.0.src.rpm
Mandriva Linux 2007.0/X86_64:
1e3ce972420dfd5fa9f59f7488aad8ec
2007.0/x86_64/kdelibs-common-3.5.4-19.5mdv2007.0.x86_64.rpm
5dd0d9118284bed00433f49758507199
2007.0/x86_64/kdelibs-devel-doc-3.5.4-19.5mdv2007.0.x86_64.rpm
59e713d7e771adc76c681a748661f7df
2007.0/x86_64/lib64kdecore4-3.5.4-19.5mdv2007.0.x86_64.rpm
0c927e5eeaf866777896e3931dbdc8a1
2007.0/x86_64/lib64kdecore4-devel-3.5.4-19.5mdv2007.0.x86_64.rpm
75268625fe932b3031f10b431263c4a2
2007.0/SRPMS/kdelibs-3.5.4-19.5mdv2007.0.src.rpm
Corporate 3.0:
f770e85fb181f424d3540f59c9fc1bd9
corporate/3.0/i586/kdelibs-common-3.2-36.19.C30mdk.i586.rpm
38bd33a2679b4b5674e066873bec271b
corporate/3.0/i586/libkdecore4-3.2-36.19.C30mdk.i586.rpm
218a3e5b7b0878e5b311480058541471
corporate/3.0/i586/libkdecore4-devel-3.2-36.19.C30mdk.i586.rpm
19207b2c9f959c3ebbd5f79a56623019
corporate/3.0/SRPMS/kdelibs-3.2-36.19.C30mdk.src.rpm
Corporate 3.0/X86_64:
e05e552edb1f2fdecc958b10d4dcd690
corporate/3.0/x86_64/kdelibs-common-3.2-36.19.C30mdk.x86_64.rpm
4b745bb2df2bf4a27f8fc1a771a2ed69
corporate/3.0/x86_64/lib64kdecore4-3.2-36.19.C30mdk.x86_64.rpm
52dee8f032dad49e3d7be1b1b2ec5e0d
corporate/3.0/x86_64/lib64kdecore4-devel-3.2-36.19.C30mdk.x86_64.rpm
19207b2c9f959c3ebbd5f79a56623019
corporate/3.0/SRPMS/kdelibs-3.2-36.19.C30mdk.src.rpm
Corporate 4.0:
5f5ef89ea729076d60807144b008ce8e
corporate/4.0/i586/kdelibs-arts-3.5.4-2.6.20060mlcs4.i586.rpm
26b0905eb396fc655ddae0544d968b17
corporate/4.0/i586/kdelibs-common-3.5.4-2.6.20060mlcs4.i586.rpm
30ecb24ea79e5a351e92e908db2f2041
corporate/4.0/i586/kdelibs-devel-doc-3.5.4-2.6.20060mlcs4.i586.rpm
888dca62168338a4c2132aa65fca2194
corporate/4.0/i586/libkdecore4-3.5.4-2.6.20060mlcs4.i586.rpm
cccd180b1203fbc89ffa829b4ede997b
corporate/4.0/i586/libkdecore4-devel-3.5.4-2.6.20060mlcs4.i586.rpm
9d916dfabd10de831d0d7e4bad1531e4
corporate/4.0/SRPMS/kdelibs-3.5.4-2.6.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
0f32189c5c8206c675d239041a259228
corporate/4.0/x86_64/kdelibs-arts-3.5.4-2.6.20060mlcs4.x86_64.rpm
94ca6193db1cfeca24243e71189eecb9
corporate/4.0/x86_64/kdelibs-common-3.5.4-2.6.20060mlcs4.x86_64.rpm
5cb2db298db9ce38e72f148807cbe57d
corporate/4.0/x86_64/kdelibs-devel-doc-3.5.4-2.6.20060mlcs4.x86_64.rpm
347e22ee06124bd9be049d18d2a91963
corporate/4.0/x86_64/lib64kdecore4-3.5.4-2.6.20060mlcs4.x86_64.rpm
e6a02d2d4981c8f4afefc3c95e8346b8
corporate/4.0/x86_64/lib64kdecore4-devel-3.5.4-2.6.20060mlcs4.x86_64.rpm
9d916dfabd10de831d0d7e4bad1531e4
corporate/4.0/SRPMS/kdelibs-3.5.4-2.6.20060mlcs4.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGEtfEmqjQ0CJFipgRAg+JAJ94gIRpk7Gda9aourGg32e6qE6wVACgr3AK
VKq+8OMccmSaPwPYFb8kGWs=
=2T7U
-----END PGP SIGNATURE-----