From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1867-1
[email protected] http://www.debian.org/security/ Steffen Joeris
August 19, 2009
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : kdelibs
Vulnerability : several vulnerabilities
Problem type : local (remote)
Debian-specific: no
CVE Ids : CVE-2009-1690 CVE-2009-1698 CVE-2009-1687
Debian Bugs : 534952
Several security issues have been discovered in kdelibs, core libraries
from the official KDE release. The Common Vulnerabilities and Exposures
project identifies the following problems:
CVE-2009-1690
It was discovered that there is a use-after-free flaw in handling
certain DOM event handlers. This could lead to the execution of
arbitrary code, when visiting a malicious website.
CVE-2009-1698
It was discovered that there could be an uninitialised pointer when
handling a Cascading Style Sheets (CSS) attr function call. This could
lead to the execution of arbitrary code, when visiting a malicious
website.
CVE-2009-1687
It was discovered that the JavaScript garbage collector does not handle allocation failures properly, which could lead to the execution of
arbitrary code when visiting a malicious website.
For the stable distribution (lenny), these problems have been fixed in
version 4:3.5.10.dfsg.1-0lenny2.
For the oldstable distribution (etch), these problems have been fixed
in version 4:3.5.5a.dfsg.1-8etch2.
For the testing distribution (squeeze) and the unstable distribution
(sid), these problems will be fixed soon.
We recommend that you upgrade your kdelibs packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.5a.dfsg.1.orig.tar.gz
Size/MD5 checksum: 18684663 a3f13367dcadef4749ba0173c8bc5f8e
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.5a.dfsg.1-8etch2.dsc
Size/MD5 checksum: 1635 0eb586c194525c6efbfda4c7505faf97
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.5a.dfsg.1-8etch2.diff.gz
Size/MD5 checksum: 601893 1452f9edd815d35268c580caba07c69b
Architecture independent packages:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.5a.dfsg.1-8etch2_all.deb
Size/MD5 checksum: 34590 8d069056020a0d76c5657105c764c4c4
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-data_3.5.5a.dfsg.1-8etch2_all.deb
Size/MD5 checksum: 8599236 93a407c519ffef8ecfb182aadb59a86f
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-doc_3.5.5a.dfsg.1-8etch2_all.deb
Size/MD5 checksum: 40223822 95cdb51e0f3104ff26fe2d3419c79ab7
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch2_alpha.deb
Size/MD5 checksum: 11344306 6348981220a7b68267630b03e9b9c981
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch2_alpha.deb
Size/MD5 checksum: 1385806 e64b605767065b4dff321c01caf5b037
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch2_alpha.deb
Size/MD5 checksum: 47403994 898f8d449d4fcbf7ff69db361b1f5335
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch2_amd64.deb
Size/MD5 checksum: 1341342 ae284490ea0849d87071e87a83a1c687
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch2_amd64.deb
Size/MD5 checksum: 27018282 3866668423626ca47f92d01e7b643e6d
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch2_amd64.deb
Size/MD5 checksum: 10400204 9bec5c062bbd4d58a9da7f024f0e04c3
arm architecture (ARM)
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch2_arm.deb
Size/MD5 checksum: 1382100 bc7e214c08ebed30226eb8f42bebe172
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch2_arm.deb
Size/MD5 checksum: 46418580 f720c63d08017ccd553bc7d12ae93008
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch2_arm.deb
Size/MD5 checksum: 9302584 f661269d0085547f5993fcf28fb93a96
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch2_hppa.deb
Size/MD5 checksum: 1385038 5b9a334a18f36f23d76a7cad7618368e
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch2_hppa.deb
Size/MD5 checksum: 11295246 676e6d6bd97a1a0eef8476cdf12a2fc2
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch2_hppa.deb
Size/MD5 checksum: 27634968 7630102f5f57d2ccf39013aa1689bd70
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch2_i386.deb
Size/MD5 checksum: 26268130 9562a77ad5b8dd761c1514bae672c35b
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch2_i386.deb
Size/MD5 checksum: 1382698 415adb54c701be487552a24280e4e1cb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch2_i386.deb
Size/MD5 checksum: 9742340 44d58eccf0d6de0626ee627821aab8b0
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch2_ia64.deb
Size/MD5 checksum: 13676054 8683ddc99ac43cb8c554b9122f745993
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch2_ia64.deb
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)