From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1868-1
[email protected] http://www.debian.org/security/ Steffen Joeris
August 19, 2009
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : kde4libs
Vulnerability : several vulnerabilities
Problem type : local (remote)
Debian-specific: no
CVE Ids : CVE-2009-1690 CVE-2009-1698 CVE-2009-1687
Debian Bugs : 534949
Several security issues have been discovered in kde4libs, core libraries
for all KDE 4 applications. The Common Vulnerabilities and Exposures
project identifies the following problems:
CVE-2009-1690
It was discovered that there is a use-after-free flaw in handling
certain DOM event handlers. This could lead to the execution of
arbitrary code, when visiting a malicious website.
CVE-2009-1698
It was discovered that there could be an uninitialised pointer when
handling a Cascading Style Sheets (CSS) attr function call. This could
lead to the execution of arbitrary code, when visiting a malicious
website.
CVE-2009-1687
It was discovered that the JavaScript garbage collector does not handle allocation failures properly, which could lead to the execution of
arbitrary code when visiting a malicious website.
For the stable distribution (lenny), these problems have been fixed in
version 4:4.1.0-3+lenny1.
The oldstable distribution (etch) does not contain kde4libs.
For the testing distribution (squeeze), these problems will be fixed
soon.
For the unstable distribution (sid), these problems have been fixed in
version 4:4.3.0-1.
We recommend that you upgrade your kde4libs packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/k/kde4libs/kde4libs_4.1.0-3+lenny1.dsc
Size/MD5 checksum: 2149 7bc7675c4aa9e7afd4fa3f83b3f95810
http://security.debian.org/pool/updates/main/k/kde4libs/kde4libs_4.1.0-3+lenny1.diff.gz
Size/MD5 checksum: 91423 ecc50e9bedff96a3285a031141ea15d6
http://security.debian.org/pool/updates/main/k/kde4libs/kde4libs_4.1.0.orig.tar.gz
Size/MD5 checksum: 11264345 05487ff0cbc3da093f19e59184b259c7
Architecture independent packages:
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-data_4.1.0-3+lenny1_all.deb
Size/MD5 checksum: 3140792 47debc16cde2c9a927252ef09d89c1a3
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs-bin_4.1.0-3+lenny1_alpha.deb
Size/MD5 checksum: 485854 b888554c3d2658b0af3abfa842c58588
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dbg_4.1.0-3+lenny1_alpha.deb
Size/MD5 checksum: 67441346 e6d761db09e246d88139e3416de56611
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dev_4.1.0-3+lenny1_alpha.deb
Size/MD5 checksum: 1468330 b8c3ce39505d2532f2c5d7fc83de01d8
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5_4.1.0-3+lenny1_alpha.deb
Size/MD5 checksum: 11132464 6b307db1dd606a5fbbad60745cf51236
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs-bin_4.1.0-3+lenny1_amd64.deb
Size/MD5 checksum: 450758 dc184603a57dc4bbcedde957086463c3
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dbg_4.1.0-3+lenny1_amd64.deb
Size/MD5 checksum: 65872658 3bc3de5af3ff3722bd7817b6c4a4c4d4
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5_4.1.0-3+lenny1_amd64.deb
Size/MD5 checksum: 10078022 aec949a2390e430248089ebb3790ed78
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dev_4.1.0-3+lenny1_amd64.deb
Size/MD5 checksum: 1454348 51a11bc442e5155ee37bc276c2cb025e
arm architecture (ARM)
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs-bin_4.1.0-3+lenny1_arm.deb
Size/MD5 checksum: 445060 4c9f86c771e9d24459fc1a1369b19d1c
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dbg_4.1.0-3+lenny1_arm.deb
Size/MD5 checksum: 67062788 8ead631de22e777ac573400dc7829728
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dev_4.1.0-3+lenny1_arm.deb
Size/MD5 checksum: 1501464 e90a472bd53283512dda2c5522b1e779
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5_4.1.0-3+lenny1_arm.deb
Size/MD5 checksum: 10159066 44dc0551f1664e6775cca2fc2e9568c8
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs-bin_4.1.0-3+lenny1_hppa.deb
Size/MD5 checksum: 468294 71da7f31e8f21706831abfb597d6c161
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5_4.1.0-3+lenny1_hppa.deb
Size/MD5 checksum: 11272148 eae478aac58c1e84cb57c9244bc6e633
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dbg_4.1.0-3+lenny1_hppa.deb
Size/MD5 checksum: 66023980 bc0eeed2957433fdf38f227d464c4dac
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dev_4.1.0-3+lenny1_hppa.deb
Size/MD5 checksum: 1501146 55ebcb8acd0e29c84dad063f030d4b32
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5_4.1.0-3+lenny1_i386.deb
Size/MD5 checksum: 9495028 0486badbc6a675555500eac834e66770
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dev_4.1.0-3+lenny1_i386.deb
Size/MD5 checksum: 1494680 7caef230087548ae9fafc4c9cbfa51a6
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs-bin_4.1.0-3+lenny1_i386.deb
Size/MD5 checksum: 428258 a2154b9e6f111e00d9fafee2e44950d3
http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dbg_4.1.0-3+lenny1_i386.deb
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)