[Security Announce] [ MDKSA-2006:186 ] - Updated kdelibs packages fix KHTML vulnerability
Posted on: 10/19/2006 08:50 PM

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:186
http://www.mandriva.com/security/
_______________________________________________________________________

Package : kdelibs
Date : October 19, 2006
Affected: 2007.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________

Problem Description:

A vulnerability was discovered in the way that Qt handled pixmap images
and the KDE khtml library used Qt in such a way that untrusted
parameters could be passed to Qt, resulting in an integer overflow.
This flaw could be exploited by a remote attacker in a malicious
website that, when viewed by an individual using Konqueror, would cause
Konqueror to crash or possibly execute arbitrary code with the
privileges of the user.

Updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4811
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
0468fedc69128d4967771b9132b756f4 2007.0/i586/kdelibs-common-3.5.4-19.1mdv2007.0.i586.rpm
2dc30948c1fdce7e25d9b7a8a9379e51 2007.0/i586/kdelibs-devel-doc-3.5.4-19.1mdv2007.0.i586.rpm
7c637c18db5254991e86662b4d0a3dbd 2007.0/i586/libkdecore4-3.5.4-19.1mdv2007.0.i586.rpm
2990a2078b4971d5b3fff5a8282834aa 2007.0/i586/libkdecore4-devel-3.5.4-19.1mdv2007.0.i586.rpm
de92b184fd62a8aa54278c0a7aeb5f43 2007.0/SRPMS/kdelibs-3.5.4-19.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
e067573bb458b0606e19c8950fedb860 2007.0/x86_64/kdelibs-common-3.5.4-19.1mdv2007.0.x86_64.rpm
5143af28520ea05d50bc07a92523bf5a 2007.0/x86_64/kdelibs-devel-doc-3.5.4-19.1mdv2007.0.x86_64.rpm
452cd5fe9b000d31911cc8b19dbed9ca 2007.0/x86_64/lib64kdecore4-3.5.4-19.1mdv2007.0.x86_64.rpm
22e66d820ad6e94c332df514e756b06c 2007.0/x86_64/lib64kdecore4-devel-3.5.4-19.1mdv2007.0.x86_64.rpm
de92b184fd62a8aa54278c0a7aeb5f43 2007.0/SRPMS/kdelibs-3.5.4-19.1mdv2007.0.src.rpm

Corporate 3.0:
692f918e3e7acbe933684d973261ca0c corporate/3.0/i586/kdelibs-common-3.2-36.16.C30mdk.i586.rpm
8537e316e30762eb2420e0c2412ffaf8 corporate/3.0/i586/libkdecore4-3.2-36.16.C30mdk.i586.rpm
37d09cd7b937ac25e98b87fe4161bfe1 corporate/3.0/i586/libkdecore4-devel-3.2-36.16.C30mdk.i586.rpm
815b64f8f6d1309414fa128ff049fa8a corporate/3.0/SRPMS/kdelibs-3.2-36.16.C30mdk.src.rpm

Corporate 3.0/X86_64:
80f41ba7cab5c29812574b255487ff75 corporate/3.0/x86_64/kdelibs-common-3.2-36.16.C30mdk.x86_64.rpm
690b32020e45a8f1e1d7cff8dc3d342b corporate/3.0/x86_64/lib64kdecore4-3.2-36.16.C30mdk.x86_64.rpm
39f37ea645b542dfd872b015d7b2db53 corporate/3.0/x86_64/lib64kdecore4-devel-3.2-36.16.C30mdk.x86_64.rpm
8537e316e30762eb2420e0c2412ffaf8 corporate/3.0/x86_64/libkdecore4-3.2-36.16.C30mdk.i586.rpm
815b64f8f6d1309414fa128ff049fa8a corporate/3.0/SRPMS/kdelibs-3.2-36.16.C30mdk.src.rpm

Corporate 4.0:
3561f4ec95d79ede9284cb1ff897681b corporate/4.0/i586/kdelibs-arts-3.5.4-1.2.20060mlcs4.i586.rpm
3e19560491f720fd9034a95dfb4f529d corporate/4.0/i586/kdelibs-common-3.5.4-1.2.20060mlcs4.i586.rpm
633e83e144a3a0daa1057ecae48a0991 corporate/4.0/i586/kdelibs-devel-doc-3.5.4-1.2.20060mlcs4.i586.rpm
853c0d7af1b8515c9226eb3ff1ae0e52 corporate/4.0/i586/libkdecore4-3.5.4-1.2.20060mlcs4.i586.rpm
ffe121c5ed1528769d981a5b5d526b81 corporate/4.0/i586/libkdecore4-devel-3.5.4-1.2.20060mlcs4.i586.rpm
52f9f74e64bf4da50df95c02d350fa11 corporate/4.0/SRPMS/kdelibs-3.5.4-1.2.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
6ad107993dc8ba3726eb47bb087393e4 corporate/4.0/x86_64/kdelibs-arts-3.5.4-1.2.20060mlcs4.x86_64.rpm
4be667bf1d745fedc81314d697e3320a corporate/4.0/x86_64/kdelibs-common-3.5.4-1.2.20060mlcs4.x86_64.rpm
a1480b53dcf74c2af2c044c0da4b45d7 corporate/4.0/x86_64/kdelibs-devel-doc-3.5.4-1.2.20060mlcs4.x86_64.rpm
e40a8bb434849c3976ba57f1e52ba78e corporate/4.0/x86_64/lib64kdecore4-3.5.4-1.2.20060mlcs4.x86_64.rpm
4e488a23bad70524ef7d731b834cbe50 corporate/4.0/x86_64/lib64kdecore4-devel-3.5.4-1.2.20060mlcs4.x86_64.rpm
52f9f74e64bf4da50df95c02d350fa11 corporate/4.0/SRPMS/kdelibs-3.5.4-1.2.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFN6HxmqjQ0CJFipgRAlhPAJ9upOtzc8Tca3AdO3yKvA5NbUPyDwCgujf4
3inMK/Y7xE5b7lQ2ONGuD0I=
=dWxU
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_announce_mdksa_2006186__updated_kdelibs_packages_fix_khtml_vulnerability.html)