Mandriva 1271 Published by

The Mandriva Security Team published a new security update: MDKSA-2006:019 - Updated kdelibs packages fix vulnerability for Mandriva Linux. Here the announcement:



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:019
http://www.mandriva.com/security/
_______________________________________________________________________

Package : kdelibs
Date : January 20, 2006
Affected: 2006.0, Corporate 3.0
_______________________________________________________________________

Problem Description:

A heap overflow vulnerability was discovered in kjs, the KDE JavaScript
interpretter engine. An attacker could create a malicious web site
that contained carefully crafted JavaScript code that could trigger the
flaw and potentially lead to the arbitrary execution of code as the
user visiting the site.

The updated packages have been patched to correct this problem.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0019
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2006.0:
6d11e781a5112ab7d2c991df1bca4c0d 2006.0/RPMS/kdelibs-common-3.4.2-31.3.20060mdk.i586.rpm
09ddb324793a6af1e5bb55912896a9a1 2006.0/RPMS/kdelibs-devel-doc-3.4.2-31.3.20060mdk.i586.rpm
6211efda291f9327ed98d3aca442b1f0 2006.0/RPMS/libkdecore4-3.4.2-31.3.20060mdk.i586.rpm
77f643da674997a6ae38acd761f3016a 2006.0/RPMS/libkdecore4-devel-3.4.2-31.3.20060mdk.i586.rpm
57fb02e73896d75f28d9f9aad5f5dfef 2006.0/SRPMS/kdelibs-3.4.2-31.3.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
84b25eefbb6fa383dbc4ccf92c873f74 x86_64/2006.0/RPMS/kdelibs-common-3.4.2-31.3.20060mdk.x86_64.rpm
c3e42fe27e73df2da68ba768f0dbee4c x86_64/2006.0/RPMS/kdelibs-devel-doc-3.4.2-31.3.20060mdk.x86_64.rpm
a6a7258b0990a09b099e039f54db18bb x86_64/2006.0/RPMS/lib64kdecore4-3.4.2-31.3.20060mdk.x86_64.rpm
62a2e822dab43b67f7cdfb9258725d2b x86_64/2006.0/RPMS/lib64kdecore4-devel-3.4.2-31.3.20060mdk.x86_64.rpm
6211efda291f9327ed98d3aca442b1f0 x86_64/2006.0/RPMS/libkdecore4-3.4.2-31.3.20060mdk.i586.rpm
77f643da674997a6ae38acd761f3016a x86_64/2006.0/RPMS/libkdecore4-devel-3.4.2-31.3.20060mdk.i586.rpm
57fb02e73896d75f28d9f9aad5f5dfef x86_64/2006.0/SRPMS/kdelibs-3.4.2-31.3.20060mdk.src.rpm

Corporate 3.0:
e3b716c3fef88118742882a139d589fa corporate/3.0/RPMS/kdelibs-common-3.2-36.15.C30mdk.i586.rpm
439b0acb1afd62c8f894317ad5922557 corporate/3.0/RPMS/libkdecore4-3.2-36.15.C30mdk.i586.rpm
77e5302db914631a223c7fb6a55c623b corporate/3.0/RPMS/libkdecore4-devel-3.2-36.15.C30mdk.i586.rpm
8399789d3975218e919c7544cf4fff41 corporate/3.0/SRPMS/kdelibs-3.2-36.15.C30mdk.src.rpm

Corporate 3.0/X86_64:
04d568123ae0f632020b16d7ca3c79b5 x86_64/corporate/3.0/RPMS/kdelibs-common-3.2-36.15.C30mdk.x86_64.rpm
6c0451aa188253c07d9865880cb32c35 x86_64/corporate/3.0/RPMS/lib64kdecore4-3.2-36.15.C30mdk.x86_64.rpm
22160903e03c77c575a84ed9ef045ac6 x86_64/corporate/3.0/RPMS/lib64kdecore4-devel-3.2-36.15.C30mdk.x86_64.rpm
439b0acb1afd62c8f894317ad5922557 x86_64/corporate/3.0/RPMS/libkdecore4-3.2-36.15.C30mdk.i586.rpm
8399789d3975218e919c7544cf4fff41 x86_64/corporate/3.0/SRPMS/kdelibs-3.2-36.15.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFD0Wo/mqjQ0CJFipgRAmZ5AJwIj2pNBFllFW3SJGKuFTtDxynGqACg0D5Q
gtPHEfoCPKr+iAPlyii2ugE=
lJe
-----END PGP SIGNATURE-----