what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

usn-245-1.txt

usn-245-1.txt
Posted Jan 22, 2006
Authored by Martin Pitt | Site security.ubuntu.com

Ubuntu Security Notice USN-245-1 - Maksim Orlovich discovered that kjs, the Javascript interpreter engine used by Konqueror and other parts of KDE, did not sufficiently verify the validity of UTF-8 encoded URIs. Specially crafted URIs could trigger a buffer overflow.

tags | advisory, overflow, javascript
systems | linux, ubuntu
SHA-256 | 137d1369fa980e9e557cf30490ce57d1b20d218f248ea94f0754accf74da61c1

usn-245-1.txt

Change Mirror Download

--NtwzykIc2mflq5ck
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

===========================================================
Ubuntu Security Notice USN-245-1 January 20, 2006
kdelibs vulnerability
CVE-2006-0019
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)a
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

kdelibs4c2

The problem can be corrected by upgrading the affected package to
version 4:3.4.0-0ubuntu3.5 (for Ubuntu 5.04), or 4:3.4.3-0ubuntu2 (for
Ubuntu 5.10). After a standard system upgrade you need to restart
your KDE session to effect the necessary changes.

Details follow:

Maksim Orlovich discovered that kjs, the Javascript interpreter engine
used by Konqueror and other parts of KDE, did not sufficiently verify
the validity of UTF-8 encoded URIs. Specially crafted URIs could
trigger a buffer overflow. By tricking an user into visiting a
web site with malicious JavaScript code, a remote attacker could
exploit this to execute arbitrary code with user privileges.

Updated packages for Ubuntu 5.04:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.0-0ubuntu3.5.diff.gz
Size/MD5: 358726 808a563f44d810c4f7b793e188b7ed6c
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.0-0ubuntu3.5.dsc
Size/MD5: 1334 2a4b47a2139ea105fb14a3299da6b9d4
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.0.orig.tar.gz
Size/MD5: 20024253 471740de13cfed37d35eb180fc1b9b38

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.4.0-0ubuntu3.5_all.deb
Size/MD5: 8013188 fe749972bb655f417e44b59256d7a16c
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.4.0-0ubuntu3.5_all.deb
Size/MD5: 12073474 1e298ff6fc736ac362c10a8ca14ec857
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.0-0ubuntu3.5_all.deb
Size/MD5: 20374 79edb84d4b48be8299261ea433cd2f61

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.0-0ubuntu3.5_amd64.deb
Size/MD5: 921910 ff4f8c8db8bf65131a9d1e8d824d0ba8
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.0-0ubuntu3.5_amd64.deb
Size/MD5: 1303726 1ded0008a54ca638f7c0234958daf2e4
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4_3.4.0-0ubuntu3.5_amd64.deb
Size/MD5: 8970084 94be0eb2e105a1eeaf206a207b788654

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.0-0ubuntu3.5_i386.deb
Size/MD5: 839716 b19557a1335907b7ad7a13f32df810da
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.0-0ubuntu3.5_i386.deb
Size/MD5: 1301176 83f4f74ea0b044f7d6153441c44808b1
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4_3.4.0-0ubuntu3.5_i386.deb
Size/MD5: 8397124 4118bddcce98d59780790dd204efab13

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.0-0ubuntu3.5_powerpc.deb
Size/MD5: 904676 945db8977ce062b2b559da6e257e4b87
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.0-0ubuntu3.5_powerpc.deb
Size/MD5: 1304384 0e1c73bf68e80d82b351487d35e0b2f6
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4_3.4.0-0ubuntu3.5_powerpc.deb
Size/MD5: 8368178 7b14cea3492d1b02dfe1f9a4a8dc9f9c

Updated packages for Ubuntu 5.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3-0ubuntu2.diff.gz
Size/MD5: 328665 fe25d7b8b440125acd84c7b9f9f00a75
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3-0ubuntu2.dsc
Size/MD5: 1519 95b4baf3ef13cff5831edcd1ec26f186
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3.orig.tar.gz
Size/MD5: 19981388 36e7a8320bd95760b41c4849da170100

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.4.3-0ubuntu2_all.deb
Size/MD5: 6969390 ba193a72a412f8b8c0563ef7ba77b3b8
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.4.3-0ubuntu2_all.deb
Size/MD5: 29299636 1ef2baa2ac91f076e3c835c97610181a
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3-0ubuntu2_all.deb
Size/MD5: 30392 8d9127d1ea31b100a5882e3b56bd782d

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2_amd64.deb
Size/MD5: 926190 7e959b279bda1180ecdb7852e6f37c44
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2_amd64.deb
Size/MD5: 1308666 215fb9c612cd18a3fb748194946d679e
http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2_amd64.deb
Size/MD5: 22552540 117b4e782b9a68626f41b4541a780bcc
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2_amd64.deb
Size/MD5: 9108608 824f71370370ab292ca36431b04a24f6

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2_i386.deb
Size/MD5: 814432 bb3178965364a171d88a8e6490f92d4a
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2_i386.deb
Size/MD5: 1305420 819bb5a548b81c8cb48227397e695deb
http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2_i386.deb
Size/MD5: 19409922 8d642c103ac367e1e5149b5e8496143b
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2_i386.deb
Size/MD5: 8071700 596ef9ab7e8bb070a7e0fd1e371b1d8b

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2_powerpc.deb
Size/MD5: 909782 bee7d2e456d1336cceef9410c4df6670
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2_powerpc.deb
Size/MD5: 1310098 bf55f3409dca77bfd570142db5bd72ac
http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2_powerpc.deb
Size/MD5: 22763804 14dc658075acaffcf41dc580b96b81f4
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2_powerpc.deb
Size/MD5: 8433774 664cc2e6e04af82c8d2a9307db0f4cc6

--NtwzykIc2mflq5ck
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFD0MiBDecnbV4Fd/IRAsi7AKCzQwYOwwur/7gmKNS+pzW0+IxUqgCg3hNF
I3CKgtsUBDJm/O+mJKtC5PE=
=3BTL
-----END PGP SIGNATURE-----

--NtwzykIc2mflq5ck--
Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close