Ubuntu Security Notice USN-245-1 - Maksim Orlovich discovered that kjs, the Javascript interpreter engine used by Konqueror and other parts of KDE, did not sufficiently verify the validity of UTF-8 encoded URIs. Specially crafted URIs could trigger a buffer overflow.
137d1369fa980e9e557cf30490ce57d1b20d218f248ea94f0754accf74da61c1
--NtwzykIc2mflq5ck
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
===========================================================
Ubuntu Security Notice USN-245-1 January 20, 2006
kdelibs vulnerability
CVE-2006-0019
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.04 (Hoary Hedgehog)a
Ubuntu 5.10 (Breezy Badger)
The following packages are affected:
kdelibs4c2
The problem can be corrected by upgrading the affected package to
version 4:3.4.0-0ubuntu3.5 (for Ubuntu 5.04), or 4:3.4.3-0ubuntu2 (for
Ubuntu 5.10). After a standard system upgrade you need to restart
your KDE session to effect the necessary changes.
Details follow:
Maksim Orlovich discovered that kjs, the Javascript interpreter engine
used by Konqueror and other parts of KDE, did not sufficiently verify
the validity of UTF-8 encoded URIs. Specially crafted URIs could
trigger a buffer overflow. By tricking an user into visiting a
web site with malicious JavaScript code, a remote attacker could
exploit this to execute arbitrary code with user privileges.
Updated packages for Ubuntu 5.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.0-0ubuntu3.5.diff.gz
Size/MD5: 358726 808a563f44d810c4f7b793e188b7ed6c
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.0-0ubuntu3.5.dsc
Size/MD5: 1334 2a4b47a2139ea105fb14a3299da6b9d4
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.0.orig.tar.gz
Size/MD5: 20024253 471740de13cfed37d35eb180fc1b9b38
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.4.0-0ubuntu3.5_all.deb
Size/MD5: 8013188 fe749972bb655f417e44b59256d7a16c
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.4.0-0ubuntu3.5_all.deb
Size/MD5: 12073474 1e298ff6fc736ac362c10a8ca14ec857
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.0-0ubuntu3.5_all.deb
Size/MD5: 20374 79edb84d4b48be8299261ea433cd2f61
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.0-0ubuntu3.5_amd64.deb
Size/MD5: 921910 ff4f8c8db8bf65131a9d1e8d824d0ba8
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.0-0ubuntu3.5_amd64.deb
Size/MD5: 1303726 1ded0008a54ca638f7c0234958daf2e4
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4_3.4.0-0ubuntu3.5_amd64.deb
Size/MD5: 8970084 94be0eb2e105a1eeaf206a207b788654
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.0-0ubuntu3.5_i386.deb
Size/MD5: 839716 b19557a1335907b7ad7a13f32df810da
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.0-0ubuntu3.5_i386.deb
Size/MD5: 1301176 83f4f74ea0b044f7d6153441c44808b1
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4_3.4.0-0ubuntu3.5_i386.deb
Size/MD5: 8397124 4118bddcce98d59780790dd204efab13
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.0-0ubuntu3.5_powerpc.deb
Size/MD5: 904676 945db8977ce062b2b559da6e257e4b87
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.0-0ubuntu3.5_powerpc.deb
Size/MD5: 1304384 0e1c73bf68e80d82b351487d35e0b2f6
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4_3.4.0-0ubuntu3.5_powerpc.deb
Size/MD5: 8368178 7b14cea3492d1b02dfe1f9a4a8dc9f9c
Updated packages for Ubuntu 5.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3-0ubuntu2.diff.gz
Size/MD5: 328665 fe25d7b8b440125acd84c7b9f9f00a75
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3-0ubuntu2.dsc
Size/MD5: 1519 95b4baf3ef13cff5831edcd1ec26f186
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3.orig.tar.gz
Size/MD5: 19981388 36e7a8320bd95760b41c4849da170100
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.4.3-0ubuntu2_all.deb
Size/MD5: 6969390 ba193a72a412f8b8c0563ef7ba77b3b8
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.4.3-0ubuntu2_all.deb
Size/MD5: 29299636 1ef2baa2ac91f076e3c835c97610181a
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3-0ubuntu2_all.deb
Size/MD5: 30392 8d9127d1ea31b100a5882e3b56bd782d
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2_amd64.deb
Size/MD5: 926190 7e959b279bda1180ecdb7852e6f37c44
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2_amd64.deb
Size/MD5: 1308666 215fb9c612cd18a3fb748194946d679e
http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2_amd64.deb
Size/MD5: 22552540 117b4e782b9a68626f41b4541a780bcc
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2_amd64.deb
Size/MD5: 9108608 824f71370370ab292ca36431b04a24f6
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2_i386.deb
Size/MD5: 814432 bb3178965364a171d88a8e6490f92d4a
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2_i386.deb
Size/MD5: 1305420 819bb5a548b81c8cb48227397e695deb
http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2_i386.deb
Size/MD5: 19409922 8d642c103ac367e1e5149b5e8496143b
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2_i386.deb
Size/MD5: 8071700 596ef9ab7e8bb070a7e0fd1e371b1d8b
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2_powerpc.deb
Size/MD5: 909782 bee7d2e456d1336cceef9410c4df6670
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2_powerpc.deb
Size/MD5: 1310098 bf55f3409dca77bfd570142db5bd72ac
http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2_powerpc.deb
Size/MD5: 22763804 14dc658075acaffcf41dc580b96b81f4
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2_powerpc.deb
Size/MD5: 8433774 664cc2e6e04af82c8d2a9307db0f4cc6
--NtwzykIc2mflq5ck
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFD0MiBDecnbV4Fd/IRAsi7AKCzQwYOwwur/7gmKNS+pzW0+IxUqgCg3hNF
I3CKgtsUBDJm/O+mJKtC5PE=
=3BTL
-----END PGP SIGNATURE-----
--NtwzykIc2mflq5ck--