exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2007.054

Mandriva Linux Security Advisory 2007.054
Posted Mar 9, 2007
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror, allows remote attackers to cause a denial of service (crash) by accessing the content of an iframe with an ftp:// URI in the src attribute, probably due to a NULL pointer dereference.

tags | advisory, remote, denial of service, javascript
systems | linux, mandriva
advisories | CVE-2007-1308
SHA-256 | 151bc594bf49a8d4c06b8d0066b3308be2e049c336aacb3b9f336c29486f9541

Mandriva Linux Security Advisory 2007.054

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:054
http://www.mandriva.com/security/
_______________________________________________________________________

Package : kdelibs
Date : March 8, 2007
Affected: 2007.0, Corporate 4.0
_______________________________________________________________________

Problem Description:

ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror,
allows remote attackers to cause a denial of service (crash) by
accessing the content of an iframe with an ftp:// URI in the src
attribute, probably due to a NULL pointer dereference.

Updated packages have been patched to address this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1308
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
1d8397f15e58c6ebc8add4080524e8ba 2007.0/i586/kdelibs-common-3.5.4-19.3mdv2007.0.i586.rpm
f9f0624e36296f15aa5f7bfe51765335 2007.0/i586/kdelibs-devel-doc-3.5.4-19.3mdv2007.0.i586.rpm
36d61d7ad928fbee40606a82028446ad 2007.0/i586/libkdecore4-3.5.4-19.3mdv2007.0.i586.rpm
15b28472271a57c834b27259a29f07da 2007.0/i586/libkdecore4-devel-3.5.4-19.3mdv2007.0.i586.rpm
1763a83f2c1b2fe368983ee87fad4fc2 2007.0/SRPMS/kdelibs-3.5.4-19.3mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
770bb5b58a92a6e8bf213f814346293c 2007.0/x86_64/kdelibs-common-3.5.4-19.3mdv2007.0.x86_64.rpm
8daded5cdd67051ceca12750140e551c 2007.0/x86_64/kdelibs-devel-doc-3.5.4-19.3mdv2007.0.x86_64.rpm
aac88e6d7fd426401bfa11505550dcb4 2007.0/x86_64/lib64kdecore4-3.5.4-19.3mdv2007.0.x86_64.rpm
5c7becc6933c5d13761d561999691594 2007.0/x86_64/lib64kdecore4-devel-3.5.4-19.3mdv2007.0.x86_64.rpm
1763a83f2c1b2fe368983ee87fad4fc2 2007.0/SRPMS/kdelibs-3.5.4-19.3mdv2007.0.src.rpm

Corporate 4.0:
358b45acbccb6b99d05748abc02f9dd7 corporate/4.0/i586/kdelibs-arts-3.5.4-2.4.20060mlcs4.i586.rpm
63cd48e403757866aa7979e5d7d906de corporate/4.0/i586/kdelibs-common-3.5.4-2.4.20060mlcs4.i586.rpm
9aa0299ec063ea41d52da7ba446757a4 corporate/4.0/i586/kdelibs-devel-doc-3.5.4-2.4.20060mlcs4.i586.rpm
ad7439a70a0dd461073c6d38e73a5622 corporate/4.0/i586/libkdecore4-3.5.4-2.4.20060mlcs4.i586.rpm
9b1fd095f5735fbbc2e337fbb954b524 corporate/4.0/i586/libkdecore4-devel-3.5.4-2.4.20060mlcs4.i586.rpm
2c987a7ed1c263de3dde211cb0dee772 corporate/4.0/SRPMS/kdelibs-3.5.4-2.4.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
3c1ff52dc6a7347a2648f4c3628a3e3d corporate/4.0/x86_64/kdelibs-arts-3.5.4-2.4.20060mlcs4.x86_64.rpm
1d201913a24f345f77a53ea1ebc850b7 corporate/4.0/x86_64/kdelibs-common-3.5.4-2.4.20060mlcs4.x86_64.rpm
4ec74770c6dc7343092000db74ca5ca0 corporate/4.0/x86_64/kdelibs-devel-doc-3.5.4-2.4.20060mlcs4.x86_64.rpm
b4d99dcd875a95c8b1301bcf54860306 corporate/4.0/x86_64/lib64kdecore4-3.5.4-2.4.20060mlcs4.x86_64.rpm
93cfdbf02993812bb52ae0d2e26a0c70 corporate/4.0/x86_64/lib64kdecore4-devel-3.5.4-2.4.20060mlcs4.x86_64.rpm
2c987a7ed1c263de3dde211cb0dee772 corporate/4.0/SRPMS/kdelibs-3.5.4-2.4.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFF8APFmqjQ0CJFipgRAgqzAJ9DmuNRfDFu7K1Xd1PqGkwg1dwNAwCeNpf8
+pvpIpYttsl6uOacHpxXXkQ=
=+gJf
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close