-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2006:186 http://www.mandriva.com/security/ _______________________________________________________________________ Package : kdelibs Date : October 19, 2006 Affected: 2007.0, Corporate 3.0, Corporate 4.0 _______________________________________________________________________ Problem Description: A vulnerability was discovered in the way that Qt handled pixmap images and the KDE khtml library used Qt in such a way that untrusted parameters could be passed to Qt, resulting in an integer overflow. This flaw could be exploited by a remote attacker in a malicious website that, when viewed by an individual using Konqueror, would cause Konqueror to crash or possibly execute arbitrary code with the privileges of the user. Updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4811 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: 0468fedc69128d4967771b9132b756f4 2007.0/i586/kdelibs-common-3.5.4-19.1mdv2007.0.i586.rpm 2dc30948c1fdce7e25d9b7a8a9379e51 2007.0/i586/kdelibs-devel-doc-3.5.4-19.1mdv2007.0.i586.rpm 7c637c18db5254991e86662b4d0a3dbd 2007.0/i586/libkdecore4-3.5.4-19.1mdv2007.0.i586.rpm 2990a2078b4971d5b3fff5a8282834aa 2007.0/i586/libkdecore4-devel-3.5.4-19.1mdv2007.0.i586.rpm de92b184fd62a8aa54278c0a7aeb5f43 2007.0/SRPMS/kdelibs-3.5.4-19.1mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: e067573bb458b0606e19c8950fedb860 2007.0/x86_64/kdelibs-common-3.5.4-19.1mdv2007.0.x86_64.rpm 5143af28520ea05d50bc07a92523bf5a 2007.0/x86_64/kdelibs-devel-doc-3.5.4-19.1mdv2007.0.x86_64.rpm 452cd5fe9b000d31911cc8b19dbed9ca 2007.0/x86_64/lib64kdecore4-3.5.4-19.1mdv2007.0.x86_64.rpm 22e66d820ad6e94c332df514e756b06c 2007.0/x86_64/lib64kdecore4-devel-3.5.4-19.1mdv2007.0.x86_64.rpm de92b184fd62a8aa54278c0a7aeb5f43 2007.0/SRPMS/kdelibs-3.5.4-19.1mdv2007.0.src.rpm Corporate 3.0: 692f918e3e7acbe933684d973261ca0c corporate/3.0/i586/kdelibs-common-3.2-36.16.C30mdk.i586.rpm 8537e316e30762eb2420e0c2412ffaf8 corporate/3.0/i586/libkdecore4-3.2-36.16.C30mdk.i586.rpm 37d09cd7b937ac25e98b87fe4161bfe1 corporate/3.0/i586/libkdecore4-devel-3.2-36.16.C30mdk.i586.rpm 815b64f8f6d1309414fa128ff049fa8a corporate/3.0/SRPMS/kdelibs-3.2-36.16.C30mdk.src.rpm Corporate 3.0/X86_64: 80f41ba7cab5c29812574b255487ff75 corporate/3.0/x86_64/kdelibs-common-3.2-36.16.C30mdk.x86_64.rpm 690b32020e45a8f1e1d7cff8dc3d342b corporate/3.0/x86_64/lib64kdecore4-3.2-36.16.C30mdk.x86_64.rpm 39f37ea645b542dfd872b015d7b2db53 corporate/3.0/x86_64/lib64kdecore4-devel-3.2-36.16.C30mdk.x86_64.rpm 8537e316e30762eb2420e0c2412ffaf8 corporate/3.0/x86_64/libkdecore4-3.2-36.16.C30mdk.i586.rpm 815b64f8f6d1309414fa128ff049fa8a corporate/3.0/SRPMS/kdelibs-3.2-36.16.C30mdk.src.rpm Corporate 4.0: 3561f4ec95d79ede9284cb1ff897681b corporate/4.0/i586/kdelibs-arts-3.5.4-1.2.20060mlcs4.i586.rpm 3e19560491f720fd9034a95dfb4f529d corporate/4.0/i586/kdelibs-common-3.5.4-1.2.20060mlcs4.i586.rpm 633e83e144a3a0daa1057ecae48a0991 corporate/4.0/i586/kdelibs-devel-doc-3.5.4-1.2.20060mlcs4.i586.rpm 853c0d7af1b8515c9226eb3ff1ae0e52 corporate/4.0/i586/libkdecore4-3.5.4-1.2.20060mlcs4.i586.rpm ffe121c5ed1528769d981a5b5d526b81 corporate/4.0/i586/libkdecore4-devel-3.5.4-1.2.20060mlcs4.i586.rpm 52f9f74e64bf4da50df95c02d350fa11 corporate/4.0/SRPMS/kdelibs-3.5.4-1.2.20060mlcs4.src.rpm Corporate 4.0/X86_64: 6ad107993dc8ba3726eb47bb087393e4 corporate/4.0/x86_64/kdelibs-arts-3.5.4-1.2.20060mlcs4.x86_64.rpm 4be667bf1d745fedc81314d697e3320a corporate/4.0/x86_64/kdelibs-common-3.5.4-1.2.20060mlcs4.x86_64.rpm a1480b53dcf74c2af2c044c0da4b45d7 corporate/4.0/x86_64/kdelibs-devel-doc-3.5.4-1.2.20060mlcs4.x86_64.rpm e40a8bb434849c3976ba57f1e52ba78e corporate/4.0/x86_64/lib64kdecore4-3.5.4-1.2.20060mlcs4.x86_64.rpm 4e488a23bad70524ef7d731b834cbe50 corporate/4.0/x86_64/lib64kdecore4-devel-3.5.4-1.2.20060mlcs4.x86_64.rpm 52f9f74e64bf4da50df95c02d350fa11 corporate/4.0/SRPMS/kdelibs-3.5.4-1.2.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFFN6HxmqjQ0CJFipgRAlhPAJ9upOtzc8Tca3AdO3yKvA5NbUPyDwCgujf4 3inMK/Y7xE5b7lQ2ONGuD0I= =dWxU -----END PGP SIGNATURE-----