=========================================================== Ubuntu Security Notice USN-420-1 February 06, 2007 kdelibs vulnerability CVE-2007-0537 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.06 LTS Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.10: kdelibs4c2 4:3.4.3-0ubuntu2.2 Ubuntu 6.06 LTS: kdelibs4c2a 4:3.5.2-0ubuntu18.2 Ubuntu 6.10: kdelibs4c2a 4:3.5.5-0ubuntu3.1 After a standard system upgrade you need to restart your session to effect the necessary changes. Details follow: Jose Avila III and Robert Tasarz discovered that the KDE HTML library did not correctly parse HTML comments inside the "title" tag. By tricking a Konqueror user into visiting a malicious website, an attacker could bypass cross-site scripting protections. Updated packages for Ubuntu 5.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3-0ubuntu2.2.diff.gz Size/MD5: 330443 7bf67340aef75bbafe1bf0f517ad0677 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3-0ubuntu2.2.dsc Size/MD5: 1523 9a013d5dc8f7953036af99dd264f9811 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3.orig.tar.gz Size/MD5: 19981388 36e7a8320bd95760b41c4849da170100 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.4.3-0ubuntu2.2_all.deb Size/MD5: 6970448 a0a541bd78cb848da8aa97ac4b29d0fe http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.4.3-0ubuntu2.2_all.deb Size/MD5: 29298458 f04629ca27bafeaa897a86839fc6e645 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3-0ubuntu2.2_all.deb Size/MD5: 30714 8ec392ba5ba0f78e9b12dd9d025019d6 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.2_amd64.deb Size/MD5: 926668 3e7c767a9eeb80d0a85640d7dbfb53d7 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.2_amd64.deb Size/MD5: 1309046 e73c5de672193ac0385a28dd3accf646 http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.2_amd64.deb Size/MD5: 22552842 287114119aee64a256f8fce295e9d034 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.2_amd64.deb Size/MD5: 9109026 aa34fe2f02d9772ad8e25bb36e573505 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.2_i386.deb Size/MD5: 814498 1eace86f58caf3f936c77e749a45ffc6 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.2_i386.deb Size/MD5: 1305652 0ce209d9c2c5ed846dbb1edc16fe5606 http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.2_i386.deb Size/MD5: 19410566 85751508b7f13b790cbda8d795930a72 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.2_i386.deb Size/MD5: 8072650 9caf6a826bb790e309036555f40b9b8d powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.2_powerpc.deb Size/MD5: 909782 0a1cbec28532ca006c7ddcb6990a6e65 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.2_powerpc.deb Size/MD5: 1310430 f31f57e3c37f8c12e586cfa0084dc203 http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.2_powerpc.deb Size/MD5: 22763768 b1aba1f6b9ef2c454f2172d442302b49 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.2_powerpc.deb Size/MD5: 8433768 18b2c898ed6d40844c19635d8b85e8a2 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.2_sparc.deb Size/MD5: 831058 158b90fe780e29e6618cf4b7f9f96bc8 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.2_sparc.deb Size/MD5: 1307028 b1c14bf29a7622ac3844c68a652bf21c http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.2_sparc.deb Size/MD5: 20031538 f2778deea8ef14eb9b3e90f5ed97ab50 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.2_sparc.deb Size/MD5: 8241130 26c0145f1abb71b0a3ea5a89214df223 Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2-0ubuntu18.2.diff.gz Size/MD5: 477706 5d236a3b69a4bae7b81d337e58a2c3fe http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2-0ubuntu18.2.dsc Size/MD5: 1609 0a27d1f21c1374d8abf8ea0dba0abf79 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2.orig.tar.gz Size/MD5: 18775353 00c878d449522fb8aa2769a4c5ae1fde Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.2-0ubuntu18.2_all.deb Size/MD5: 7083858 f74b97726f683b5eca3798bd8f7ae2a1 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.5.2-0ubuntu18.2_all.deb Size/MD5: 41496444 87e2fc31c4dd95cd7d87aeee51dec330 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2-0ubuntu18.2_all.deb Size/MD5: 35748 636e14773798c30ddf4c0a87b3d5cd39 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.2_amd64.deb Size/MD5: 925624 1ba9b88fc6456c6dac97693532412fde http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.2_amd64.deb Size/MD5: 26451886 2eaed22c02f68909ebe219629a774dc6 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.2_amd64.deb Size/MD5: 1355626 1458250a60303a07ad551ce343ae23ec http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.2_amd64.deb Size/MD5: 9406898 7f952f591c7345216bfc0bb42277875d i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.2_i386.deb Size/MD5: 814970 cc6ae65176411013a8dea78a77151e25 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.2_i386.deb Size/MD5: 22925204 60d4c71b837e82da16d2b1ad75cbf628 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.2_i386.deb Size/MD5: 1352256 1ceee31122ff0fe680fbdbebbd6c8ced http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.2_i386.deb Size/MD5: 8334452 427cd25652287fc52ba2bdbd028c2f33 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.2_powerpc.deb Size/MD5: 905950 4b29acb4cc1a8fb52ff9bb7b3715b0d3 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.2_powerpc.deb Size/MD5: 26718664 f92f6f62ab9b9bbd0da8cb649dbeb132 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.2_powerpc.deb Size/MD5: 1356968 a6e62679f09dbafa54137204af905494 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.2_powerpc.deb Size/MD5: 8689506 0b3b6f533712eb6a8143827d2b01b015 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.2_sparc.deb Size/MD5: 827096 17f46503797d14c6be17c7fd890ac843 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.2_sparc.deb Size/MD5: 23623320 36aefb75ec36a60d3308392842556130 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.2_sparc.deb Size/MD5: 1353298 9627c92acea5abc671668d0b5ecfd744 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.2_sparc.deb Size/MD5: 8491558 dd2fe11d276e78bb16bd42bc34452c20 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.5-0ubuntu3.1.diff.gz Size/MD5: 734200 8d5db0d6c6070468a32841b75a9e0d83 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.5-0ubuntu3.1.dsc Size/MD5: 1691 7a23f4f003e66e4a4fb90f620a0de347 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.5.orig.tar.gz Size/MD5: 18926397 65e455d5814142ee992097230ffe7e80 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.5-0ubuntu3.1_all.deb Size/MD5: 7210528 1e62a8249a44e98da5ba24c1eaa1d4f0 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.5.5-0ubuntu3.1_all.deb Size/MD5: 39981890 5469fd4b98d68f0e01ddb4bd5ba7d904 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.5-0ubuntu3.1_all.deb Size/MD5: 37742 2b1ebdb5648cbd390ecd1fa8d6b2d7e4 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.5-0ubuntu3.1_amd64.deb Size/MD5: 27050664 b7884e4a85307416811f755e2ed967aa http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.5-0ubuntu3.1_amd64.deb Size/MD5: 1345432 c2cd5e2b9433e629ae366965b47c30c6 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.5-0ubuntu3.1_amd64.deb Size/MD5: 10401586 f02e2f09dfd27d09f2a00daaaa6a7969 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.5-0ubuntu3.1_i386.deb Size/MD5: 26229446 ae021c2a0a95f237a934962a39e13821 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.5-0ubuntu3.1_i386.deb Size/MD5: 1343076 5e46eaa9d38a6876671efd18ac052ef5 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.5-0ubuntu3.1_i386.deb Size/MD5: 9555316 4573d9f461ff2a441a13ac744e8f27e5 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.5-0ubuntu3.1_powerpc.deb Size/MD5: 28018226 74bc9b1b1e11817b33e3027213462fa0 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.5-0ubuntu3.1_powerpc.deb Size/MD5: 1347170 df48d8bc10826c2805d607f4d52eb738 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.5-0ubuntu3.1_powerpc.deb Size/MD5: 9782346 4d5986ecf7ace1bd5bf275d101f98e03 sparc architecture (Sun SPARC/UltraSPARC) http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.5-0ubuntu3.1_sparc.deb Size/MD5: 25362410 e80c7336df062cac6690d745d91730fc http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.5-0ubuntu3.1_sparc.deb Size/MD5: 1343134 cc62c0d393cacc36a552c304cee9b2a1 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.5-0ubuntu3.1_sparc.deb Size/MD5: 9473018 dfff27cb2bcb323d51d4b16e11453d49