-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2007:054 http://www.mandriva.com/security/ _______________________________________________________________________ Package : kdelibs Date : March 8, 2007 Affected: 2007.0, Corporate 4.0 _______________________________________________________________________ Problem Description: ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror, allows remote attackers to cause a denial of service (crash) by accessing the content of an iframe with an ftp:// URI in the src attribute, probably due to a NULL pointer dereference. Updated packages have been patched to address this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1308 _______________________________________________________________________ Updated Packages: Mandriva Linux 2007.0: 1d8397f15e58c6ebc8add4080524e8ba 2007.0/i586/kdelibs-common-3.5.4-19.3mdv2007.0.i586.rpm f9f0624e36296f15aa5f7bfe51765335 2007.0/i586/kdelibs-devel-doc-3.5.4-19.3mdv2007.0.i586.rpm 36d61d7ad928fbee40606a82028446ad 2007.0/i586/libkdecore4-3.5.4-19.3mdv2007.0.i586.rpm 15b28472271a57c834b27259a29f07da 2007.0/i586/libkdecore4-devel-3.5.4-19.3mdv2007.0.i586.rpm 1763a83f2c1b2fe368983ee87fad4fc2 2007.0/SRPMS/kdelibs-3.5.4-19.3mdv2007.0.src.rpm Mandriva Linux 2007.0/X86_64: 770bb5b58a92a6e8bf213f814346293c 2007.0/x86_64/kdelibs-common-3.5.4-19.3mdv2007.0.x86_64.rpm 8daded5cdd67051ceca12750140e551c 2007.0/x86_64/kdelibs-devel-doc-3.5.4-19.3mdv2007.0.x86_64.rpm aac88e6d7fd426401bfa11505550dcb4 2007.0/x86_64/lib64kdecore4-3.5.4-19.3mdv2007.0.x86_64.rpm 5c7becc6933c5d13761d561999691594 2007.0/x86_64/lib64kdecore4-devel-3.5.4-19.3mdv2007.0.x86_64.rpm 1763a83f2c1b2fe368983ee87fad4fc2 2007.0/SRPMS/kdelibs-3.5.4-19.3mdv2007.0.src.rpm Corporate 4.0: 358b45acbccb6b99d05748abc02f9dd7 corporate/4.0/i586/kdelibs-arts-3.5.4-2.4.20060mlcs4.i586.rpm 63cd48e403757866aa7979e5d7d906de corporate/4.0/i586/kdelibs-common-3.5.4-2.4.20060mlcs4.i586.rpm 9aa0299ec063ea41d52da7ba446757a4 corporate/4.0/i586/kdelibs-devel-doc-3.5.4-2.4.20060mlcs4.i586.rpm ad7439a70a0dd461073c6d38e73a5622 corporate/4.0/i586/libkdecore4-3.5.4-2.4.20060mlcs4.i586.rpm 9b1fd095f5735fbbc2e337fbb954b524 corporate/4.0/i586/libkdecore4-devel-3.5.4-2.4.20060mlcs4.i586.rpm 2c987a7ed1c263de3dde211cb0dee772 corporate/4.0/SRPMS/kdelibs-3.5.4-2.4.20060mlcs4.src.rpm Corporate 4.0/X86_64: 3c1ff52dc6a7347a2648f4c3628a3e3d corporate/4.0/x86_64/kdelibs-arts-3.5.4-2.4.20060mlcs4.x86_64.rpm 1d201913a24f345f77a53ea1ebc850b7 corporate/4.0/x86_64/kdelibs-common-3.5.4-2.4.20060mlcs4.x86_64.rpm 4ec74770c6dc7343092000db74ca5ca0 corporate/4.0/x86_64/kdelibs-devel-doc-3.5.4-2.4.20060mlcs4.x86_64.rpm b4d99dcd875a95c8b1301bcf54860306 corporate/4.0/x86_64/lib64kdecore4-3.5.4-2.4.20060mlcs4.x86_64.rpm 93cfdbf02993812bb52ae0d2e26a0c70 corporate/4.0/x86_64/lib64kdecore4-devel-3.5.4-2.4.20060mlcs4.x86_64.rpm 2c987a7ed1c263de3dde211cb0dee772 corporate/4.0/SRPMS/kdelibs-3.5.4-2.4.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFF8APFmqjQ0CJFipgRAgqzAJ9DmuNRfDFu7K1Xd1PqGkwg1dwNAwCeNpf8 +pvpIpYttsl6uOacHpxXXkQ= =+gJf -----END PGP SIGNATURE-----