=========================================================== Ubuntu Security Notice USN-871-1 December 11, 2009 kdelibs vulnerability CVE-2009-0689 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: kdelibs4c2a 4:3.5.10-0ubuntu1~hardy1.5 Ubuntu 8.10: kdelibs4c2a 4:3.5.10-0ubuntu6.4 Ubuntu 9.04: kdelibs4c2a 4:3.5.10.dfsg.1-1ubuntu8.4 Ubuntu 9.10: kdelibs4c2a 4:3.5.10.dfsg.1-2ubuntu7.2 After a standard system upgrade you need to restart your session to effect the necessary changes. Details follow: A buffer overflow was found in the KDE libraries when converting a string to a floating point number. If a user or application linked against kdelibs were tricked into processing crafted input, an attacker could cause a denial of service (via application crash) or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0689) It was discovered that the KDE libraries could use KHTML to process an unknown MIME type. If a user or application linked against kdelibs were tricked into opening a crafted file, an attacker could potentially trigger XMLHTTPRequests to remote sites. Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10-0ubuntu1~hardy1.5.diff.gz Size/MD5: 1793748 3693849d1a4409e8c03f0fde6da39fa5 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10-0ubuntu1~hardy1.5.dsc Size/MD5: 1729 0e528a7564f8d3404a3bcaa28538cb2e http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.orig.tar.gz Size/MD5: 18631467 5eeb6f132e386668a0395d4d426d495e Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.10-0ubuntu1~hardy1.5_all.deb Size/MD5: 7326504 bbc8884536fab2b5af1c3cdb15abc148 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.5.10-0ubuntu1~hardy1.5_all.deb Size/MD5: 25454866 2d1266776d28be0be2a314539f3ee38e http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10-0ubuntu1~hardy1.5_all.deb Size/MD5: 9328 bde1f5045141764729947822eb7749f7 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu1~hardy1.5_amd64.deb Size/MD5: 26758230 0ef2dcb722666b05bbe26b550160c22f http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu1~hardy1.5_amd64.deb Size/MD5: 1381590 774d2cd314be51e30660b84ac5565483 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu1~hardy1.5_amd64.deb Size/MD5: 10657036 02cf55ef3d63c2789dcfcf351f3fe787 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu1~hardy1.5_i386.deb Size/MD5: 25992402 cc525f04d9032e40c9d7f41503cad38f http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu1~hardy1.5_i386.deb Size/MD5: 1411164 e01ab41b8e22e5f012055b6dfc8f9b19 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu1~hardy1.5_i386.deb Size/MD5: 9615022 b31148854fde22f5f588920fb7266e55 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu1~hardy1.5_lpia.deb Size/MD5: 25971380 581ef5985071d294f3663ebc4943ca8a http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu1~hardy1.5_lpia.deb Size/MD5: 1375934 5a64f795039d022fa270e2b9db4ddb16 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu1~hardy1.5_lpia.deb Size/MD5: 9642908 1d5304980f9eb82c9972d96eb2bc27a1 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu1~hardy1.5_powerpc.deb Size/MD5: 27656998 81cc9e5a1758604597aac298701d86c0 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu1~hardy1.5_powerpc.deb Size/MD5: 1393476 7bceb13671cc7b26d66ce06c281f2cbe http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu1~hardy1.5_powerpc.deb Size/MD5: 10453790 2303cad503f7bd4f395be4cceee697f5 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu1~hardy1.5_sparc.deb Size/MD5: 25025950 28bb225b11e2e9b312d0f47beddcca90 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu1~hardy1.5_sparc.deb Size/MD5: 1376534 c874a22da1260dcc046a68d7c8bbef82 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu1~hardy1.5_sparc.deb Size/MD5: 9596634 a697b75916b628d1547ca9e562712b7e Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10-0ubuntu6.4.diff.gz Size/MD5: 726583 2bae45140ba24ccfe427d1000d2cb937 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10-0ubuntu6.4.dsc Size/MD5: 2284 cd10eb858af120c2420b6045e0db2663 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.orig.tar.gz Size/MD5: 18631467 5eeb6f132e386668a0395d4d426d495e Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.10-0ubuntu6.4_all.deb Size/MD5: 7321288 0ef5e6ac303bd55dbc1a62ef5b12154f http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.5.10-0ubuntu6.4_all.deb Size/MD5: 25523888 0df6ca0a7ae1e6cc761f60f190716592 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10-0ubuntu6.4_all.deb Size/MD5: 2272 0648e9f4672cff0f6b1a2bde0929b8a6 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu6.4_amd64.deb Size/MD5: 27375756 7464f9546f17461652d67b1b751ef962 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu6.4_amd64.deb Size/MD5: 1371454 ef8f62dcdf6d6dbb6eaae0447d8cec41 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu6.4_amd64.deb Size/MD5: 10930426 168e4c76f3804807b73a3f7c4eee432a i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu6.4_i386.deb Size/MD5: 26665714 0e89f87ee569198c85ea7343892e2cb1 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu6.4_i386.deb Size/MD5: 1405518 3422db629fbcc2f431610f9cdfc56598 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu6.4_i386.deb Size/MD5: 10143624 6d58c8fb72e17a0c5c2d12849e7d97d8 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu6.4_lpia.deb Size/MD5: 26675144 f5e947abceb595d9b8b6077468b4f11f http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu6.4_lpia.deb Size/MD5: 1368234 719a1f05b6f3af1a5cedf2caaa4849f0 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu6.4_lpia.deb Size/MD5: 10141624 c1410ee0b8dd09532a0d444a09d30bf0 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu6.4_powerpc.deb Size/MD5: 28218158 76503bc8d7c7c8e57b7288a6bd91f9c8 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu6.4_powerpc.deb Size/MD5: 1380874 9a11e892f2c0027c245254844e0a915c http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu6.4_powerpc.deb Size/MD5: 10749232 c366111b06394b4a869e56a5200a88be sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu6.4_sparc.deb Size/MD5: 25441392 307c87143d2a6a11ece50acc5b40291e http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10-0ubuntu6.4_sparc.deb Size/MD5: 1368498 6152dbe3fc1c231b7390d8e00e79fd4a http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10-0ubuntu6.4_sparc.deb Size/MD5: 9801840 d8e14b90ff8453d49504d9cfcef41280 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-1ubuntu8.4.diff.gz Size/MD5: 730213 b24ca20a24db817de9901c61f70e90b3 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-1ubuntu8.4.dsc Size/MD5: 2342 ccc0ee94d16a854ef9d6930abb8379d5 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.dfsg.1.orig.tar.gz Size/MD5: 18639393 4bcfee29b0f939415791f5032a72e7b0 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.10.dfsg.1-1ubuntu8.4_all.deb Size/MD5: 6752210 11c8744d3bb2ca49bf0aad89092e926e http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-1ubuntu8.4_all.deb Size/MD5: 2270 110eef16875f571661c553d295ffc7e5 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-1ubuntu8.4_amd64.deb Size/MD5: 27110360 f91c2909a3c32e4c8b6ff7ec5f762788 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-1ubuntu8.4_amd64.deb Size/MD5: 1360062 cb7e2ede68c5fa431ff6b3213f0d6c64 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-1ubuntu8.4_amd64.deb Size/MD5: 10783134 25f15bf8d2957c6e4b59fa36aab7f9e2 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-1ubuntu8.4_i386.deb Size/MD5: 26383054 9d18f9c1a6c38b95334483cb107c157f http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-1ubuntu8.4_i386.deb Size/MD5: 1395328 cf787836d0618dc9ece201e145f6c629 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-1ubuntu8.4_i386.deb Size/MD5: 10006430 74959eea23ce24afef3241d43b2d2118 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-1ubuntu8.4_lpia.deb Size/MD5: 26385634 308c2ca36d90433724e1f4046089c00b http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-1ubuntu8.4_lpia.deb Size/MD5: 1356866 32ad3654f7ff480e661b1706252eeb4b http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-1ubuntu8.4_lpia.deb Size/MD5: 10020864 cfea875c3e64396258bb94a81f1bb9dd powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-1ubuntu8.4_powerpc.deb Size/MD5: 27928798 264933dc950a1c7de4a8a27d14a7e655 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-1ubuntu8.4_powerpc.deb Size/MD5: 1369318 b034946f6860d913ef05429cecefa4e4 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-1ubuntu8.4_powerpc.deb Size/MD5: 10612072 3191cd83b4d762f1c1069f8e51bd082b sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-1ubuntu8.4_sparc.deb Size/MD5: 25158852 e1db11cf38658b133ab5e16241ee5d56 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-1ubuntu8.4_sparc.deb Size/MD5: 1356962 a7d5a18a02eec881f81bf6feb2a30554 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-1ubuntu8.4_sparc.deb Size/MD5: 9663708 c2780bac10865f58b53d41b3eb2eccf1 Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-2ubuntu7.2.diff.gz Size/MD5: 886928 afddbeaeb9d7dd1b8805202629df7a3e http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-2ubuntu7.2.dsc Size/MD5: 2342 3b49bfd2ffc8ab9e1240e08eafa47f1a http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.dfsg.1.orig.tar.gz Size/MD5: 18639393 4bcfee29b0f939415791f5032a72e7b0 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.10.dfsg.1-2ubuntu7.2_all.deb Size/MD5: 6674924 c19977e54488daad70814a047fee31bc http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-2ubuntu7.2_all.deb Size/MD5: 2276 1679879f18cb57114249a5c7a6a57785 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-2ubuntu7.2_amd64.deb Size/MD5: 26714644 de3e7b175853c728cb3265bae249e068 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-2ubuntu7.2_amd64.deb Size/MD5: 1361224 8674d009a291bc7dc091f895462abcb6 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-2ubuntu7.2_amd64.deb Size/MD5: 10869100 b5c3d047f60f339718b0be98105aaedc i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-2ubuntu7.2_i386.deb Size/MD5: 26410466 6d89bd2826e44581aaaa697c1f212ef5 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-2ubuntu7.2_i386.deb Size/MD5: 1398050 99a1a41ba7c4fcc0283f4556bb182d67 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-2ubuntu7.2_i386.deb Size/MD5: 9948900 3074338fe0cf50e7314020e693ffdd3b lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-2ubuntu7.2_lpia.deb Size/MD5: 26418164 1d671311fe4a96c27148374781b80d15 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-2ubuntu7.2_lpia.deb Size/MD5: 1359634 8ff78351a0e470adc7ab2b61f307f999 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-2ubuntu7.2_lpia.deb Size/MD5: 10020080 3b84bcd0e1f7e8273244b218f911206a powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-2ubuntu7.2_powerpc.deb Size/MD5: 28194764 807f3facbd2458c480544c3a54ca6def http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-2ubuntu7.2_powerpc.deb Size/MD5: 1360902 348faaa6840e245d05ba1c6c75b872e4 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-2ubuntu7.2_powerpc.deb Size/MD5: 10386026 039018f17303abd138e68ae6c343054a sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-2ubuntu7.2_sparc.deb Size/MD5: 25012234 381d91aef4d5c73a2c3c3f221ed74d7c http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-2ubuntu7.2_sparc.deb Size/MD5: 1359422 755e788780d2216e16ee84a7c29ad170 http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-2ubuntu7.2_sparc.deb Size/MD5: 9781308 ae75ebaca64dba4fd804509a75a86b7e