-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:027 http://www.mandriva.com/security/ _______________________________________________________________________ Package : kdelibs4 Date : January 27, 2010 Affected: 2009.1 _______________________________________________________________________ Problem Description: Multiple vulnerabilities was discovered and corrected in kdelibs4: KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a \'\0\' (NUL) character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408 (CVE-2009-2702). The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an offset of a NULL pointer. (CVE-2009-1687). WebKit in Apple Safari before 4.0.2, KHTML in kdelibs in KDE, QtWebKit (aka Qt toolkit), and possibly other products does not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document (CVE-2009-1725). Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to recursion in certain DOM event handlers. (CVE-2009-1690). WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document (CVE-2009-1698). KDE Konqueror allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692 (CVE-2009-2537). The gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc in FreeBSD 6.4 and 7.2, NetBSD 5.0, and OpenBSD 4.5 allows context-dependent attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a large precision value in the format argument to a printf function, related to an array overrun. (CVE-2009-0689). WebKit, as used in Safari before 3.2.3 and 4 Public Beta, on Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 and Windows allows remote attackers to execute arbitrary code via a crafted SVGList object that triggers memory corruption (CVE-2009-0945). The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2702 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1687 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1725 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1690 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1698 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2537 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0689 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0945 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.1: c08161eacba6cdb1b0ba26babe5f8cc5 2009.1/i586/kdelibs4-core-4.2.4-0.8mdv2009.1.i586.rpm 933468cf4109252dac5119edd958f73d 2009.1/i586/kdelibs4-devel-4.2.4-0.8mdv2009.1.i586.rpm 96703a0ef0baf299647ff27d64cb0680 2009.1/i586/libkde3support4-4.2.4-0.8mdv2009.1.i586.rpm e5f60ba41e5919fa77c313b204e1f712 2009.1/i586/libkdecore5-4.2.4-0.8mdv2009.1.i586.rpm cf8af6e467cd1585c44e1cce01362526 2009.1/i586/libkdefakes5-4.2.4-0.8mdv2009.1.i586.rpm 1c9c04b5f6c0c59d2e5860b077e0c6e3 2009.1/i586/libkdesu5-4.2.4-0.8mdv2009.1.i586.rpm 89fe7c33c7e5bcc23595560ae4664bf6 2009.1/i586/libkdeui5-4.2.4-0.8mdv2009.1.i586.rpm 30b73ef58ac3a45ff86756ad09d0d555 2009.1/i586/libkdnssd4-4.2.4-0.8mdv2009.1.i586.rpm a1f00af00ea7e52d9f187f1fe5ccdfe2 2009.1/i586/libkfile4-4.2.4-0.8mdv2009.1.i586.rpm 553486988b945307ee038cb41dcb76e6 2009.1/i586/libkhtml5-4.2.4-0.8mdv2009.1.i586.rpm 9d9501ff70e709c5ea32b35aa985688a 2009.1/i586/libkimproxy4-4.2.4-0.8mdv2009.1.i586.rpm a2ec3f440eb6cf545abbc63a3d34c1e5 2009.1/i586/libkio5-4.2.4-0.8mdv2009.1.i586.rpm 4168e955b60a5a69d8f1e085b30d0424 2009.1/i586/libkjs4-4.2.4-0.8mdv2009.1.i586.rpm bfcece9c73348c6415c48ec266877908 2009.1/i586/libkjsapi4-4.2.4-0.8mdv2009.1.i586.rpm 228ca7dc2a86fdc868a5937b16a7a08c 2009.1/i586/libkjsembed4-4.2.4-0.8mdv2009.1.i586.rpm f6297ae0630eb6207895df9f2f971eb6 2009.1/i586/libkmediaplayer4-4.2.4-0.8mdv2009.1.i586.rpm cf6113c17858d5e6e3c0e04622f8a66c 2009.1/i586/libknewstuff2_4-4.2.4-0.8mdv2009.1.i586.rpm da55a2f428ad020834f7b91c0023ecf6 2009.1/i586/libknotifyconfig4-4.2.4-0.8mdv2009.1.i586.rpm 9fef466138ff78a3d6d3244998a9ba30 2009.1/i586/libkntlm4-4.2.4-0.8mdv2009.1.i586.rpm 4f7c0ad254ec1990f5dab1c0b959629d 2009.1/i586/libkparts4-4.2.4-0.8mdv2009.1.i586.rpm 8c58d6a9a6ec7fc21f287b2f4c2e9858 2009.1/i586/libkpty4-4.2.4-0.8mdv2009.1.i586.rpm 8ed500d050b95560d7eff6db26fa05ee 2009.1/i586/libkrosscore4-4.2.4-0.8mdv2009.1.i586.rpm 2d8d12d8a7bbfe18f6b04b9807795077 2009.1/i586/libkrossui4-4.2.4-0.8mdv2009.1.i586.rpm 8cc5c226e381b122983440b3440c1476 2009.1/i586/libktexteditor4-4.2.4-0.8mdv2009.1.i586.rpm 3c53941130fb8cc6d12b8cdea488f536 2009.1/i586/libkunittest4-4.2.4-0.8mdv2009.1.i586.rpm 3996bfcff0b2465c39c6ccdb8367f401 2009.1/i586/libkutils4-4.2.4-0.8mdv2009.1.i586.rpm 129a26ab20c792994113b5db00b7f7c4 2009.1/i586/libnepomuk4-4.2.4-0.8mdv2009.1.i586.rpm 0b88090e1cba0db59a3fb85c34e6b726 2009.1/i586/libplasma3-4.2.4-0.8mdv2009.1.i586.rpm 79b484a6c8e20db156fbe130c81e2001 2009.1/i586/libsolid4-4.2.4-0.8mdv2009.1.i586.rpm ddd09e03af15f421b2e38b6f06c0247a 2009.1/i586/libthreadweaver4-4.2.4-0.8mdv2009.1.i586.rpm fe70dc01416cc986d1e19c15a0b5cfa7 2009.1/SRPMS/kdelibs4-4.2.4-0.8mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 89f77418ccda86b51c7d32d011e88e9b 2009.1/x86_64/kdelibs4-core-4.2.4-0.8mdv2009.1.x86_64.rpm d0b009e595350648b12cca1ee094802e 2009.1/x86_64/kdelibs4-devel-4.2.4-0.8mdv2009.1.x86_64.rpm 03db494c356e0b0823ddf697d42c0f50 2009.1/x86_64/lib64kde3support4-4.2.4-0.8mdv2009.1.x86_64.rpm 6d98531ba95a096fd49801f7df452776 2009.1/x86_64/lib64kdecore5-4.2.4-0.8mdv2009.1.x86_64.rpm bf3845f586eeeaafab5e25442f4d8950 2009.1/x86_64/lib64kdefakes5-4.2.4-0.8mdv2009.1.x86_64.rpm b9767fb69262886d60a7844ad6569e27 2009.1/x86_64/lib64kdesu5-4.2.4-0.8mdv2009.1.x86_64.rpm d709c9fb8874c432d1b4e415e9c06858 2009.1/x86_64/lib64kdeui5-4.2.4-0.8mdv2009.1.x86_64.rpm 6d062780a7629eed7e93ab9e66daf633 2009.1/x86_64/lib64kdnssd4-4.2.4-0.8mdv2009.1.x86_64.rpm f39c44bc7572d06921061c0ac5ef78c9 2009.1/x86_64/lib64kfile4-4.2.4-0.8mdv2009.1.x86_64.rpm 90f8ecd4967830ebff3b81732162fe33 2009.1/x86_64/lib64khtml5-4.2.4-0.8mdv2009.1.x86_64.rpm 005d7de69a0063a8dc396b9dffdf20ed 2009.1/x86_64/lib64kimproxy4-4.2.4-0.8mdv2009.1.x86_64.rpm 3924d83bf43990f7a7ba5d2eea29ef5d 2009.1/x86_64/lib64kio5-4.2.4-0.8mdv2009.1.x86_64.rpm 9124f0ce5f1643e4310ef0bfc5fda970 2009.1/x86_64/lib64kjs4-4.2.4-0.8mdv2009.1.x86_64.rpm 573504d0c305e757b3c163b9132264e4 2009.1/x86_64/lib64kjsapi4-4.2.4-0.8mdv2009.1.x86_64.rpm 917e5b175a3a5480e848dee6201e99d9 2009.1/x86_64/lib64kjsembed4-4.2.4-0.8mdv2009.1.x86_64.rpm 604cce29c11b2452b2744ff72e248b7c 2009.1/x86_64/lib64kmediaplayer4-4.2.4-0.8mdv2009.1.x86_64.rpm bd75d3e4feaa98a3659ae5d113fe45f6 2009.1/x86_64/lib64knewstuff2_4-4.2.4-0.8mdv2009.1.x86_64.rpm 0a7d48b91c673f5908ce2d47a77746e2 2009.1/x86_64/lib64knotifyconfig4-4.2.4-0.8mdv2009.1.x86_64.rpm a91967cfec8b470cc7520ac17590d41b 2009.1/x86_64/lib64kntlm4-4.2.4-0.8mdv2009.1.x86_64.rpm 0159bb033c507f20fb8bd77a7a8be43a 2009.1/x86_64/lib64kparts4-4.2.4-0.8mdv2009.1.x86_64.rpm a062d0124cdea9dfcafb82ed2c5dfd54 2009.1/x86_64/lib64kpty4-4.2.4-0.8mdv2009.1.x86_64.rpm 8c0950479a23531a03836f7744d6b90d 2009.1/x86_64/lib64krosscore4-4.2.4-0.8mdv2009.1.x86_64.rpm ca61efacf989bd4421d2c88abc440e3f 2009.1/x86_64/lib64krossui4-4.2.4-0.8mdv2009.1.x86_64.rpm bcd31e87995de0f86ad9c363e87ea0d4 2009.1/x86_64/lib64ktexteditor4-4.2.4-0.8mdv2009.1.x86_64.rpm 23a0f2c640a20dd1be2b4475a9102cd6 2009.1/x86_64/lib64kunittest4-4.2.4-0.8mdv2009.1.x86_64.rpm e49987a6d8016b6ac39011b6cac0b570 2009.1/x86_64/lib64kutils4-4.2.4-0.8mdv2009.1.x86_64.rpm 90d6806fa9dcd2ac1b71fc3b72dd4f81 2009.1/x86_64/lib64nepomuk4-4.2.4-0.8mdv2009.1.x86_64.rpm 4808080c578223d0bcb156e78f5d661f 2009.1/x86_64/lib64plasma3-4.2.4-0.8mdv2009.1.x86_64.rpm e8cecb137634dfc738617b67a6d34122 2009.1/x86_64/lib64solid4-4.2.4-0.8mdv2009.1.x86_64.rpm 35c8778eaaa5465a8f15c27a57d8ed60 2009.1/x86_64/lib64threadweaver4-4.2.4-0.8mdv2009.1.x86_64.rpm fe70dc01416cc986d1e19c15a0b5cfa7 2009.1/SRPMS/kdelibs4-4.2.4-0.8mdv2009.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLX/3wmqjQ0CJFipgRApr4AKC7I0w56Y9GFgmZeeNIeUDGaXgxHQCg6N5C YuntVxGlOXktJ3qUQl1SZ1Y= =5Avg -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/