-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:028 http://www.mandriva.com/security/ _______________________________________________________________________ Package : kdelibs4 Date : January 27, 2010 Affected: 2010.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities was discovered and corrected in kdelibs4: KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a \'\0\' (NUL) character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408 (CVE-2009-2702). KDE Konqueror allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692 (CVE-2009-2537). The gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc in FreeBSD 6.4 and 7.2, NetBSD 5.0, and OpenBSD 4.5 allows context-dependent attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a large precision value in the format argument to a printf function, related to an array overrun. (CVE-2009-0689). The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2702 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2537 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0689 _______________________________________________________________________ Updated Packages: Mandriva Linux 2010.0: 33710e4c127e3f066d4ee4dbb48c489b 2010.0/i586/kdelibs4-core-4.3.2-11.14mdv2010.0.i586.rpm 729ae2fa1575e10820480d0bea2629a1 2010.0/i586/kdelibs4-devel-4.3.2-11.14mdv2010.0.i586.rpm 5c2e90329653954110f1385bc404ea1f 2010.0/i586/libkde3support4-4.3.2-11.14mdv2010.0.i586.rpm 5255f87e774bea4fa38d2fd0397a82bd 2010.0/i586/libkdecore5-4.3.2-11.14mdv2010.0.i586.rpm e40f53bb3caee308f0ab81d5f091a5db 2010.0/i586/libkdefakes5-4.3.2-11.14mdv2010.0.i586.rpm e027288fdb8d917f934641ea934432c7 2010.0/i586/libkdesu5-4.3.2-11.14mdv2010.0.i586.rpm e9ca80075872c1e68ca1f5ddeb9ce2a4 2010.0/i586/libkdeui5-4.3.2-11.14mdv2010.0.i586.rpm 9d9b22a86b5b0684801cf652afb6791a 2010.0/i586/libkdnssd4-4.3.2-11.14mdv2010.0.i586.rpm b70ed737e0f857d68d9fefb3fad2cfa1 2010.0/i586/libkfile4-4.3.2-11.14mdv2010.0.i586.rpm 27bfe29c5952d58c1eaf2bb130668d2c 2010.0/i586/libkhtml5-4.3.2-11.14mdv2010.0.i586.rpm a2e2456a104d6085479229bc3edf3370 2010.0/i586/libkimproxy4-4.3.2-11.14mdv2010.0.i586.rpm b152961f2b3c06134ae0ca2bdabe77b0 2010.0/i586/libkio5-4.3.2-11.14mdv2010.0.i586.rpm 1e8d3dc384c46afb23bb4dace40df5f6 2010.0/i586/libkjs4-4.3.2-11.14mdv2010.0.i586.rpm 64736a9db93696bf4e1658cc9cbed0f5 2010.0/i586/libkjsapi4-4.3.2-11.14mdv2010.0.i586.rpm fd005b1db52fbe95b163428e9f1edd43 2010.0/i586/libkjsembed4-4.3.2-11.14mdv2010.0.i586.rpm 5eb298a371bb5fc31494856a2cddd3a6 2010.0/i586/libkmediaplayer4-4.3.2-11.14mdv2010.0.i586.rpm 3013d74cdf48c0e6e0c55f8af5bf83a0 2010.0/i586/libknewstuff2_4-4.3.2-11.14mdv2010.0.i586.rpm 2c31f4c0fa71ec35ec5a5f0e68ff4847 2010.0/i586/libknotifyconfig4-4.3.2-11.14mdv2010.0.i586.rpm 361a0aa31fb34f77d99a3b2bcc08d06b 2010.0/i586/libkntlm4-4.3.2-11.14mdv2010.0.i586.rpm f383eeec52164d5122ea6125b2e9b02f 2010.0/i586/libkparts4-4.3.2-11.14mdv2010.0.i586.rpm 0d8db89b62359ac9fe6c61661987708f 2010.0/i586/libkpty4-4.3.2-11.14mdv2010.0.i586.rpm 9bfd72866126f8fbae7b15af580385d5 2010.0/i586/libkrosscore4-4.3.2-11.14mdv2010.0.i586.rpm 9c5d90d57dbacadd0472c167a3c7a6a5 2010.0/i586/libkrossui4-4.3.2-11.14mdv2010.0.i586.rpm 2fbe8d729b997df8105edf5595e5fc5f 2010.0/i586/libktexteditor4-4.3.2-11.14mdv2010.0.i586.rpm 8396960aaa8c205602b4d48bff64f1cb 2010.0/i586/libkunittest4-4.3.2-11.14mdv2010.0.i586.rpm a50fa982912201b0785ee37b6e776fc3 2010.0/i586/libkutils4-4.3.2-11.14mdv2010.0.i586.rpm 6caf366e3455479e9d95fee1a1a36bcc 2010.0/i586/libnepomuk4-4.3.2-11.14mdv2010.0.i586.rpm 8250fed72d654f5c61cd9cb4d868e06d 2010.0/i586/libplasma3-4.3.2-11.14mdv2010.0.i586.rpm a6201c4800f363cba18afdfd8a9fbc15 2010.0/i586/libsolid4-4.3.2-11.14mdv2010.0.i586.rpm 2a6d763d74f0d420429a1943fc8f288b 2010.0/i586/libthreadweaver4-4.3.2-11.14mdv2010.0.i586.rpm efa77a322ba85ef9fe3382173a73d96f 2010.0/SRPMS/kdelibs4-4.3.2-11.14mdv2010.0.src.rpm Mandriva Linux 2010.0/X86_64: 628c96841b4fe1ae8f60d091fa14f4a8 2010.0/x86_64/kdelibs4-core-4.3.2-11.14mdv2010.0.x86_64.rpm 49b2d3b07b9972a4ce96c7165365877b 2010.0/x86_64/kdelibs4-devel-4.3.2-11.14mdv2010.0.x86_64.rpm 653348d413757079608374479aabf7af 2010.0/x86_64/lib64kde3support4-4.3.2-11.14mdv2010.0.x86_64.rpm 310b1c2d870c6b49b24359ef3f48c5b2 2010.0/x86_64/lib64kdecore5-4.3.2-11.14mdv2010.0.x86_64.rpm 2204c6207c7d9832f1c9b08e44bab933 2010.0/x86_64/lib64kdefakes5-4.3.2-11.14mdv2010.0.x86_64.rpm ded542c4f600ec4ee9578a84eecba90d 2010.0/x86_64/lib64kdesu5-4.3.2-11.14mdv2010.0.x86_64.rpm 61e898c4a9986d30c9fb5df8cab0c6a2 2010.0/x86_64/lib64kdeui5-4.3.2-11.14mdv2010.0.x86_64.rpm 2c1372cf3ceb6ccc2b576fd2391f265e 2010.0/x86_64/lib64kdnssd4-4.3.2-11.14mdv2010.0.x86_64.rpm 5c9c1bc90773a78df10e0c31b7c415a2 2010.0/x86_64/lib64kfile4-4.3.2-11.14mdv2010.0.x86_64.rpm 154c30e99ce9c2d956fd9bab69a32eb8 2010.0/x86_64/lib64khtml5-4.3.2-11.14mdv2010.0.x86_64.rpm 6b4fd189b0068c859653f1c0a95d169a 2010.0/x86_64/lib64kimproxy4-4.3.2-11.14mdv2010.0.x86_64.rpm 599dbbf7689d9ea31991d6b9ce86e0fa 2010.0/x86_64/lib64kio5-4.3.2-11.14mdv2010.0.x86_64.rpm 2e31f04cb9871f6fa54033281c9fbcfd 2010.0/x86_64/lib64kjs4-4.3.2-11.14mdv2010.0.x86_64.rpm ba8d5f97e0d2cc07ac379d12160dc710 2010.0/x86_64/lib64kjsapi4-4.3.2-11.14mdv2010.0.x86_64.rpm dac95aac7d233a11f3b920819d120c96 2010.0/x86_64/lib64kjsembed4-4.3.2-11.14mdv2010.0.x86_64.rpm 3acd8d0df72a1206091397e3f30dc23e 2010.0/x86_64/lib64kmediaplayer4-4.3.2-11.14mdv2010.0.x86_64.rpm 8d45de302d9197e5956f4559523939ce 2010.0/x86_64/lib64knewstuff2_4-4.3.2-11.14mdv2010.0.x86_64.rpm 2218d8ca6ab9c49c5302377cbf3fb6d6 2010.0/x86_64/lib64knotifyconfig4-4.3.2-11.14mdv2010.0.x86_64.rpm b0f7f7966ecacb227bdf8e5a6f7ec1f4 2010.0/x86_64/lib64kntlm4-4.3.2-11.14mdv2010.0.x86_64.rpm df1c765779d67ef5ed75259888f1a399 2010.0/x86_64/lib64kparts4-4.3.2-11.14mdv2010.0.x86_64.rpm 13a37eefc1eaf718817ab9d4a61ad0d5 2010.0/x86_64/lib64kpty4-4.3.2-11.14mdv2010.0.x86_64.rpm 77db36915eac2265b955c9730fdc6611 2010.0/x86_64/lib64krosscore4-4.3.2-11.14mdv2010.0.x86_64.rpm 47f9b8a7070adc1028f3b8dcdf14ed26 2010.0/x86_64/lib64krossui4-4.3.2-11.14mdv2010.0.x86_64.rpm 8cd7275deff482953895f7d71f232160 2010.0/x86_64/lib64ktexteditor4-4.3.2-11.14mdv2010.0.x86_64.rpm 5c5b666d4ae0fb58c0d6e012c7522161 2010.0/x86_64/lib64kunittest4-4.3.2-11.14mdv2010.0.x86_64.rpm d67c086990110f1fac519f7d3948b053 2010.0/x86_64/lib64kutils4-4.3.2-11.14mdv2010.0.x86_64.rpm c9692f6851972ba9fbc9dd1773891db5 2010.0/x86_64/lib64nepomuk4-4.3.2-11.14mdv2010.0.x86_64.rpm 36674939e5e7ffb36427fbc504e097a8 2010.0/x86_64/lib64plasma3-4.3.2-11.14mdv2010.0.x86_64.rpm 29087c6119008e740c13e4ac48d6a4d0 2010.0/x86_64/lib64solid4-4.3.2-11.14mdv2010.0.x86_64.rpm 775291372adee37558c25d9b0f3e0348 2010.0/x86_64/lib64threadweaver4-4.3.2-11.14mdv2010.0.x86_64.rpm efa77a322ba85ef9fe3382173a73d96f 2010.0/SRPMS/kdelibs4-4.3.2-11.14mdv2010.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLYAPjmqjQ0CJFipgRAlWCAJ45g7YqrzFHMj4n1CTe7bDmTtElDQCg9tEz jCRztpSQwDQQjyfD+MvizBM= =SRaf -----END PGP SIGNATURE-----