Jump to content
Compatible Support Forums
Sign in to follow this  
Followers 0
news

[Security Announce] [ MDVSA-2010:028 ] kdelibs4

By news, in Upcoming News

Recommended Posts

news    28

news
Posted

This is a multi-part message in MIME format...

 

------------=_1264594713-24326-3818

 

 

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

_______________________________________________________________________

 

Mandriva Linux Security Advisory MDVSA-2010:028

http://www.mandriva.com/security/

_______________________________________________________________________

 

Package : kdelibs4

Date : January 27, 2010

Affected: 2010.0

_______________________________________________________________________

 

Problem Description:

 

Multiple vulnerabilities was discovered and corrected in kdelibs4:

 

KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a

\'\0\' (NUL) character in a domain name in the Subject Alternative

Name field of an X.509 certificate, which allows man-in-the-middle

attackers to spoof arbitrary SSL servers via a crafted certificate

issued by a legitimate Certification Authority, a related issue to

CVE-2009-2408 (CVE-2009-2702).

 

KDE Konqueror allows remote attackers to cause a denial of service

(memory consumption) via a large integer value for the length property

of a Select object, a related issue to CVE-2009-1692 (CVE-2009-2537).

 

The gdtoa (aka new dtoa) implementation in gdtoa/misc.c in

libc in FreeBSD 6.4 and 7.2, NetBSD 5.0, and OpenBSD 4.5 allows

context-dependent attackers to cause a denial of service (application

crash) or possibly have unspecified other impact via a large precision

value in the format argument to a printf function, related to an

array overrun. (CVE-2009-0689).

 

The updated packages have been patched to correct these issues.

_______________________________________________________________________

 

References:

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2702

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2537

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0689

_______________________________________________________________________

 

Updated Packages:

 

Mandriva Linux 2010.0:

33710e4c127e3f066d4ee4dbb48c489b 2010.0/i586/kdelibs4-core-4.3.2-11.14mdv2010.0.i586.rpm

729ae2fa1575e10820480d0bea2629a1 2010.0/i586/kdelibs4-devel-4.3.2-11.14mdv2010.0.i586.rpm

5c2e90329653954110f1385bc404ea1f 2010.0/i586/libkde3support4-4.3.2-11.14mdv2010.0.i586.rpm

5255f87e774bea4fa38d2fd0397a82bd 2010.0/i586/libkdecore5-4.3.2-11.14mdv2010.0.i586.rpm

e40f53bb3caee308f0ab81d5f091a5db 2010.0/i586/libkdefakes5-4.3.2-11.14mdv2010.0.i586.rpm

e027288fdb8d917f934641ea934432c7 2010.0/i586/libkdesu5-4.3.2-11.14mdv2010.0.i586.rpm

e9ca80075872c1e68ca1f5ddeb9ce2a4 2010.0/i586/libkdeui5-4.3.2-11.14mdv2010.0.i586.rpm

9d9b22a86b5b0684801cf652afb6791a 2010.0/i586/libkdnssd4-4.3.2-11.14mdv2010.0.i586.rpm

b70ed737e0f857d68d9fefb3fad2cfa1 2010.0/i586/libkfile4-4.3.2-11.14mdv2010.0.i586.rpm

27bfe29c5952d58c1eaf2bb130668d2c 2010.0/i586/libkhtml5-4.3.2-11.14mdv2010.0.i586.rpm

a2e2456a104d6085479229bc3edf3370 2010.0/i586/libkimproxy4-4.3.2-11.14mdv2010.0.i586.rpm

b152961f2b3c06134ae0ca2bdabe77b0 2010.0/i586/libkio5-4.3.2-11.14mdv2010.0.i586.rpm

1e8d3dc384c46afb23bb4dace40df5f6 2010.0/i586/libkjs4-4.3.2-11.14mdv2010.0.i586.rpm

64736a9db93696bf4e1658cc9cbed0f5 2010.0/i586/libkjsapi4-4.3.2-11.14mdv2010.0.i586.rpm

fd005b1db52fbe95b163428e9f1edd43 2010.0/i586/libkjsembed4-4.3.2-11.14mdv2010.0.i586.rpm

5eb298a371bb5fc31494856a2cddd3a6 2010.0/i586/libkmediaplayer4-4.3.2-11.14mdv2010.0.i586.rpm

3013d74cdf48c0e6e0c55f8af5bf83a0 2010.0/i586/libknewstuff2_4-4.3.2-11.14mdv2010.0.i586.rpm

2c31f4c0fa71ec35ec5a5f0e68ff4847 2010.0/i586/libknotifyconfig4-4.3.2-11.14mdv2010.0.i586.rpm

361a0aa31fb34f77d99a3b2bcc08d06b 2010.0/i586/libkntlm4-4.3.2-11.14mdv2010.0.i586.rpm

f383eeec52164d5122ea6125b2e9b02f 2010.0/i586/libkparts4-4.3.2-11.14mdv2010.0.i586.rpm

0d8db89b62359ac9fe6c61661987708f 2010.0/i586/libkpty4-4.3.2-11.14mdv2010.0.i586.rpm

9bfd72866126f8fbae7b15af580385d5 2010.0/i586/libkrosscore4-4.3.2-11.14mdv2010.0.i586.rpm

9c5d90d57dbacadd0472c167a3c7a6a5 2010.0/i586/libkrossui4-4.3.2-11.14mdv2010.0.i586.rpm

2fbe8d729b997df8105edf5595e5fc5f 2010.0/i586/libktexteditor4-4.3.2-11.14mdv2010.0.i586.rpm

8396960aaa8c205602b4d48bff64f1cb 2010.0/i586/libkunittest4-4.3.2-11.14mdv2010.0.i586.rpm

a50fa982912201b0785ee37b6e776fc3 2010.0/i586/libkutils4-4.3.2-11.14mdv2010.0.i586.rpm

6caf366e3455479e9d95fee1a1a36bcc 2010.0/i586/libnepomuk4-4.3.2-11.14mdv2010.0.i586.rpm

8250fed72d654f5c61cd9cb4d868e06d 2010.0/i586/libplasma3-4.3.2-11.14mdv2010.0.i586.rpm

a6201c4800f363cba18afdfd8a9fbc15 2010.0/i586/libsolid4-4.3.2-11.14mdv2010.0.i586.rpm

2a6d763d74f0d420429a1943fc8f288b 2010.0/i586/libthreadweaver4-4.3.2-11.14mdv2010.0.i586.rpm

efa77a322ba85ef9fe3382173a73d96f 2010.0/SRPMS/kdelibs4-4.3.2-11.14mdv2010.0.src.rpm

 

Mandriva Linux 2010.0/X86_64:

628c96841b4fe1ae8f60d091fa14f4a8 2010.0/x86_64/kdelibs4-core-4.3.2-11.14mdv2010.0.x86_64.rpm

49b2d3b07b9972a4ce96c7165365877b 2010.0/x86_64/kdelibs4-devel-4.3.2-11.14mdv2010.0.x86_64.rpm

653348d413757079608374479aabf7af 2010.0/x86_64/lib64kde3support4-4.3.2-11.14mdv2010.0.x86_64.rpm

310b1c2d870c6b49b24359ef3f48c5b2 2010.0/x86_64/lib64kdecore5-4.3.2-11.14mdv2010.0.x86_64.rpm

2204c6207c7d9832f1c9b08e44bab933 2010.0/x86_64/lib64kdefakes5-4.3.2-11.14mdv2010.0.x86_64.rpm

ded542c4f600ec4ee9578a84eecba90d 2010.0/x86_64/lib64kdesu5-4.3.2-11.14mdv2010.0.x86_64.rpm

61e898c4a9986d30c9fb5df8cab0c6a2 2010.0/x86_64/lib64kdeui5-4.3.2-11.14mdv2010.0.x86_64.rpm

2c1372cf3ceb6ccc2b576fd2391f265e 2010.0/x86_64/lib64kdnssd4-4.3.2-11.14mdv2010.0.x86_64.rpm

5c9c1bc90773a78df10e0c31b7c415a2 2010.0/x86_64/lib64kfile4-4.3.2-11.14mdv2010.0.x86_64.rpm

154c30e99ce9c2d956fd9bab69a32eb8 2010.0/x86_64/lib64khtml5-4.3.2-11.14mdv2010.0.x86_64.rpm

6b4fd189b0068c859653f1c0a95d169a 2010.0/x86_64/lib64kimproxy4-4.3.2-11.14mdv2010.0.x86_64.rpm

599dbbf7689d9ea31991d6b9ce86e0fa 2010.0/x86_64/lib64kio5-4.3.2-11.14mdv2010.0.x86_64.rpm

2e31f04cb9871f6fa54033281c9fbcfd 2010.0/x86_64/lib64kjs4-4.3.2-11.14mdv2010.0.x86_64.rpm

ba8d5f97e0d2cc07ac379d12160dc710 2010.0/x86_64/lib64kjsapi4-4.3.2-11.14mdv2010.0.x86_64.rpm

dac95aac7d233a11f3b920819d120c96 2010.0/x86_64/lib64kjsembed4-4.3.2-11.14mdv2010.0.x86_64.rpm

3acd8d0df72a1206091397e3f30dc23e 2010.0/x86_64/lib64kmediaplayer4-4.3.2-11.14mdv2010.0.x86_64.rpm

8d45de302d9197e5956f4559523939ce 2010.0/x86_64/lib64knewstuff2_4-4.3.2-11.14mdv2010.0.x86_64.rpm

2218d8ca6ab9c49c5302377cbf3fb6d6 2010.0/x86_64/lib64knotifyconfig4-4.3.2-11.14mdv2010.0.x86_64.rpm

b0f7f7966ecacb227bdf8e5a6f7ec1f4 2010.0/x86_64/lib64kntlm4-4.3.2-11.14mdv2010.0.x86_64.rpm

df1c765779d67ef5ed75259888f1a399 2010.0/x86_64/lib64kparts4-4.3.2-11.14mdv2010.0.x86_64.rpm

13a37eefc1eaf718817ab9d4a61ad0d5 2010.0/x86_64/lib64kpty4-4.3.2-11.14mdv2010.0.x86_64.rpm

77db36915eac2265b955c9730fdc6611 2010.0/x86_64/lib64krosscore4-4.3.2-11.14mdv2010.0.x86_64.rpm

47f9b8a7070adc1028f3b8dcdf14ed26 2010.0/x86_64/lib64krossui4-4.3.2-11.14mdv2010.0.x86_64.rpm

8cd7275deff482953895f7d71f232160 2010.0/x86_64/lib64ktexteditor4-4.3.2-11.14mdv2010.0.x86_64.rpm

5c5b666d4ae0fb58c0d6e012c7522161 2010.0/x86_64/lib64kunittest4-4.3.2-11.14mdv2010.0.x86_64.rpm

d67c086990110f1fac519f7d3948b053 2010.0/x86_64/lib64kutils4-4.3.2-11.14mdv2010.0.x86_64.rpm

c9692f6851972ba9fbc9dd1773891db5 2010.0/x86_64/lib64nepomuk4-4.3.2-11.14mdv2010.0.x86_64.rpm

36674939e5e7ffb36427fbc504e097a8 2010.0/x86_64/lib64plasma3-4.3.2-11.14mdv2010.0.x86_64.rpm

29087c6119008e740c13e4ac48d6a4d0 2010.0/x86_64/lib64solid4-4.3.2-11.14mdv2010.0.x86_64.rpm

775291372adee37558c25d9b0f3e0348 2010.0/x86_64/lib64threadweaver4-4.3.2-11.14mdv2010.0.x86_64.rpm

efa77a322ba85ef9fe3382173a73d96f 2010.0/SRPMS/kdelibs4-4.3.2-11.14mdv2010.0.src.rpm

_______________________________________________________________________

 

To upgrade automatically use MandrivaUpdate or urpmi. The verification

of md5 checksums and GPG signatures is performed automatically for you.

 

All packages are signed by Mandriva for security. You can obtain the

GPG public key of the Mandriva Security Team by executing:

 

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 

You can view other update advisories for Mandriva Linux at:

 

http://www.mandriva.com/security/advisories

 

If you want to report vulnerabilities, please contact

 

security_(at)_mandriva.com

_______________________________________________________________________

 

Type Bits/KeyID Date User ID

pub 1024D/22458A98 2000-07-10 Mandriva Security Team

 

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.9 (GNU/Linux)

 

iD8DBQFLYAPjmqjQ0CJFipgRAlWCAJ45g7YqrzFHMj4n1CTe7bDmTtElDQCg9tEz

jCRztpSQwDQQjyfD+MvizBM=

=SRaf

-----END PGP SIGNATURE-----

 

 

------------=_1264594713-24326-3818

Content-Type: text/plain; name="message-footer.txt"

Content-Disposition: inline; filename="message-footer.txt"

Content-Transfer-Encoding: 8bit

 

To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org

with this subject : unsubscribe security-announce

_______________________________________________________

Want to buy your Pack or Services from Mandriva?

Go to http://www.mandrivastore.com

Join the Club : http://www.mandrivaclub.com

_______________________________________________________

 

------------=_1264594713-24326-3818--

 

 

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Upcoming News
×