-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1868-1 security@xxxxxxxxxx http://www.debian.org/security/ Steffen Joeris August 19, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : kde4libs Vulnerability : several vulnerabilities Problem type : local (remote) Debian-specific: no CVE Ids : CVE-2009-1690 CVE-2009-1698 CVE-2009-1687 Debian Bugs : 534949 Several security issues have been discovered in kde4libs, core libraries for all KDE 4 applications. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1690 It was discovered that there is a use-after-free flaw in handling certain DOM event handlers. This could lead to the execution of arbitrary code, when visiting a malicious website. CVE-2009-1698 It was discovered that there could be an uninitialised pointer when handling a Cascading Style Sheets (CSS) attr function call. This could lead to the execution of arbitrary code, when visiting a malicious website. CVE-2009-1687 It was discovered that the JavaScript garbage collector does not handle allocation failures properly, which could lead to the execution of arbitrary code when visiting a malicious website. For the stable distribution (lenny), these problems have been fixed in version 4:4.1.0-3+lenny1. The oldstable distribution (etch) does not contain kde4libs. For the testing distribution (squeeze), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 4:4.3.0-1. We recommend that you upgrade your kde4libs packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/k/kde4libs/kde4libs_4.1.0-3+lenny1.dsc Size/MD5 checksum: 2149 7bc7675c4aa9e7afd4fa3f83b3f95810 http://security.debian.org/pool/updates/main/k/kde4libs/kde4libs_4.1.0-3+lenny1.diff.gz Size/MD5 checksum: 91423 ecc50e9bedff96a3285a031141ea15d6 http://security.debian.org/pool/updates/main/k/kde4libs/kde4libs_4.1.0.orig.tar.gz Size/MD5 checksum: 11264345 05487ff0cbc3da093f19e59184b259c7 Architecture independent packages: http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-data_4.1.0-3+lenny1_all.deb Size/MD5 checksum: 3140792 47debc16cde2c9a927252ef09d89c1a3 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs-bin_4.1.0-3+lenny1_alpha.deb Size/MD5 checksum: 485854 b888554c3d2658b0af3abfa842c58588 http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dbg_4.1.0-3+lenny1_alpha.deb Size/MD5 checksum: 67441346 e6d761db09e246d88139e3416de56611 http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dev_4.1.0-3+lenny1_alpha.deb Size/MD5 checksum: 1468330 b8c3ce39505d2532f2c5d7fc83de01d8 http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5_4.1.0-3+lenny1_alpha.deb Size/MD5 checksum: 11132464 6b307db1dd606a5fbbad60745cf51236 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs-bin_4.1.0-3+lenny1_amd64.deb Size/MD5 checksum: 450758 dc184603a57dc4bbcedde957086463c3 http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dbg_4.1.0-3+lenny1_amd64.deb Size/MD5 checksum: 65872658 3bc3de5af3ff3722bd7817b6c4a4c4d4 http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5_4.1.0-3+lenny1_amd64.deb Size/MD5 checksum: 10078022 aec949a2390e430248089ebb3790ed78 http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dev_4.1.0-3+lenny1_amd64.deb Size/MD5 checksum: 1454348 51a11bc442e5155ee37bc276c2cb025e arm architecture (ARM) http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs-bin_4.1.0-3+lenny1_arm.deb Size/MD5 checksum: 445060 4c9f86c771e9d24459fc1a1369b19d1c http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dbg_4.1.0-3+lenny1_arm.deb Size/MD5 checksum: 67062788 8ead631de22e777ac573400dc7829728 http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dev_4.1.0-3+lenny1_arm.deb Size/MD5 checksum: 1501464 e90a472bd53283512dda2c5522b1e779 http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5_4.1.0-3+lenny1_arm.deb Size/MD5 checksum: 10159066 44dc0551f1664e6775cca2fc2e9568c8 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs-bin_4.1.0-3+lenny1_hppa.deb Size/MD5 checksum: 468294 71da7f31e8f21706831abfb597d6c161 http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5_4.1.0-3+lenny1_hppa.deb Size/MD5 checksum: 11272148 eae478aac58c1e84cb57c9244bc6e633 http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dbg_4.1.0-3+lenny1_hppa.deb Size/MD5 checksum: 66023980 bc0eeed2957433fdf38f227d464c4dac http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dev_4.1.0-3+lenny1_hppa.deb Size/MD5 checksum: 1501146 55ebcb8acd0e29c84dad063f030d4b32 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5_4.1.0-3+lenny1_i386.deb Size/MD5 checksum: 9495028 0486badbc6a675555500eac834e66770 http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dev_4.1.0-3+lenny1_i386.deb Size/MD5 checksum: 1494680 7caef230087548ae9fafc4c9cbfa51a6 http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs-bin_4.1.0-3+lenny1_i386.deb Size/MD5 checksum: 428258 a2154b9e6f111e00d9fafee2e44950d3 http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dbg_4.1.0-3+lenny1_i386.deb Size/MD5 checksum: 65050706 cc57db2601c136b0ea25aa2aafc9ada4 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs-bin_4.1.0-3+lenny1_ia64.deb Size/MD5 checksum: 636012 8835da7f0554073419c9bb1ea699be2f http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dbg_4.1.0-3+lenny1_ia64.deb Size/MD5 checksum: 69462428 1a34d47746eb45a014c6a18d7711437e http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dev_4.1.0-3+lenny1_ia64.deb Size/MD5 checksum: 1490832 1731fe69a65e2aaeecbc7c31ba594ea3 http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5_4.1.0-3+lenny1_ia64.deb Size/MD5 checksum: 14283690 92e7eaeeb3288d64aad305c1f7b46ace mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs-bin_4.1.0-3+lenny1_mips.deb Size/MD5 checksum: 411002 fc291f1f164002ffa25f21ab4413d418 http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dev_4.1.0-3+lenny1_mips.deb Size/MD5 checksum: 1491562 5ad177aedcac523d4414c1b33590a8aa http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dbg_4.1.0-3+lenny1_mips.deb Size/MD5 checksum: 67214842 6bf4782cae7a4bb07600a8c4622d2ba8 http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5_4.1.0-3+lenny1_mips.deb Size/MD5 checksum: 8922858 e2081fa92bc60067bf3fab1d9553d9f0 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dev_4.1.0-3+lenny1_mipsel.deb Size/MD5 checksum: 1445728 0e93a06b9c99da3e19fe9ed57effc2af http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dbg_4.1.0-3+lenny1_mipsel.deb Size/MD5 checksum: 64601046 76bcf6fa57c4c9fe4146996227fd483e http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs-bin_4.1.0-3+lenny1_mipsel.deb Size/MD5 checksum: 410088 c1a038807d9bfd9ec21b3d3fb9b4ad3b http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5_4.1.0-3+lenny1_mipsel.deb Size/MD5 checksum: 8776788 a4e68c739bc64700c8cba42746337051 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5_4.1.0-3+lenny1_powerpc.deb Size/MD5 checksum: 10152880 7c3caef790d31e75030798ff255860f0 http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dev_4.1.0-3+lenny1_powerpc.deb Size/MD5 checksum: 1504080 2a6f91b2f9d251f7c948db16b26b74e6 http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs-bin_4.1.0-3+lenny1_powerpc.deb Size/MD5 checksum: 488426 f82580483fe29a15a635df5b130889f0 http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dbg_4.1.0-3+lenny1_powerpc.deb Size/MD5 checksum: 69005164 b5142561ef43d8f394f69723ecfa101e s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dev_4.1.0-3+lenny1_s390.deb Size/MD5 checksum: 1454438 7f6117ffd81b9a759544a84b129451d2 http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dbg_4.1.0-3+lenny1_s390.deb Size/MD5 checksum: 69791606 b67cba5028161769d9227e551ce1e3ce http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs-bin_4.1.0-3+lenny1_s390.deb Size/MD5 checksum: 476722 3871456f5fad8399f14f6711bd483635 http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5_4.1.0-3+lenny1_s390.deb Size/MD5 checksum: 10410196 3a1c94adbe9d2cdf3aab21e684a2ee09 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkqL6kUACgkQ62zWxYk/rQc4XQCgv57MtdnS28v+mv32yeqdPJGM dbkAoMhblXkQ41ECEW7pS9G/A0+cXXNb =Cy4f -----END PGP SIGNATURE-----
