--------------------------------------------------------------------- Fedora Update Notification FEDORA-2006-050 2006-01-20 --------------------------------------------------------------------- Product : Fedora Core 4 Name : kdelibs Version : 3.5.0 Release : 0.4.fc4 Summary : K Desktop Environment - Libraries Description : Libraries for the K Desktop Environment: KDE Libraries included: kdecore (KDE core library), kdeui (user interface), kfm (file manager), khtmlw (HTML widget), kio (Input/Output, networking), kspell (spelling checker), jscript (javascript), kab (addressbook), kimgio (image manipulation). --------------------------------------------------------------------- Update Information: A heap overflow flaw was discovered affecting kjs, the JavaScript interpreter engine used by Konqueror and other parts of KDE. An attacker could create a malicious web site containing carefully crafted JavaScript code that would trigger this flaw and possibly lead to arbitrary code execution. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0019 to this issue. Users of KDE should upgrade to these updated packages, which contain a backported patch from the KDE security team correcting this issue --------------------------------------------------------------------- * Wed Jan 18 2006 Than Ngo <than@xxxxxxxxxx> 3.5.0-0.4.fc4 - apply patch to fix a printing problem - add requires on iceauth #176571 * Wed Jan 11 2006 Karsten Hopp <karsten@xxxxxxxxx> 6:3.5.0-0.3.fc4 - fix kjs encodeuri/decodeuri heap overflow vulnerability, CVE-2006-0019 --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/ db86b76009dfd868772600e2b643197fd7d7be1a SRPMS/kdelibs-3.5.0-0.4.fc4.src.rpm 93b3eada75276675171f62e8f82602fc9d4174e8 ppc/kdelibs-3.5.0-0.4.fc4.ppc.rpm eaa612bac27317b96a0c88d6f122a8595acb1b7a ppc/kdelibs-devel-3.5.0-0.4.fc4.ppc.rpm 81d47e47869fceaba8a83207577e7e88eadd7eb4 ppc/debug/kdelibs-debuginfo-3.5.0-0.4.fc4.ppc.rpm e57159f6621915c22645ce3e35dfb34d9e1e8e80 x86_64/kdelibs-3.5.0-0.4.fc4.x86_64.rpm 5558a0aeda509ec10a618c0a7e44532bced642da x86_64/kdelibs-devel-3.5.0-0.4.fc4.x86_64.rpm 8e0602b9f6f2b307b8317acad389c72e68110b2a x86_64/debug/kdelibs-debuginfo-3.5.0-0.4.fc4.x86_64.rpm ba4d3840f602dedb774231eb821fd6dcbe73e3cf i386/kdelibs-3.5.0-0.4.fc4.i386.rpm 86d01df92bfc26b56e1dfba9f196c2d6aacf1ef8 i386/kdelibs-devel-3.5.0-0.4.fc4.i386.rpm 397f3f220aa17b36ada0a165b31d225f5fd6580d i386/debug/kdelibs-debuginfo-3.5.0-0.4.fc4.i386.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://fedora.redhat.com/docs/yum/. --------------------------------------------------------------------- -- fedora-announce-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-announce-list
