[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Fedora] Schwachstelle in der Bibliothek kdelibs - FEDORA-2006-1103

To: win-sec-ssc@xxxxxxxxxxx
Subject: [Fedora] Schwachstelle in der Bibliothek kdelibs - FEDORA-2006-1103
From: win-sec-ssc@xxxxxxxxxxx
Date: Tue, 14 Nov 2006 16:49:32 +0100 (CET)
-----BEGIN PGP SIGNED MESSAGE-----

Liebe Kolleginnen und Kollegen,

soeben erreichte uns nachfolgendes Fedora Security Advisory. Wir geben
diese Informationen unveraendert an Sie weiter.

CVE-2006-4811 - Integer Overflow in den kdelibs

  Bei der Behandlung von pixmap Bildern durch QT bzw. den kdelibs kann
  ein Integer Overflow ausgeloest werden. Die KDE khtml Bibliothek ruft
  QT so auf, dass eine Ausnutzung durch einen entfernten Angreifer
  moeglich ist. Dies kann z.B. mit Hilfe einer entsprechend
  manipulierten Webseite geschehen, die vom Opfer mit dem Browser
  Konqueror angesehen wird. Der Angreifer kann das betroffene Programm
  zum Absturz bringen und evtl. beliebige Befehle mit den Rechten des
  Benutzers ausfuehren.

Betroffen sind die folgenden Software Pakete und Plattformen:

  Paket kdelibs

  Fedora Core 5

Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.

Hersteller Advisory:
  https://www.redhat.com/archives/fedora-package-announce/2006-November/msg00094.html


(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.

Mit freundlichen Gruessen,
                Klaus Moeller, DFN-CERT Services GmbH


- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2006-1103
2006-11-12
- ---------------------------------------------------------------------

Product     : Fedora Core 5
Name        : kdelibs
Version     : 3.5.5
Release     : 0.2.fc5
Summary     : K Desktop Environment - Libraries
Description :
Libraries for the K Desktop Environment:
KDE Libraries included: kdecore (KDE core library), kdeui (user interface),
kfm (file manager), khtmlw (HTML widget), kio (Input/Output, networking),
kspell (spelling checker), jscript (javascript), kab (addressbook),
kimgio (image manipulation).

- ---------------------------------------------------------------------
Update Information:

KDE 3.5.5 release

- ---------------------------------------------------------------------
* Wed Oct 18 2006 Than Ngo <than@xxxxxxxxxx> 6:3.5.5-0.2.fc5
- - fix connect timeout being much too short due to s/ms confusion
- - fix integer overflow flaw CVE-2006-4811, thanks to Dirk Mueller
* Tue Oct 10 2006 Than Ngo <than@xxxxxxxxxx> 6:3.5.5-0.1.fc5
- - 3.5.5
* Sat Sep 30 2006 Than Ngo <than@xxxxxxxxxx> 6:3.5.4-0.4.fc5
- - apply upstream patches
   fix #115891/bz#208270, CUPS 1.2.x unix socket support
   fix #123915, Page format display is 'overlaid'
   fix #100188, Fix incorrect 'endl' usage
   fix khtml rendering issue
   fix #134118, silent startup notification never going away
* Tue Sep 12 2006 Than Ngo <than@xxxxxxxxxx> 6:3.5.4-0.3.fc5
- - fix #205767, konsole no longer register itself to utmp
- - apply upstream patches
   fix #123413, kded crash when KDED modules make DCOP calls in their destructors
   fix #133529, konqueror's performance issue
   fix kdebug crash
   add more icon contexts (Tango icontheme)
   fix #133677, file sharing doesn't work with 2-character long home directories
   fix #123941, qt xim plugin sometimes leads to crash
   fix #132678, Google search encoding fix
* Wed Sep  6 2006 Than Ngo <than@xxxxxxxxxx> 6:3.5.4-0.2.fc5
- - apply upstream patches
    fix #123413, kded crash when KDED modules make DCOP calls in their destructors
    fix kde#121528, konqueror crash
    fix kde#131366, Padding-bottom and padding-top not applied to inline elements
    fix kde#131933, crash when pressing enter inside a doxygen comment block
    fix kde#106812, text-align of tables should only be reset in quirk mode
    fix kde#90462, konqueror crash while rendering in khtml
* Thu Aug 10 2006 Than Ngo <than@xxxxxxxxxx> 6:3.5.4-0.1.fc5
- - 3.5.4
* Tue Jul 11 2006 Than Ngo <than@xxxxxxxxxx> 6:3.5.3-0.4.fc5
- - fix #198333 â?? KDE update loses Control Centre
- - upstream patches:
     kde#123307 - Find previous does nothing sometimes
     kde#106795 - konqueror crash
     kde#128760 - Mistake in picture placing on page
     kde#130605 - konqueror crash
     kde#129187 - konqueror crash when modifying address bar address
* Tue Jul  4 2006 Than Ngo <than@xxxxxxxxxx> 6:3.5.3-0.3.fc5
- - apply upstream patches,
   fix #128940/#81806/#57159/#118277/#123315/#65546/#128842/#128902/#67849/#81806
- - fix #196013, mark kde.sh/kde.csh as config file
- - fix #178323 #196225, typo in kde.sh
* Wed Jun 14 2006 Than Ngo <than@xxxxxxxxxx> 6:3.5.3-0.2.fc5
- - apply patch to fix crash in konqueror
* Wed May 24 2006 Than Ngo <than@xxxxxxxxxx> 6:3.5.3-0.1.fc5
- - update to 3.5.3
* Tue May 23 2006 Than Ngo <than@xxxxxxxxxx> 6:3.5.2-0.3.fc5
- - fix #189677, No longer possible to "copy & rename" file in same directory
- - fix #192585, kdeprint writes incorrect cupsd.conf
- - fix #178323, add KDE_IS_PRELINKED/KDE_NO_IPV60

- ---------------------------------------------------------------------
This update can be downloaded from:
    http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

fc14bd3bbc99bdf6622db077098dc5b0bbb9bb00  SRPMS/kdelibs-3.5.5-0.2.fc5.src.rpm
fc14bd3bbc99bdf6622db077098dc5b0bbb9bb00  noarch/kdelibs-3.5.5-0.2.fc5.src.rpm
2be611472c902ec8cac22624307fe28c85f82a1c  ppc/kdelibs-apidocs-3.5.5-0.2.fc5.ppc.rpm
0b1fa12c645e82fc8de709d2e82f3eec9bfaea04  ppc/debug/kdelibs-debuginfo-3.5.5-0.2.fc5.ppc.rpm
b8383450abe93742cedcfe4899841b32e9e16b63  ppc/kdelibs-devel-3.5.5-0.2.fc5.ppc.rpm
abef4a7c489c56ff990e65c9d588e46a470323b6  ppc/kdelibs-3.5.5-0.2.fc5.ppc.rpm
0261e134461a175eb8ac7c097309b4091454da2e  x86_64/kdelibs-apidocs-3.5.5-0.2.fc5.x86_64.rpm
2488746700f6fe106684fe20131a7120b6d58d4a  x86_64/debug/kdelibs-debuginfo-3.5.5-0.2.fc5.x86_64.rpm
9a4092784b64935392ac6d2af18a1145b58dac16  x86_64/kdelibs-devel-3.5.5-0.2.fc5.x86_64.rpm
61799fb0b23482110a884d4ba517045864c681fb  x86_64/kdelibs-3.5.5-0.2.fc5.x86_64.rpm
b7bc79d2bec5535f3ba053487836951cde2fcd2d  i386/kdelibs-devel-3.5.5-0.2.fc5.i386.rpm
3343cb5693e1821dd3cadc34f648354dee6484a2  i386/kdelibs-apidocs-3.5.5-0.2.fc5.i386.rpm
28fc9c50c53f949a653ae0bddbd10396b9fb7128  i386/debug/kdelibs-debuginfo-3.5.5-0.2.fc5.i386.rpm
cefcaebc975ba23706b36fde98625d7e7a491a57  i386/kdelibs-3.5.5-0.2.fc5.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
- ---------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iQEVAwUBRVnljPBT2+ukQ5RFAQHrEAf/ctEaspzrlLCDXdQDxt2mfyG+L2XhNC+g
jSY/K4W+k867wbI6PvK2orZEdrwJZP6kJeDRDdbGyjALbzqDvLAkgTIEWndWEcfM
wVLnOZBFkcY5JQgBvCKEbFQ8uSdBHZ4K+k5HjHqPN5tPgxys0/hykJhmH0ocbFV7
rfTp0Sn8/PXzDGulPCBLHl/KFG0Kdk5DYUgKkzspT9Rbm5tSRYSq3zMw1nG6ynjf
sEzRkIRbIN5sh2XySVV0IPtNl6wr4YfVjQBqbJCpCvbTQVvTR/km22Jf9SiBwELS
gnLwd6lWjYFqVYqWbOVFhf/QKPYV3mCixKK4ba1mUdHPFdNdGZpzPA==
=Fnbi
-----END PGP SIGNATURE-----
Prev by Date: [SuSE] Schwachstelle in ImageMagick - SUSE-SA:2006:066
Next by Date: [MS] Schwachstelle im Microsoft Agent - MS06-068
Previous by thread: [SuSE] Schwachstelle in ImageMagick - SUSE-SA:2006:066
Next by thread: [MS] Schwachstelle im Microsoft Agent - MS06-068
Index(es):
- Date
- Thread