Sicherheit: Zahlenüberlauf in kdelibs

Lesezeichen hinzufügen

This is a multi-part message in MIME format...

------------=_1161287256-29603-124

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2006:186
http://www.mandriva.com/security/
_______________________________________________________________________

Package : kdelibs
Date : October 19, 2006
Affected: 2007.0, Corporate 3.0, Corporate 4.0
_______________________________________________________________________

Problem Description:

A vulnerability was discovered in the way that Qt handled pixmap images
and the KDE khtml library used Qt in such a way that untrusted
parameters could be passed to Qt, resulting in an integer overflow.
This flaw could be exploited by a remote attacker in a malicious
website that, when viewed by an individual using Konqueror, would cause
Konqueror to crash or possibly execute arbitrary code with the
privileges of the user.

Updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4811
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
0468fedc69128d4967771b9132b756f4
2007.0/i586/kdelibs-common-3.5.4-19.1mdv2007.0.i586.rpm
2dc30948c1fdce7e25d9b7a8a9379e51
2007.0/i586/kdelibs-devel-doc-3.5.4-19.1mdv2007.0.i586.rpm
7c637c18db5254991e86662b4d0a3dbd
2007.0/i586/libkdecore4-3.5.4-19.1mdv2007.0.i586.rpm
2990a2078b4971d5b3fff5a8282834aa
2007.0/i586/libkdecore4-devel-3.5.4-19.1mdv2007.0.i586.rpm
de92b184fd62a8aa54278c0a7aeb5f43
2007.0/SRPMS/kdelibs-3.5.4-19.1mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
e067573bb458b0606e19c8950fedb860
2007.0/x86_64/kdelibs-common-3.5.4-19.1mdv2007.0.x86_64.rpm
5143af28520ea05d50bc07a92523bf5a
2007.0/x86_64/kdelibs-devel-doc-3.5.4-19.1mdv2007.0.x86_64.rpm
452cd5fe9b000d31911cc8b19dbed9ca
2007.0/x86_64/lib64kdecore4-3.5.4-19.1mdv2007.0.x86_64.rpm
22e66d820ad6e94c332df514e756b06c
2007.0/x86_64/lib64kdecore4-devel-3.5.4-19.1mdv2007.0.x86_64.rpm
de92b184fd62a8aa54278c0a7aeb5f43
2007.0/SRPMS/kdelibs-3.5.4-19.1mdv2007.0.src.rpm

Corporate 3.0:
692f918e3e7acbe933684d973261ca0c
corporate/3.0/i586/kdelibs-common-3.2-36.16.C30mdk.i586.rpm
8537e316e30762eb2420e0c2412ffaf8
corporate/3.0/i586/libkdecore4-3.2-36.16.C30mdk.i586.rpm
37d09cd7b937ac25e98b87fe4161bfe1
corporate/3.0/i586/libkdecore4-devel-3.2-36.16.C30mdk.i586.rpm
815b64f8f6d1309414fa128ff049fa8a
corporate/3.0/SRPMS/kdelibs-3.2-36.16.C30mdk.src.rpm

Corporate 3.0/X86_64:
80f41ba7cab5c29812574b255487ff75
corporate/3.0/x86_64/kdelibs-common-3.2-36.16.C30mdk.x86_64.rpm
690b32020e45a8f1e1d7cff8dc3d342b
corporate/3.0/x86_64/lib64kdecore4-3.2-36.16.C30mdk.x86_64.rpm
39f37ea645b542dfd872b015d7b2db53
corporate/3.0/x86_64/lib64kdecore4-devel-3.2-36.16.C30mdk.x86_64.rpm
8537e316e30762eb2420e0c2412ffaf8
corporate/3.0/x86_64/libkdecore4-3.2-36.16.C30mdk.i586.rpm
815b64f8f6d1309414fa128ff049fa8a
corporate/3.0/SRPMS/kdelibs-3.2-36.16.C30mdk.src.rpm

Corporate 4.0:
3561f4ec95d79ede9284cb1ff897681b
corporate/4.0/i586/kdelibs-arts-3.5.4-1.2.20060mlcs4.i586.rpm
3e19560491f720fd9034a95dfb4f529d
corporate/4.0/i586/kdelibs-common-3.5.4-1.2.20060mlcs4.i586.rpm
633e83e144a3a0daa1057ecae48a0991
corporate/4.0/i586/kdelibs-devel-doc-3.5.4-1.2.20060mlcs4.i586.rpm
853c0d7af1b8515c9226eb3ff1ae0e52
corporate/4.0/i586/libkdecore4-3.5.4-1.2.20060mlcs4.i586.rpm
ffe121c5ed1528769d981a5b5d526b81
corporate/4.0/i586/libkdecore4-devel-3.5.4-1.2.20060mlcs4.i586.rpm
52f9f74e64bf4da50df95c02d350fa11
corporate/4.0/SRPMS/kdelibs-3.5.4-1.2.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
6ad107993dc8ba3726eb47bb087393e4
corporate/4.0/x86_64/kdelibs-arts-3.5.4-1.2.20060mlcs4.x86_64.rpm
4be667bf1d745fedc81314d697e3320a
corporate/4.0/x86_64/kdelibs-common-3.5.4-1.2.20060mlcs4.x86_64.rpm
a1480b53dcf74c2af2c044c0da4b45d7
corporate/4.0/x86_64/kdelibs-devel-doc-3.5.4-1.2.20060mlcs4.x86_64.rpm
e40a8bb434849c3976ba57f1e52ba78e
corporate/4.0/x86_64/lib64kdecore4-3.5.4-1.2.20060mlcs4.x86_64.rpm
4e488a23bad70524ef7d731b834cbe50
corporate/4.0/x86_64/lib64kdecore4-devel-3.5.4-1.2.20060mlcs4.x86_64.rpm
52f9f74e64bf4da50df95c02d350fa11
corporate/4.0/SRPMS/kdelibs-3.5.4-1.2.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFFN6HxmqjQ0CJFipgRAlhPAJ9upOtzc8Tca3AdO3yKvA5NbUPyDwCgujf4
3inMK/Y7xE5b7lQ2ONGuD0I=
=dWxU
-----END PGP SIGNATURE-----

------------=_1161287256-29603-124
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1161287256-29603-124--