---------------------------------------------------------------------Fedora Update Notification
FEDORA-2006-050
2006-01-20
---------------------------------------------------------------------Product     : Fedora Core 4
Name        : kdelibs
Version     : 3.5.0                      
Release     : 0.4.fc4                  
Summary     : K Desktop Environment - Libraries
Description :
Libraries for the K Desktop Environment:
KDE Libraries included: kdecore (KDE core library), kdeui (user interface),
kfm (file manager), khtmlw (HTML widget), kio (Input/Output, networking),
kspell (spelling checker), jscript (javascript), kab (addressbook),
kimgio (image manipulation).

---------------------------------------------------------------------Update Information:

A heap overflow flaw was discovered affecting kjs, the
JavaScript interpreter engine used by Konqueror and other
parts of KDE. An attacker could create a malicious web site
containing carefully crafted JavaScript code that would
trigger this flaw and possibly lead to arbitrary code
execution. The Common Vulnerabilities and Exposures project
assigned the name CVE-2006-0019 to this issue. 

Users of KDE should upgrade to these updated packages, which
contain a backported patch from the KDE security team
correcting this issue
---------------------------------------------------------------------* Wed Jan 18 2006 Than Ngo  3.5.0-0.4.fc4 
- apply patch to fix a printing problem
- add requires on iceauth #176571
* Wed Jan 11 2006 Karsten Hopp  6:3.5.0-0.3.fc4
- fix kjs encodeuri/decodeuri heap overflow vulnerability, CVE-2006-0019

---------------------------------------------------------------------This update can be downloaded from:
  
db86b76009dfd868772600e2b643197fd7d7be1a  SRPMS/kdelibs-3.5.0-0.4.fc4.src.rpm
93b3eada75276675171f62e8f82602fc9d4174e8  ppc/kdelibs-3.5.0-0.4.fc4.ppc.rpm
eaa612bac27317b96a0c88d6f122a8595acb1b7a  ppc/kdelibs-devel-3.5.0-0.4.fc4.ppc.rpm
81d47e47869fceaba8a83207577e7e88eadd7eb4  ppc/debug/kdelibs-debuginfo-3.5.0-0.4.fc4.ppc.rpm
e57159f6621915c22645ce3e35dfb34d9e1e8e80  x86_64/kdelibs-3.5.0-0.4.fc4.x86_64.rpm
5558a0aeda509ec10a618c0a7e44532bced642da  x86_64/kdelibs-devel-3.5.0-0.4.fc4.x86_64.rpm
8e0602b9f6f2b307b8317acad389c72e68110b2a  x86_64/debug/kdelibs-debuginfo-3.5.0-0.4.fc4.x86_64.rpm
ba4d3840f602dedb774231eb821fd6dcbe73e3cf  i386/kdelibs-3.5.0-0.4.fc4.i386.rpm
86d01df92bfc26b56e1dfba9f196c2d6aacf1ef8  i386/kdelibs-devel-3.5.0-0.4.fc4.i386.rpm
397f3f220aa17b36ada0a165b31d225f5fd6580d  i386/debug/kdelibs-debuginfo-3.5.0-0.4.fc4.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at .
----------------------------------------------------------------------- 
fedora-announce-list mailing list
fedora-announce-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-announce-list

Fedora Core 4 Update: kdelibs-3.5.0-0.4.fc4

January 27, 2006
A heap overflow flaw was discovered affecting kjs, the JavaScript interpreter engine used by Konqueror and other parts of KDE

Summary

Libraries for the K Desktop Environment:

KDE Libraries included: kdecore (KDE core library), kdeui (user interface),

kfm (file manager), khtmlw (HTML widget), kio (Input/Output, networking),

kspell (spelling checker), jscript (javascript), kab (addressbook),

kimgio (image manipulation).

A heap overflow flaw was discovered affecting kjs, the

JavaScript interpreter engine used by Konqueror and other

parts of KDE. An attacker could create a malicious web site

containing carefully crafted JavaScript code that would

trigger this flaw and possibly lead to arbitrary code

execution. The Common Vulnerabilities and Exposures project

assigned the name CVE-2006-0019 to this issue.

Users of KDE should upgrade to these updated packages, which

contain a backported patch from the KDE security team

correcting this issue

- apply patch to fix a printing problem

- add requires on iceauth #176571

* Wed Jan 11 2006 Karsten Hopp 6:3.5.0-0.3.fc4

- fix kjs encodeuri/decodeuri heap overflow vulnerability, CVE-2006-0019

db86b76009dfd868772600e2b643197fd7d7be1a SRPMS/kdelibs-3.5.0-0.4.fc4.src.rpm

93b3eada75276675171f62e8f82602fc9d4174e8 ppc/kdelibs-3.5.0-0.4.fc4.ppc.rpm

eaa612bac27317b96a0c88d6f122a8595acb1b7a ppc/kdelibs-devel-3.5.0-0.4.fc4.ppc.rpm

81d47e47869fceaba8a83207577e7e88eadd7eb4 ppc/debug/kdelibs-debuginfo-3.5.0-0.4.fc4.ppc.rpm

e57159f6621915c22645ce3e35dfb34d9e1e8e80 x86_64/kdelibs-3.5.0-0.4.fc4.x86_64.rpm

5558a0aeda509ec10a618c0a7e44532bced642da x86_64/kdelibs-devel-3.5.0-0.4.fc4.x86_64.rpm

8e0602b9f6f2b307b8317acad389c72e68110b2a x86_64/debug/kdelibs-debuginfo-3.5.0-0.4.fc4.x86_64.rpm

ba4d3840f602dedb774231eb821fd6dcbe73e3cf i386/kdelibs-3.5.0-0.4.fc4.i386.rpm

86d01df92bfc26b56e1dfba9f196c2d6aacf1ef8 i386/kdelibs-devel-3.5.0-0.4.fc4.i386.rpm

397f3f220aa17b36ada0a165b31d225f5fd6580d i386/debug/kdelibs-debuginfo-3.5.0-0.4.fc4.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update

package-name' at the command line. For more information, refer to 'Managing

Software with yum,' available at .

fedora-announce-list mailing list

fedora-announce-list@redhat.com

https://www.redhat.com/mailman/listinfo/fedora-announce-list

FEDORA-2006-050 2006-01-20 Name : kdelibs Version : 3.5.0 Release : 0.4.fc4 Summary : K Desktop Environment - Libraries Description : Libraries for the K Desktop Environment: KDE Libraries included: kdecore (KDE core library), kdeui (user interface), kfm (file manager), khtmlw (HTML widget), kio (Input/Output, networking), kspell (spelling checker), jscript (javascript), kab (addressbook), kimgio (image manipulation). A heap overflow flaw was discovered affecting kjs, the JavaScript interpreter engine used by Konqueror and other parts of KDE. An attacker could create a malicious web site containing carefully crafted JavaScript code that would trigger this flaw and possibly lead to arbitrary code execution. The Common Vulnerabilities and Exposures project assigned the name CVE-2006-0019 to this issue. Users of KDE should upgrade to these updated packages, which contain a backported patch from the KDE security team correcting this issue - apply patch to fix a printing problem - add requires on iceauth #176571 * Wed Jan 11 2006 Karsten Hopp 6:3.5.0-0.3.fc4 - fix kjs encodeuri/decodeuri heap overflow vulnerability, CVE-2006-0019 db86b76009dfd868772600e2b643197fd7d7be1a SRPMS/kdelibs-3.5.0-0.4.fc4.src.rpm 93b3eada75276675171f62e8f82602fc9d4174e8 ppc/kdelibs-3.5.0-0.4.fc4.ppc.rpm eaa612bac27317b96a0c88d6f122a8595acb1b7a ppc/kdelibs-devel-3.5.0-0.4.fc4.ppc.rpm 81d47e47869fceaba8a83207577e7e88eadd7eb4 ppc/debug/kdelibs-debuginfo-3.5.0-0.4.fc4.ppc.rpm e57159f6621915c22645ce3e35dfb34d9e1e8e80 x86_64/kdelibs-3.5.0-0.4.fc4.x86_64.rpm 5558a0aeda509ec10a618c0a7e44532bced642da x86_64/kdelibs-devel-3.5.0-0.4.fc4.x86_64.rpm 8e0602b9f6f2b307b8317acad389c72e68110b2a x86_64/debug/kdelibs-debuginfo-3.5.0-0.4.fc4.x86_64.rpm ba4d3840f602dedb774231eb821fd6dcbe73e3cf i386/kdelibs-3.5.0-0.4.fc4.i386.rpm 86d01df92bfc26b56e1dfba9f196c2d6aacf1ef8 i386/kdelibs-devel-3.5.0-0.4.fc4.i386.rpm 397f3f220aa17b36ada0a165b31d225f5fd6580d i386/debug/kdelibs-debuginfo-3.5.0-0.4.fc4.i386.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at . fedora-announce-list mailing list fedora-announce-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-announce-list

Change Log

References

Update Instructions

Severity
Name : kdelibs
Version : 3.5.0
Release : 0.4.fc4
Summary : K Desktop Environment - Libraries

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved