Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Advisory Watch: March 27th, 2015
Linux Security Week: March 23rd, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Debian: New kde4libs packages fix several vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1868-1                              Steffen Joeris
August 19, 2009             
- ------------------------------------------------------------------------

Package        : kde4libs                             
Vulnerability  : several vulnerabilities              
Problem type   : local (remote)                       
Debian-specific: no
CVE Ids        : CVE-2009-1690 CVE-2009-1698 CVE-2009-1687
Debian Bugs    : 534949

Several security issues have been discovered in kde4libs, core libraries
for all KDE 4 applications. The Common Vulnerabilities and Exposures
project identifies the following problems:


It was discovered that there is a use-after-free flaw in handling
certain DOM event handlers. This could lead to the execution of
arbitrary code, when visiting a malicious website.


It was discovered that there could be an uninitialised pointer when
handling a Cascading Style Sheets (CSS) attr function call. This could
lead to the execution of arbitrary code, when visiting a malicious


It was discovered that the JavaScript garbage collector does not handle
allocation failures properly, which could lead to the execution of
arbitrary code when visiting a malicious website.

For the stable distribution (lenny), these problems have been fixed in
version 4:4.1.0-3+lenny1.

The oldstable distribution (etch) does not contain kde4libs.

For the testing distribution (squeeze), these problems will be fixed

For the unstable distribution (sid), these problems have been fixed in
version 4:4.3.0-1.

We recommend that you upgrade your kde4libs packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:
    Size/MD5 checksum:     2149 7bc7675c4aa9e7afd4fa3f83b3f95810
    Size/MD5 checksum:    91423 ecc50e9bedff96a3285a031141ea15d6
    Size/MD5 checksum: 11264345 05487ff0cbc3da093f19e59184b259c7

Architecture independent packages:
    Size/MD5 checksum:  3140792 47debc16cde2c9a927252ef09d89c1a3

alpha architecture (DEC Alpha)
    Size/MD5 checksum:   485854 b888554c3d2658b0af3abfa842c58588
    Size/MD5 checksum: 67441346 e6d761db09e246d88139e3416de56611
    Size/MD5 checksum:  1468330 b8c3ce39505d2532f2c5d7fc83de01d8
    Size/MD5 checksum: 11132464 6b307db1dd606a5fbbad60745cf51236

amd64 architecture (AMD x86_64 (AMD64))
    Size/MD5 checksum:   450758 dc184603a57dc4bbcedde957086463c3
    Size/MD5 checksum: 65872658 3bc3de5af3ff3722bd7817b6c4a4c4d4
    Size/MD5 checksum: 10078022 aec949a2390e430248089ebb3790ed78
    Size/MD5 checksum:  1454348 51a11bc442e5155ee37bc276c2cb025e

arm architecture (ARM)
    Size/MD5 checksum:   445060 4c9f86c771e9d24459fc1a1369b19d1c
    Size/MD5 checksum: 67062788 8ead631de22e777ac573400dc7829728
    Size/MD5 checksum:  1501464 e90a472bd53283512dda2c5522b1e779
    Size/MD5 checksum: 10159066 44dc0551f1664e6775cca2fc2e9568c8

hppa architecture (HP PA RISC)
    Size/MD5 checksum:   468294 71da7f31e8f21706831abfb597d6c161
    Size/MD5 checksum: 11272148 eae478aac58c1e84cb57c9244bc6e633
    Size/MD5 checksum: 66023980 bc0eeed2957433fdf38f227d464c4dac
    Size/MD5 checksum:  1501146 55ebcb8acd0e29c84dad063f030d4b32

i386 architecture (Intel ia32)
    Size/MD5 checksum:  9495028 0486badbc6a675555500eac834e66770
    Size/MD5 checksum:  1494680 7caef230087548ae9fafc4c9cbfa51a6
    Size/MD5 checksum:   428258 a2154b9e6f111e00d9fafee2e44950d3
    Size/MD5 checksum: 65050706 cc57db2601c136b0ea25aa2aafc9ada4

ia64 architecture (Intel ia64)
    Size/MD5 checksum:   636012 8835da7f0554073419c9bb1ea699be2f
    Size/MD5 checksum: 69462428 1a34d47746eb45a014c6a18d7711437e
    Size/MD5 checksum:  1490832 1731fe69a65e2aaeecbc7c31ba594ea3
    Size/MD5 checksum: 14283690 92e7eaeeb3288d64aad305c1f7b46ace

mips architecture (MIPS (Big Endian))
    Size/MD5 checksum:   411002 fc291f1f164002ffa25f21ab4413d418
    Size/MD5 checksum:  1491562 5ad177aedcac523d4414c1b33590a8aa
    Size/MD5 checksum: 67214842 6bf4782cae7a4bb07600a8c4622d2ba8
    Size/MD5 checksum:  8922858 e2081fa92bc60067bf3fab1d9553d9f0

mipsel architecture (MIPS (Little Endian))
    Size/MD5 checksum:  1445728 0e93a06b9c99da3e19fe9ed57effc2af
    Size/MD5 checksum: 64601046 76bcf6fa57c4c9fe4146996227fd483e
    Size/MD5 checksum:   410088 c1a038807d9bfd9ec21b3d3fb9b4ad3b
    Size/MD5 checksum:  8776788 a4e68c739bc64700c8cba42746337051

powerpc architecture (PowerPC)
    Size/MD5 checksum: 10152880 7c3caef790d31e75030798ff255860f0
    Size/MD5 checksum:  1504080 2a6f91b2f9d251f7c948db16b26b74e6
    Size/MD5 checksum:   488426 f82580483fe29a15a635df5b130889f0
    Size/MD5 checksum: 69005164 b5142561ef43d8f394f69723ecfa101e

s390 architecture (IBM S/390)
    Size/MD5 checksum:  1454438 7f6117ffd81b9a759544a84b129451d2
    Size/MD5 checksum: 69791606 b67cba5028161769d9227e551ce1e3ce
    Size/MD5 checksum:   476722 3871456f5fad8399f14f6711bd483635
    Size/MD5 checksum: 10410196 3a1c94adbe9d2cdf3aab21e684a2ee09

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
FBI Quietly Removes Recommendation To Encrypt Your Phone
And the prize for LEAST SECURE BROWSER goes to ... Chrome!
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.