[Full-disclosure] [USN-447-1] KDE library vulnerabilities



===========================================================
Ubuntu Security Notice USN-447-1 March 28, 2007
kdelibs vulnerabilities
CVE-2007-1308, CVE-2007-1564
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
kdelibs4c2 4:3.4.3-0ubuntu2.3

Ubuntu 6.06 LTS:
kdelibs4c2a 4:3.5.2-0ubuntu18.3

Ubuntu 6.10:
kdelibs4c2a 4:3.5.5-0ubuntu3.1.1

After a standard system upgrade you need to restart your session or
reboot your computer to effect the necessary changes.

Details follow:

It was discovered that Konqueror did not correctly handle iframes from
JavaScript. If a user were tricked into visiting a malicious website,
Konqueror could crash, resulting in a denial of service. (CVE-2007-1308)

A flaw was discovered in how Konqueror handled PASV FTP responses. If a
user were tricked into visiting a malicious FTP server, a remote
attacker could perform a port-scan of machines within the user's
network, leading to private information disclosure. (CVE-2007-1564)


Updated packages for Ubuntu 5.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3-0ubuntu2.3.diff.gz
Size/MD5: 331196 ce7f5a5b496c96f6fa211dbcfca57441
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3-0ubuntu2.3.dsc
Size/MD5: 1523 207ff389d7fc01840f45c6d67cb213ec
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3.orig.tar.gz
Size/MD5: 19981388 36e7a8320bd95760b41c4849da170100

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.4.3-0ubuntu2.3_all.deb
Size/MD5: 6970532 585c27304d3c6c72abfff3c850c35878
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.4.3-0ubuntu2.3_all.deb
Size/MD5: 29297968 7cba2912be78dbcda4f962598faa47f0
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.3-0ubuntu2.3_all.deb
Size/MD5: 30798 f32995f468d8e55069bb3a9ed3875df3

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.3_amd64.deb
Size/MD5: 926398 bc31b7ee86b7954a1d7cd160e31368c9
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.3_amd64.deb
Size/MD5: 1309130 87ffea47867a7d4cdd47252aacc5318a
http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.3_amd64.deb
Size/MD5: 22556030 8363ad9b98e94e483c30fdaaf9b16ece
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.3_amd64.deb
Size/MD5: 9109046 256b4b9e268d3a196842b94b3291f95f

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.3_i386.deb
Size/MD5: 814386 e4773b83a7310ceff213428bd6c2945b
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.3_i386.deb
Size/MD5: 1305728 c2d0974505f004f846129c00c30c95f5
http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.3_i386.deb
Size/MD5: 19412132 1699509bc7a95fbba0c742cbab1976d5
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.3_i386.deb
Size/MD5: 8073460 b21d7e26c0cd1c1c911c3ff9f3babaa4

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.3_powerpc.deb
Size/MD5: 909612 e5f632d2bfced6e73551f347d022dc18
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.3_powerpc.deb
Size/MD5: 1310506 9949361c1d6176e1cff690088008ec22
http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.3_powerpc.deb
Size/MD5: 22765996 e81bc470ff3df6e4d244e536f2cafb0d
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.3_powerpc.deb
Size/MD5: 8433692 a1a98ca53909d3640c93676752caff9f

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.3-0ubuntu2.3_sparc.deb
Size/MD5: 830600 689a9978f15d3c983cf46fb3d1c99618
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.3-0ubuntu2.3_sparc.deb
Size/MD5: 1307072 f8d6b6c5449f9231816e8a32af2d6217
http://security.ubuntu.com/ubuntu/pool/universe/k/kdelibs/kdelibs4c2-dbg_3.4.3-0ubuntu2.3_sparc.deb
Size/MD5: 20031914 b54bf0169aec254ae7dae1166e556a9b
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2_3.4.3-0ubuntu2.3_sparc.deb
Size/MD5: 8241016 515a47bebc8cdd8260e1f2c029e54b0f

Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2-0ubuntu18.3.diff.gz
Size/MD5: 479021 9dfa61a0bc7ac2fa9e231a73f90b907a
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2-0ubuntu18.3.dsc
Size/MD5: 1609 77a9c85e3eb5c02d2d0c9fed9656218e
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2.orig.tar.gz
Size/MD5: 18775353 00c878d449522fb8aa2769a4c5ae1fde

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.2-0ubuntu18.3_all.deb
Size/MD5: 7083776 90b57cb50d0266b46e20345ac1d8f20f
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.5.2-0ubuntu18.3_all.deb
Size/MD5: 41490386 521920d9adb4f6ef4c8ce376e6638515
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.2-0ubuntu18.3_all.deb
Size/MD5: 35864 877501467e0b55629e9319566acdc0c8

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.3_amd64.deb
Size/MD5: 925354 639051a9d7bc46191f512f259c48cced
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.3_amd64.deb
Size/MD5: 26450698 05a2e717c1cafaf96db5a6c64c3ee638
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.3_amd64.deb
Size/MD5: 1355770 079efed78b8e8fc0e9876a892d8f893d
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.3_amd64.deb
Size/MD5: 9407130 92d094a26b99e85e0047a1beb703ac4d

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.3_i386.deb
Size/MD5: 815310 0515acdcfa95b11e6765d4fd9e2172fd
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.3_i386.deb
Size/MD5: 22926532 d68e2b4ff9a8a7e1ae5fd69a6369bbb0
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.3_i386.deb
Size/MD5: 1352408 a7bc277da74649b4b08d0f11a38733fc
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.3_i386.deb
Size/MD5: 8334392 f02366d3218c6724a46ed5168d97c24f

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.3_powerpc.deb
Size/MD5: 905906 b45f51d9ec980e5fe822dc0302553885
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.3_powerpc.deb
Size/MD5: 26718690 230f4ec07811aa3f0bb2e9ad1b5ec9a1
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.3_powerpc.deb
Size/MD5: 1357064 574761f420cb663e2b4b8f0d3cb7db89
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.3_powerpc.deb
Size/MD5: 8689446 68365b5320ca9ebbe2348bab087470b6

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.5.2-0ubuntu18.3_sparc.deb
Size/MD5: 827102 d8022db2b9c2d51c6b69cf635034eaba
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.2-0ubuntu18.3_sparc.deb
Size/MD5: 23625198 13060539cbaf2cc18b3875a8cca8c51a
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.2-0ubuntu18.3_sparc.deb
Size/MD5: 1353460 e466a3169125c515003d0aaabc0f17db
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.2-0ubuntu18.3_sparc.deb
Size/MD5: 8491674 1aa5103c6c27263aedc32bcca922e387

Updated packages for Ubuntu 6.10:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.5-0ubuntu3.1.1.diff.gz
Size/MD5: 735321 5f4e1c600ca46b5bafffb74bd9c1ca43
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.5-0ubuntu3.1.1.dsc
Size/MD5: 1695 5120fc144d7f0ecfa1092dfa4ef8626a
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.5.orig.tar.gz
Size/MD5: 18926397 65e455d5814142ee992097230ffe7e80

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.5-0ubuntu3.1.1_all.deb
Size/MD5: 7210740 63aeab1a13af3105206cfcb2f2dbe4a9
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.5.5-0ubuntu3.1.1_all.deb
Size/MD5: 39976638 124f2ff227334b94bd4492b899b44c97
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.5-0ubuntu3.1.1_all.deb
Size/MD5: 37844 b673fdd085cc8e3d1c129329a01732a7

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.5-0ubuntu3.1.1_amd64.deb
Size/MD5: 27051530 425179ee6a693470307c8624e0e48ebe
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.5-0ubuntu3.1.1_amd64.deb
Size/MD5: 1345564 0df85adcb1dc05c49c3567e8db7bda6e
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.5-0ubuntu3.1.1_amd64.deb
Size/MD5: 10401504 53c0bb19f218d73a5a438b27c54425cc

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.5-0ubuntu3.1.1_i386.deb
Size/MD5: 26229274 42824c9e1e8e6286ed540704c79f1bb8
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.5-0ubuntu3.1.1_i386.deb
Size/MD5: 1343204 f5ccf2868db42e8681b904106f422239
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.5-0ubuntu3.1.1_i386.deb
Size/MD5: 9555020 93cc1bea30af44762420bb7b712a5481

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.5-0ubuntu3.1.1_powerpc.deb
Size/MD5: 28018770 68b00882eac1afcbe6a401f4a26dfac8
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.5-0ubuntu3.1.1_powerpc.deb
Size/MD5: 1347248 694c63ed6a07b52221a1df1e6dde2952
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.5-0ubuntu3.1.1_powerpc.deb
Size/MD5: 9782202 0cd4fe24395cbb619444806c7d17925f

sparc architecture (Sun SPARC/UltraSPARC)

http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.5-0ubuntu3.1.1_sparc.deb
Size/MD5: 25365716 87cf32e98d46a76d8b764fa738552f3a
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.5-0ubuntu3.1.1_sparc.deb
Size/MD5: 1343252 6666efa441a2c2e114f9f95ca4acf187
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.5-0ubuntu3.1.1_sparc.deb
Size/MD5: 9473036 1c711fe9ed9e4bf29f9d467adabc25dc

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Relevant Pages