[USN-608-1] KDE vulnerability
Date: Tue, 6 May 2008 11:23:48 -0400
From: Jamie Strandboge <jamie@canonical.com.>
To: [email protected]
Subject: [USN-608-1] KDE vulnerability
Message-ID: <20080506152348.GF9973@severus.strandboge.com.>
Reply-To: Jamie Strandboge <jamie@canonical.com.>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="BZaMRJmqxGScZ8Mx"
Content-Disposition: inline
User-Agent: Mutt/1.5.17+20080114 (2008-01-14)
X-Virus-Scanned: antivirus-gw at tyumen.ru
--BZaMRJmqxGScZ8Mx
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=20
Ubuntu Security Notice USN-608-1 May 06, 2008
kdelibs vulnerability
CVE-2008-1671
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
A security issue affects the following Ubuntu releases:
Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04 LTS
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 7.04:
kdelibs4c2a 4:3.5.6-0ubuntu14.3
Ubuntu 7.10:
kdelibs4c2a 4:3.5.8-0ubuntu3.4
Ubuntu 8.04 LTS:
kdelibs4c2a 4:3.5.9-0ubuntu7.1
After a standard system upgrade you need to restart your session to effect
the necessary changes.
Details follow:
It was discovered that start_kdeinit in KDE 3 did not properly sanitize
its input. A local attacker could exploit this to send signals to other
processes and cause a denial of service or possibly execute arbitrary
code. (CVE-2008-1671)
Updated packages for Ubuntu 7.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.6-0ub=
untu14.3.diff.gz
Size/MD5: 596652 da418b8ebaea51f42461f776e0c5cecb
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.6-0ub=
untu14.3.dsc
Size/MD5: 1747 90107fcd45e14254c866ca01c1ccf2b9
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.6.ori=
g.tar.gz
Size/MD5: 18823660 4be0bd486cc5ea3986118217c3b75d25
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.=
6-0ubuntu14.3_all.deb
Size/MD5: 7218696 d5188fa869e0ec05440976976ddf8382
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.5.=
6-0ubuntu14.3_all.deb
Size/MD5: 33827090 66cf487c04f08459e4559b1ad97db922
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.6-0ub=
untu14.3_all.deb
Size/MD5: 41262 58a69eac46fb2389d8cd90fc7fa402d1
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.6=
-0ubuntu14.3_amd64.deb
Size/MD5: 27211714 40842a00f20980ac0f9e9f8c9a49a092
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.=
6-0ubuntu14.3_amd64.deb
Size/MD5: 1350066 5ad6640f0a932e1fd4aa98df7a2a58ea
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.6=
-0ubuntu14.3_amd64.deb
Size/MD5: 10828872 1cb1b281f9ba98283f5f93edb797a765
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.6=
-0ubuntu14.3_i386.deb
Size/MD5: 26370110 87c6e79f57d8d8a7b432d6011ae80be7
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.=
6-0ubuntu14.3_i386.deb
Size/MD5: 1347678 0587b24a11d7359aa187d37b4b8e16e4
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.6=
-0ubuntu14.3_i386.deb
Size/MD5: 9972814 54f2982fc3a1b4ecc33f0142d0d02b53
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.6=
-0ubuntu14.3_powerpc.deb
Size/MD5: 28173368 6e52368c014995a4be1cf33a523dd160
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.=
6-0ubuntu14.3_powerpc.deb
Size/MD5: 1354748 c982967dde2fba411c81da8e1e062398
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.6=
-0ubuntu14.3_powerpc.deb
Size/MD5: 10774716 51cd73160ef71b65ae0f3dd975abee44
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.6=
-0ubuntu14.3_sparc.deb
Size/MD5: 25522584 5795173c783689033dbc6a41727144b5
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.=
6-0ubuntu14.3_sparc.deb
Size/MD5: 1348548 9600053681008605d22af3a1d930ede3
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.6=
-0ubuntu14.3_sparc.deb
Size/MD5: 9931936 321b1bfad1c7fa5c33f0b6db691fdb26
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.8-0ub=
untu3.4.diff.gz
Size/MD5: 562869 167178a97e02d8284ab306dcc6c1db17
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.8-0ub=
untu3.4.dsc
Size/MD5: 1797 333e99dcdf32fa56e49d4532e4095694
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.8.ori=
g.tar.gz
Size/MD5: 18552571 246f21901251fca7f1290c2e8697b64d
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.=
8-0ubuntu3.4_all.deb
Size/MD5: 7295362 22d25cfab5c194e2002b1e12c17f3271
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.5.=
8-0ubuntu3.4_all.deb
Size/MD5: 36363404 937ee42c1f472184deefe8591da3ebc4
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.8-0ub=
untu3.4_all.deb
Size/MD5: 44300 23cfbaeb24d0703f74efc214c55ca018
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.8=
-0ubuntu3.4_amd64.deb
Size/MD5: 27037238 890e850434a5c83a8ffd5d8f1321e7b8
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.=
8-0ubuntu3.4_amd64.deb
Size/MD5: 1355352 27c69e27af8839177f322f362921be01
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.8=
-0ubuntu3.4_amd64.deb
Size/MD5: 10895934 fa2a495af30f4077793cb6b1d983f1f3
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.8=
-0ubuntu3.4_i386.deb
Size/MD5: 26294976 dca366a3de0d93df15bea161bc7f121a
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.=
8-0ubuntu3.4_i386.deb
Size/MD5: 1352930 c6946be5c01838ab2606c493a16c92eb
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.8=
-0ubuntu3.4_i386.deb
Size/MD5: 10004352 879659b72e7c3cfdfb36fb8063ea11b3
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.8-0ubuntu3.=
4_lpia.deb
Size/MD5: 40346126 6498e55b6560d425e9e7b2e9065e7fd6
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.8-0ubuntu3=
=2E4_lpia.deb
Size/MD5: 1353772 6057fc6e610970d160eceed72e8cb970
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.8-0ubuntu3.=
4_lpia.deb
Size/MD5: 9905502 ac9c42d11345430248999837020e9dc4
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.8=
-0ubuntu3.4_powerpc.deb
Size/MD5: 28042230 7f46ada529d1913d4c545df6fa6d7d54
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.=
8-0ubuntu3.4_powerpc.deb
Size/MD5: 1359658 cb8ade67cf281e44d1842a4d52ab0575
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.8=
-0ubuntu3.4_powerpc.deb
Size/MD5: 10816596 df76e127f64c04b93a19c03168bd93d9
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.8=
-0ubuntu3.4_sparc.deb
Size/MD5: 25383262 2a9f223f12ddda70f2cf210b775854a0
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.=
8-0ubuntu3.4_sparc.deb
Size/MD5: 1353852 8924dcf22920ef3b46adbc65b6436f77
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.8=
-0ubuntu3.4_sparc.deb
Size/MD5: 9973226 2ebcdefa51de504c924a8d86515e600f
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.9-0ub=
untu7.1.diff.gz
Size/MD5: 695602 7d45c0a647c19779f032b97758fa64c4
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.9-0ub=
untu7.1.dsc
Size/MD5: 1703 f181223540bca62ef4192cb80ab8dd46
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.9.ori=
g.tar.gz
Size/MD5: 18570047 ffac2da24f43637276a284c8da684ccc
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.=
9-0ubuntu7.1_all.deb
Size/MD5: 7307834 fdfb3247eb3cad27f49eb20708033729
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.5.=
9-0ubuntu7.1_all.deb
Size/MD5: 25540382 8f906f8192fa3a80b777b855ddd910e5
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.9-0ub=
untu7.1_all.deb
Size/MD5: 9312 b0018dc14f4e31858895280bfc223909
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.9=
-0ubuntu7.1_amd64.deb
Size/MD5: 26750120 ea385c6af643cdca0ad1d7573054423f
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.=
9-0ubuntu7.1_amd64.deb
Size/MD5: 1381478 9d5caa2e345c82e1f7e6885eb32774d3
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.9=
-0ubuntu7.1_amd64.deb
Size/MD5: 10652212 bb1f2ece3e729cf6562ffc7496056b5f
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.9=
-0ubuntu7.1_i386.deb
Size/MD5: 25982116 f284da4dc57ab5daf02233c691ba7d99
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.=
9-0ubuntu7.1_i386.deb
Size/MD5: 1409928 361548471006854a4c8f183838278733
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.9=
-0ubuntu7.1_i386.deb
Size/MD5: 9616092 03f7a235870a008c0d89d23b4b358bdb
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.9-0ubuntu7.=
1_lpia.deb
Size/MD5: 25957868 77394437a4c8afa62da7e64c4b45600f
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.9-0ubuntu7=
=2E1_lpia.deb
Size/MD5: 1375846 a3badfd278dc41e1be1fbf9d471da7a0
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.9-0ubuntu7.=
1_lpia.deb
Size/MD5: 9638718 2619cab676a8d46456df859438eeb224
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.9-0ubuntu7.=
1_powerpc.deb
Size/MD5: 27652968 41cc7dd3c95ce9a6a1710f224297cbc8
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.9-0ubuntu7=
=2E1_powerpc.deb
Size/MD5: 1393426 0a7671afcb122ef75322c23b49cd851e
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.9-0ubuntu7.=
1_powerpc.deb
Size/MD5: 10452110 a32f2bc6e51ab35bb6b3ff1eae5ba152
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.9-0ubuntu7.=
1_sparc.deb
Size/MD5: 25015618 66237ba3bfdaf94c33fd22427142028c
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.9-0ubuntu7=
=2E1_sparc.deb
Size/MD5: 1376442 143bdcfb35b27ac8471cd3147fde0415
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.9-0ubuntu7.=
1_sparc.deb
Size/MD5: 9585790 68f8c46133112ac8f8928bfb1bb376c8
--BZaMRJmqxGScZ8Mx
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFIIHgEW0JvuRdL8BoRAhBoAJ90MCvrwMWj83aVFcoKUNx7pAQX1wCeKcxx
QV9CLi2YvNnF1Lb9FyOE708=
=9fww
-----END PGP SIGNATURE-----
--BZaMRJmqxGScZ8Mx--