The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


[USN-608-1] KDE vulnerability


<< Previous INDEX Search src / Print Next >>
Date: Tue, 6 May 2008 11:23:48 -0400
From: Jamie Strandboge <jamie@canonical.com.>
To: [email protected]
Subject: [USN-608-1] KDE vulnerability
Message-ID: <20080506152348.GF9973@severus.strandboge.com.>
Reply-To: Jamie Strandboge <jamie@canonical.com.>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
        protocol="application/pgp-signature"; boundary="BZaMRJmqxGScZ8Mx"
Content-Disposition: inline
User-Agent: Mutt/1.5.17+20080114 (2008-01-14)
X-Virus-Scanned: antivirus-gw at tyumen.ru


--BZaMRJmqxGScZ8Mx
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=20
Ubuntu Security Notice USN-608-1               May 06, 2008
kdelibs vulnerability
CVE-2008-1671
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D

A security issue affects the following Ubuntu releases:

Ubuntu 7.04
Ubuntu 7.10
Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.04:
  kdelibs4c2a                     4:3.5.6-0ubuntu14.3

Ubuntu 7.10:
  kdelibs4c2a                     4:3.5.8-0ubuntu3.4

Ubuntu 8.04 LTS:
  kdelibs4c2a                     4:3.5.9-0ubuntu7.1

After a standard system upgrade you need to restart your session to effect
the necessary changes.

Details follow:

It was discovered that start_kdeinit in KDE 3 did not properly sanitize
its input. A local attacker could exploit this to send signals to other
processes and cause a denial of service or possibly execute arbitrary
code. (CVE-2008-1671)


Updated packages for Ubuntu 7.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.6-0ub=
untu14.3.diff.gz
      Size/MD5:   596652 da418b8ebaea51f42461f776e0c5cecb
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.6-0ub=
untu14.3.dsc
      Size/MD5:     1747 90107fcd45e14254c866ca01c1ccf2b9
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.6.ori=
g.tar.gz
      Size/MD5: 18823660 4be0bd486cc5ea3986118217c3b75d25

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.=
6-0ubuntu14.3_all.deb
      Size/MD5:  7218696 d5188fa869e0ec05440976976ddf8382
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.5.=
6-0ubuntu14.3_all.deb
      Size/MD5: 33827090 66cf487c04f08459e4559b1ad97db922
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.6-0ub=
untu14.3_all.deb
      Size/MD5:    41262 58a69eac46fb2389d8cd90fc7fa402d1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.6=
-0ubuntu14.3_amd64.deb
      Size/MD5: 27211714 40842a00f20980ac0f9e9f8c9a49a092
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.=
6-0ubuntu14.3_amd64.deb
      Size/MD5:  1350066 5ad6640f0a932e1fd4aa98df7a2a58ea
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.6=
-0ubuntu14.3_amd64.deb
      Size/MD5: 10828872 1cb1b281f9ba98283f5f93edb797a765

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.6=
-0ubuntu14.3_i386.deb
      Size/MD5: 26370110 87c6e79f57d8d8a7b432d6011ae80be7
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.=
6-0ubuntu14.3_i386.deb
      Size/MD5:  1347678 0587b24a11d7359aa187d37b4b8e16e4
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.6=
-0ubuntu14.3_i386.deb
      Size/MD5:  9972814 54f2982fc3a1b4ecc33f0142d0d02b53

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.6=
-0ubuntu14.3_powerpc.deb
      Size/MD5: 28173368 6e52368c014995a4be1cf33a523dd160
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.=
6-0ubuntu14.3_powerpc.deb
      Size/MD5:  1354748 c982967dde2fba411c81da8e1e062398
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.6=
-0ubuntu14.3_powerpc.deb
      Size/MD5: 10774716 51cd73160ef71b65ae0f3dd975abee44

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.6=
-0ubuntu14.3_sparc.deb
      Size/MD5: 25522584 5795173c783689033dbc6a41727144b5
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.=
6-0ubuntu14.3_sparc.deb
      Size/MD5:  1348548 9600053681008605d22af3a1d930ede3
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.6=
-0ubuntu14.3_sparc.deb
      Size/MD5:  9931936 321b1bfad1c7fa5c33f0b6db691fdb26

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.8-0ub=
untu3.4.diff.gz
      Size/MD5:   562869 167178a97e02d8284ab306dcc6c1db17
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.8-0ub=
untu3.4.dsc
      Size/MD5:     1797 333e99dcdf32fa56e49d4532e4095694
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.8.ori=
g.tar.gz
      Size/MD5: 18552571 246f21901251fca7f1290c2e8697b64d

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.=
8-0ubuntu3.4_all.deb
      Size/MD5:  7295362 22d25cfab5c194e2002b1e12c17f3271
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.5.=
8-0ubuntu3.4_all.deb
      Size/MD5: 36363404 937ee42c1f472184deefe8591da3ebc4
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.8-0ub=
untu3.4_all.deb
      Size/MD5:    44300 23cfbaeb24d0703f74efc214c55ca018

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.8=
-0ubuntu3.4_amd64.deb
      Size/MD5: 27037238 890e850434a5c83a8ffd5d8f1321e7b8
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.=
8-0ubuntu3.4_amd64.deb
      Size/MD5:  1355352 27c69e27af8839177f322f362921be01
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.8=
-0ubuntu3.4_amd64.deb
      Size/MD5: 10895934 fa2a495af30f4077793cb6b1d983f1f3

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.8=
-0ubuntu3.4_i386.deb
      Size/MD5: 26294976 dca366a3de0d93df15bea161bc7f121a
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.=
8-0ubuntu3.4_i386.deb
      Size/MD5:  1352930 c6946be5c01838ab2606c493a16c92eb
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.8=
-0ubuntu3.4_i386.deb
      Size/MD5: 10004352 879659b72e7c3cfdfb36fb8063ea11b3

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.8-0ubuntu3.=
4_lpia.deb
      Size/MD5: 40346126 6498e55b6560d425e9e7b2e9065e7fd6
    http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.8-0ubuntu3=
=2E4_lpia.deb
      Size/MD5:  1353772 6057fc6e610970d160eceed72e8cb970
    http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.8-0ubuntu3.=
4_lpia.deb
      Size/MD5:  9905502 ac9c42d11345430248999837020e9dc4

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.8=
-0ubuntu3.4_powerpc.deb
      Size/MD5: 28042230 7f46ada529d1913d4c545df6fa6d7d54
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.=
8-0ubuntu3.4_powerpc.deb
      Size/MD5:  1359658 cb8ade67cf281e44d1842a4d52ab0575
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.8=
-0ubuntu3.4_powerpc.deb
      Size/MD5: 10816596 df76e127f64c04b93a19c03168bd93d9

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.8=
-0ubuntu3.4_sparc.deb
      Size/MD5: 25383262 2a9f223f12ddda70f2cf210b775854a0
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.=
8-0ubuntu3.4_sparc.deb
      Size/MD5:  1353852 8924dcf22920ef3b46adbc65b6436f77
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.8=
-0ubuntu3.4_sparc.deb
      Size/MD5:  9973226 2ebcdefa51de504c924a8d86515e600f

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.9-0ub=
untu7.1.diff.gz
      Size/MD5:   695602 7d45c0a647c19779f032b97758fa64c4
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.9-0ub=
untu7.1.dsc
      Size/MD5:     1703 f181223540bca62ef4192cb80ab8dd46
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.9.ori=
g.tar.gz
      Size/MD5: 18570047 ffac2da24f43637276a284c8da684ccc

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5.=
9-0ubuntu7.1_all.deb
      Size/MD5:  7307834 fdfb3247eb3cad27f49eb20708033729
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.5.=
9-0ubuntu7.1_all.deb
      Size/MD5: 25540382 8f906f8192fa3a80b777b855ddd910e5
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.9-0ub=
untu7.1_all.deb
      Size/MD5:     9312 b0018dc14f4e31858895280bfc223909

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.9=
-0ubuntu7.1_amd64.deb
      Size/MD5: 26750120 ea385c6af643cdca0ad1d7573054423f
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.=
9-0ubuntu7.1_amd64.deb
      Size/MD5:  1381478 9d5caa2e345c82e1f7e6885eb32774d3
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.9=
-0ubuntu7.1_amd64.deb
      Size/MD5: 10652212 bb1f2ece3e729cf6562ffc7496056b5f

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-dbg_3.5.9=
-0ubuntu7.1_i386.deb
      Size/MD5: 25982116 f284da4dc57ab5daf02233c691ba7d99
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.5.=
9-0ubuntu7.1_i386.deb
      Size/MD5:  1409928 361548471006854a4c8f183838278733
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4c2a_3.5.9=
-0ubuntu7.1_i386.deb
      Size/MD5:  9616092 03f7a235870a008c0d89d23b4b358bdb

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.9-0ubuntu7.=
1_lpia.deb
      Size/MD5: 25957868 77394437a4c8afa62da7e64c4b45600f
    http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.9-0ubuntu7=
=2E1_lpia.deb
      Size/MD5:  1375846 a3badfd278dc41e1be1fbf9d471da7a0
    http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.9-0ubuntu7.=
1_lpia.deb
      Size/MD5:  9638718 2619cab676a8d46456df859438eeb224

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.9-0ubuntu7.=
1_powerpc.deb
      Size/MD5: 27652968 41cc7dd3c95ce9a6a1710f224297cbc8
    http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.9-0ubuntu7=
=2E1_powerpc.deb
      Size/MD5:  1393426 0a7671afcb122ef75322c23b49cd851e
    http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.9-0ubuntu7.=
1_powerpc.deb
      Size/MD5: 10452110 a32f2bc6e51ab35bb6b3ff1eae5ba152

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.9-0ubuntu7.=
1_sparc.deb
      Size/MD5: 25015618 66237ba3bfdaf94c33fd22427142028c
    http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.9-0ubuntu7=
=2E1_sparc.deb
      Size/MD5:  1376442 143bdcfb35b27ac8471cd3147fde0415
    http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4c2a_3.5.9-0ubuntu7.=
1_sparc.deb
      Size/MD5:  9585790 68f8c46133112ac8f8928bfb1bb376c8



--BZaMRJmqxGScZ8Mx
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIIHgEW0JvuRdL8BoRAhBoAJ90MCvrwMWj83aVFcoKUNx7pAQX1wCeKcxx
QV9CLi2YvNnF1Lb9FyOE708=
=9fww
-----END PGP SIGNATURE-----

--BZaMRJmqxGScZ8Mx--


<< Previous INDEX Search src / Print Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру