Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY LINKS NEWS MAN DOCUMENTATION

<< Previous INDEX Search src / Print Next >>

From: Dirk Mueller <mueller@kde.org.>
To: [email protected]
Subject: [KDE Security Advisory] kjs encodeuri/decodeuri heap overflow
Date: Thu, 19 Jan 2006 23:07:10 +0100
User-Agent: KMail/1.9.1
Cc: [email protected]
MIME-Version: 1.0
Content-Type: multipart/signed;
  boundary="nextPart1738223.vh7f9NRHgv";
  protocol="application/pgp-signature";
  micalg=pgp-sha1
Content-Transfer-Encoding: 7bit
Message-Id: <200601192307.14335.mueller@kde.org.>
X-Virus-Scanned: antivirus-gw at tyumen.ru

--nextPart1738223.vh7f9NRHgv
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline


KDE Security Advisory: kjs encodeuri/decodeuri heap overflow vulnerability
Original Release Date: 2006-01-19
URL: http://www.kde.org/info/security/advisory-20060119-1.txt

0. References
        CVE-2006-0019


1. Systems affected:

        KDE 3.2.0 up to including KDE 3.5.0


2. Overview:

        Maksim Orlovich discovered an incorrect bounds check in kjs,
        the JavaScript interpreter engine used by Konqueror and other
        parts of KDE, that allows a heap based buffer overflow
        when decoding specially crafted UTF-8 encoded URI sequences.


3. Impact:

        Remotely supplied Javascript code can perform a heap overflow
        and crash the web browser or execute arbitrary code.


4. Solution:

        Source code patches have been made available which fix these
        vulnerabilities. Contact your OS vendor / binary package provider
        for information about how to obtain updated binary packages.


5. Patch:

        Patch for KDE 3.4.0 - 3.5.0 is available from=20
        ftp://ftp.kde.org/pub/kde/security_patches :

        ecc0ec13ce3b06e94e35aa8e937e02bf  post-3.4.3-kdelibs-kjs.diff

        Patch for KDE 3.2.0 - 3.3.2 is available from=20
        ftp://ftp.kde.org/pub/kde/security_patches :

        9bca9b44ca2d84e3b2f85ffb5d30e047  post-3.2.3-kdelibs-kjs.diff


--nextPart1738223.vh7f9NRHgv
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQBD0A2SvsXr+iuy1UoRAmXHAKCws5OgDiteQti4XNibfE92cuLrdwCgkD29
5Y047yDX048bFKmWpg7NFNY=
=wufg
-----END PGP SIGNATURE-----

--nextPart1738223.vh7f9NRHgv--

<< Previous INDEX Search src / Print Next >>

Партнёры:

Хостинг: