Home / vulnerabilities

PDF

MDKSA-2007-054.txt

Posted on 09 March 2007
Source : packetstormsecurity.org Link

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:054
http://www.mandriva.com/security/
_______________________________________________________________________

Package : kdelibs
Date : March 8, 2007
Affected: 2007.0, Corporate 4.0
_______________________________________________________________________

Problem Description:

ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror,
allows remote attackers to cause a denial of service (crash) by
accessing the content of an iframe with an ftp:// URI in the src
attribute, probably due to a NULL pointer dereference.

Updated packages have been patched to address this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1308
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
1d8397f15e58c6ebc8add4080524e8ba 2007.0/i586/kdelibs-common-3.5.4-19.3mdv2007.0.i586.rpm
f9f0624e36296f15aa5f7bfe51765335 2007.0/i586/kdelibs-devel-doc-3.5.4-19.3mdv2007.0.i586.rpm
36d61d7ad928fbee40606a82028446ad 2007.0/i586/libkdecore4-3.5.4-19.3mdv2007.0.i586.rpm
15b28472271a57c834b27259a29f07da 2007.0/i586/libkdecore4-devel-3.5.4-19.3mdv2007.0.i586.rpm
1763a83f2c1b2fe368983ee87fad4fc2 2007.0/SRPMS/kdelibs-3.5.4-19.3mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
770bb5b58a92a6e8bf213f814346293c 2007.0/x86_64/kdelibs-common-3.5.4-19.3mdv2007.0.x86_64.rpm
8daded5cdd67051ceca12750140e551c 2007.0/x86_64/kdelibs-devel-doc-3.5.4-19.3mdv2007.0.x86_64.rpm
aac88e6d7fd426401bfa11505550dcb4 2007.0/x86_64/lib64kdecore4-3.5.4-19.3mdv2007.0.x86_64.rpm
5c7becc6933c5d13761d561999691594 2007.0/x86_64/lib64kdecore4-devel-3.5.4-19.3mdv2007.0.x86_64.rpm
1763a83f2c1b2fe368983ee87fad4fc2 2007.0/SRPMS/kdelibs-3.5.4-19.3mdv2007.0.src.rpm

Corporate 4.0:
358b45acbccb6b99d05748abc02f9dd7 corporate/4.0/i586/kdelibs-arts-3.5.4-2.4.20060mlcs4.i586.rpm
63cd48e403757866aa7979e5d7d906de corporate/4.0/i586/kdelibs-common-3.5.4-2.4.20060mlcs4.i586.rpm
9aa0299ec063ea41d52da7ba446757a4 corporate/4.0/i586/kdelibs-devel-doc-3.5.4-2.4.20060mlcs4.i586.rpm
ad7439a70a0dd461073c6d38e73a5622 corporate/4.0/i586/libkdecore4-3.5.4-2.4.20060mlcs4.i586.rpm
9b1fd095f5735fbbc2e337fbb954b524 corporate/4.0/i586/libkdecore4-devel-3.5.4-2.4.20060mlcs4.i586.rpm
2c987a7ed1c263de3dde211cb0dee772 corporate/4.0/SRPMS/kdelibs-3.5.4-2.4.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
3c1ff52dc6a7347a2648f4c3628a3e3d corporate/4.0/x86_64/kdelibs-arts-3.5.4-2.4.20060mlcs4.x86_64.rpm
1d201913a24f345f77a53ea1ebc850b7 corporate/4.0/x86_64/kdelibs-common-3.5.4-2.4.20060mlcs4.x86_64.rpm
4ec74770c6dc7343092000db74ca5ca0 corporate/4.0/x86_64/kdelibs-devel-doc-3.5.4-2.4.20060mlcs4.x86_64.rpm
b4d99dcd875a95c8b1301bcf54860306 corporate/4.0/x86_64/lib64kdecore4-3.5.4-2.4.20060mlcs4.x86_64.rpm
93cfdbf02993812bb52ae0d2e26a0c70 corporate/4.0/x86_64/lib64kdecore4-devel-3.5.4-2.4.20060mlcs4.x86_64.rpm
2c987a7ed1c263de3dde211cb0dee772 corporate/4.0/SRPMS/kdelibs-3.5.4-2.4.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFF8APFmqjQ0CJFipgRAgqzAJ9DmuNRfDFu7K1Xd1PqGkwg1dwNAwCeNpf8
+pvpIpYttsl6uOacHpxXXkQ=
=+gJf
-----END PGP SIGNATURE-----

 

TOP