Säkerhetsbulletin från Debian
DSA-948-1 kdelibs -- buffertspill
- Rapporterat den:
- 2006-01-20
- Berörda paket:
- kdelibs
- Sårbara:
- Ja
- Referenser i säkerhetsdatabaser:
- I Mitres CVE-förteckning: CVE-2006-0019.
- Ytterligare information:
-
Maksim Orlovich upptäckte att Javascripttolken kjs, vilken används i webbläsare Konqueror, inte utför tillräckliga avgränsningskontroller när den tolkar UTF-8-kodade URL:er, vilket kunde leda till ett heapbaserat buffertspill och exekvering av godtycklig kod.
Den gamla stabila utgåvan (Woody) påverkas inte av detta problem.
För den stabila utgåvan (Sarge) har detta problem rättats i version 3.3.2-6.4
För den instabila utgåvan (Sid) kommer detta problem rättas inom kort.
Vi rekommenderar att ni uppgraderar ert kdelibs-paket.
- Rättat i:
-
Debian GNU/Linux 3.1 (sarge)
- Källkod:
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.3.2-6.4.dsc
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.3.2-6.4.diff.gz
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.3.2.orig.tar.gz
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.3.2-6.4.diff.gz
- Arkitekturoberoende komponent:
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-data_3.3.2-6.4_all.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-doc_3.3.2-6.4_all.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.3.2-6.4_all.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-doc_3.3.2-6.4_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.4_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.4_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.4_amd64.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_amd64.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.4_amd64.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.4_arm.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_arm.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.4_arm.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.4_i386.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_i386.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.4_i386.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.4_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.4_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.4_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.4_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.4_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.4_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.4_mips.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_mips.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.4_mips.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.4_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.4_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.4_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.4_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.4_s390.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_s390.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.4_s390.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.4_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.4_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.4_sparc.deb
MD5-kontrollsummor för dessa filer finns i originalbulletinen.