Säkerhetsbulletin från Debian

DSA-1867-1 kdelibs -- flera sårbarheter

Rapporterat den:
2009-08-19
Berörda paket:
kdelibs
Sårbara:
Ja
Referenser i säkerhetsdatabaser:
I Debians felrapporteringssystem: Fel 534952.
I Mitres CVE-förteckning: CVE-2009-1690, CVE-2009-1698, CVE-2009-1687.
Ytterligare information:

Flera säkerhetsproblem har upptäckts i kdelibs, kärnbiblioteken från den officiella KDE-utgåvan. Projektet Common Vulnerabilities and Exposures identifierar följande problem:

  • CVE-2009-1690

    Det upptäcktes att det finns en använd-efter-frisläppande-brist vid hantering av vissa DOM-händelsehanterare. Detta kunde leda till exekvering av godtycklig kod vid besök på en illvillig webbplats.

  • CVE-2009-1698

    Det upptäcktes att det kunde finnes en oinitialiserad pekare vid hantering av ett funktionsanrop till Cascading Style Sheets (CSS) attr. Detta kunde leda till exekvering av godtycklig kod vid besök på en illvillig webbplats.

  • CVE-2009-1687

    Det upptäcktes att JavaScripts skräpinsamlare inte hanterar allokeringsfel på ett tillfredsställande sätt, vilket kunde leda till exekvering av godtycklig kod vid besök på en illvillig webbplats.

För den gamla stabila utgåvan (Etch) har dessa problem rättats i version 4:3.5.5a.dfsg.1-8etch2.

För den stabila utgåvan (Lenny) har dessa problem rättats i version 4:3.5.10.dfsg.1-0lenny2.

För uttestningsutgåvan (Squeeze) och den instabila utgåvan (Sid) kommer dessa problem att rättas inom kort.

Vi rekommenderar att ni uppgraderar era kdelibs-paket.

Rättat i:

Debian GNU/Linux 4.0 (etch)

Källkod:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.5a.dfsg.1.orig.tar.gz
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.5a.dfsg.1-8etch2.dsc
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.5a.dfsg.1-8etch2.diff.gz
Arkitekturoberoende komponent:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.5a.dfsg.1-8etch2_all.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-data_3.5.5a.dfsg.1-8etch2_all.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-doc_3.5.5a.dfsg.1-8etch2_all.deb
Alpha:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch2_alpha.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch2_alpha.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch2_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch2_amd64.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch2_amd64.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch2_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch2_arm.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch2_arm.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch2_arm.deb
HP Precision:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch2_hppa.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch2_hppa.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch2_hppa.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch2_i386.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch2_i386.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch2_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch2_ia64.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch2_ia64.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch2_ia64.deb
Big-endian MIPS:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch2_mips.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch2_mips.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch2_mips.deb
PowerPC:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.5a.dfsg.1-8etch2_powerpc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.5a.dfsg.1-8etch2_powerpc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.5a.dfsg.1-8etch2_powerpc.deb

Debian GNU/Linux 5.0 (lenny)

Källkod:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.10.dfsg.1.orig.tar.gz
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-0lenny2.dsc
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-0lenny2.diff.gz
Arkitekturoberoende komponent:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-0lenny2_all.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-data_3.5.10.dfsg.1-0lenny2_all.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-doc_3.5.10.dfsg.1-0lenny2_all.deb
Alpha:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny2_alpha.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny2_alpha.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny2_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny2_amd64.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny2_amd64.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny2_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny2_arm.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny2_arm.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny2_arm.deb
ARM EABI:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny2_armel.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny2_armel.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny2_armel.deb
HP Precision:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny2_hppa.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny2_hppa.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny2_hppa.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny2_i386.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny2_i386.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny2_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny2_ia64.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny2_ia64.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny2_ia64.deb
Big-endian MIPS:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny2_mips.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny2_mips.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny2_mips.deb
PowerPC:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny2_powerpc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny2_powerpc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny2_powerpc.deb

MD5-kontrollsummor för dessa filer finns i originalbulletinen.