Debian Security Advisory
DSA-1868-1 kde4libs -- several vulnerabilities
- Date Reported:
- 19 Aug 2009
- Affected Packages:
- kde4libs
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 534949.
In Mitre's CVE dictionary: CVE-2009-1690, CVE-2009-1698, CVE-2009-1687. - More information:
-
Several security issues have been discovered in kde4libs, core libraries for all KDE 4 applications. The Common Vulnerabilities and Exposures project identifies the following problems:
- CVE-2009-1690
It was discovered that there is a use-after-free flaw in handling certain DOM event handlers. This could lead to the execution of arbitrary code, when visiting a malicious website.
- CVE-2009-1698
It was discovered that there could be an uninitialised pointer when handling a Cascading Style Sheets (CSS) attr function call. This could lead to the execution of arbitrary code, when visiting a malicious website.
- CVE-2009-1687
It was discovered that the JavaScript garbage collector does not handle allocation failures properly, which could lead to the execution of arbitrary code when visiting a malicious website.
The oldstable distribution (etch) does not contain kde4libs.
For the stable distribution (lenny), these problems have been fixed in version 4:4.1.0-3+lenny1.
For the testing distribution (squeeze), these problems will be fixed soon.
For the unstable distribution (sid), these problems have been fixed in version 4:4.3.0-1.
We recommend that you upgrade your kde4libs packages.
- CVE-2009-1690
- Fixed in:
-
Debian GNU/Linux 5.0 (lenny)
- Source:
- http://security.debian.org/pool/updates/main/k/kde4libs/kde4libs_4.1.0-3+lenny1.dsc
- http://security.debian.org/pool/updates/main/k/kde4libs/kde4libs_4.1.0-3+lenny1.diff.gz
- http://security.debian.org/pool/updates/main/k/kde4libs/kde4libs_4.1.0.orig.tar.gz
- http://security.debian.org/pool/updates/main/k/kde4libs/kde4libs_4.1.0-3+lenny1.diff.gz
- Architecture-independent component:
- http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-data_4.1.0-3+lenny1_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs-bin_4.1.0-3+lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dbg_4.1.0-3+lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dev_4.1.0-3+lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5_4.1.0-3+lenny1_alpha.deb
- http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dbg_4.1.0-3+lenny1_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs-bin_4.1.0-3+lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dbg_4.1.0-3+lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5_4.1.0-3+lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dev_4.1.0-3+lenny1_amd64.deb
- http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dbg_4.1.0-3+lenny1_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs-bin_4.1.0-3+lenny1_arm.deb
- http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dbg_4.1.0-3+lenny1_arm.deb
- http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dev_4.1.0-3+lenny1_arm.deb
- http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5_4.1.0-3+lenny1_arm.deb
- http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dbg_4.1.0-3+lenny1_arm.deb
- HP Precision:
- http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs-bin_4.1.0-3+lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5_4.1.0-3+lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dbg_4.1.0-3+lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dev_4.1.0-3+lenny1_hppa.deb
- http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5_4.1.0-3+lenny1_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5_4.1.0-3+lenny1_i386.deb
- http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dev_4.1.0-3+lenny1_i386.deb
- http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs-bin_4.1.0-3+lenny1_i386.deb
- http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dbg_4.1.0-3+lenny1_i386.deb
- http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dev_4.1.0-3+lenny1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs-bin_4.1.0-3+lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dbg_4.1.0-3+lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dev_4.1.0-3+lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5_4.1.0-3+lenny1_ia64.deb
- http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dbg_4.1.0-3+lenny1_ia64.deb
- Big-endian MIPS:
- http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs-bin_4.1.0-3+lenny1_mips.deb
- http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dev_4.1.0-3+lenny1_mips.deb
- http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dbg_4.1.0-3+lenny1_mips.deb
- http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5_4.1.0-3+lenny1_mips.deb
- http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dev_4.1.0-3+lenny1_mips.deb
- Little-endian MIPS:
- http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dev_4.1.0-3+lenny1_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dbg_4.1.0-3+lenny1_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs-bin_4.1.0-3+lenny1_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5_4.1.0-3+lenny1_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dbg_4.1.0-3+lenny1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5_4.1.0-3+lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dev_4.1.0-3+lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs-bin_4.1.0-3+lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dbg_4.1.0-3+lenny1_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dev_4.1.0-3+lenny1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dev_4.1.0-3+lenny1_s390.deb
- http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dbg_4.1.0-3+lenny1_s390.deb
- http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs-bin_4.1.0-3+lenny1_s390.deb
- http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5_4.1.0-3+lenny1_s390.deb
- http://security.debian.org/pool/updates/main/k/kde4libs/kdelibs5-dbg_4.1.0-3+lenny1_s390.deb
MD5 checksums of the listed files are available in the original advisory.