Users login

Create an account »

JOIN XATRIX

Users login

Home » Security Advisories» Fedora » Kdelibs arbitrary code execution FC4

Kdelibs arbitrary code execution FC4

A heap overflow flaw was discovered affecting kjs, the JavaScript interpreter engine used by Konqueror and other parts of KDE. An attacker could create a malicious web site containing carefully crafted JavaScript code that would trigger this flaw and possibly lead to arbitrary code execution. Fedpra Core 4.

  • Vendor: Fedora
  • Vendor ID: FEDORA-2006-050
  • Date: January 21, 2006


---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2006-050
2006-01-20
---------------------------------------------------------------------

Product : Fedora Core 4
Name : kdelibs
Version : 3.5.0
Release : 0.4.fc4
Summary : K Desktop Environment - Libraries
Description :
Libraries for the K Desktop Environment:
KDE Libraries included: kdecore (KDE core library), kdeui (user interface),
kfm (file manager), khtmlw (HTML widget), kio (Input/Output, networking),
kspell (spelling checker), jscript (javascript), kab (addressbook),
kimgio (image manipulation).

---------------------------------------------------------------------
Update Information:

A heap overflow flaw was discovered affecting kjs, the
JavaScript interpreter engine used by Konqueror and other
parts of KDE. An attacker could create a malicious web site
containing carefully crafted JavaScript code that would
trigger this flaw and possibly lead to arbitrary code
execution. The Common Vulnerabilities and Exposures project
assigned the name CVE-2006-0019 to this issue.

Users of KDE should upgrade to these updated packages, which
contain a backported patch from the KDE security team
correcting this issue
---------------------------------------------------------------------
* Wed Jan 18 2006 Than Ngo [email protected]> 3.5.0-0.4.fc4
- apply patch to fix a printing problem
- add requires on iceauth #176571
* Wed Jan 11 2006 Karsten Hopp [email protected]> 6:3.5.0-0.3.fc4
- fix kjs encodeuri/decodeuri heap overflow vulnerability, CVE-2006-0019

---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

db86b76009dfd868772600e2b643197fd7d7be1a SRPMS/kdelibs-3.5.0-0.4.fc4.src.rpm
93b3eada75276675171f62e8f82602fc9d4174e8 ppc/kdelibs-3.5.0-0.4.fc4.ppc.rpm
eaa612bac27317b96a0c88d6f122a8595acb1b7a ppc/kdelibs-devel-3.5.0-0.4.fc4.ppc.rpm
81d47e47869fceaba8a83207577e7e88eadd7eb4 ppc/debug/kdelibs-debuginfo-3.5.0-0.4.fc4.ppc.rpm
e57159f6621915c22645ce3e35dfb34d9e1e8e80 x86_64/kdelibs-3.5.0-0.4.fc4.x86_64.rpm
5558a0aeda509ec10a618c0a7e44532bced642da x86_64/kdelibs-devel-3.5.0-0.4.fc4.x86_64.rpm
8e0602b9f6f2b307b8317acad389c72e68110b2a x86_64/debug/kdelibs-debuginfo-3.5.0-0.4.fc4.x86_64.rpm
ba4d3840f602dedb774231eb821fd6dcbe73e3cf i386/kdelibs-3.5.0-0.4.fc4.i386.rpm
86d01df92bfc26b56e1dfba9f196c2d6aacf1ef8 i386/kdelibs-devel-3.5.0-0.4.fc4.i386.rpm
397f3f220aa17b36ada0a165b31d225f5fd6580d i386/debug/kdelibs-debuginfo-3.5.0-0.4.fc4.i386.rpm

This update can be installed with the 'yum' update program. Use 'yum update
package-name' at the command line. For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
---------------------------------------------------------------------

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »