Advisories
Mandriva Advisories
|
 |
| Problem Description |
A bug was discovered in KJS where UTF8 decoding did not reject
overlong sequences. This vulnerability is similar to that discovered
by Andreas Nolden in QT3 and QT4, but at this current time there is
no known exploit for this issue.
Updated packages have been patched to address this issue.
| Updated Packages |
Corporate Server 3.0
f770e85fb181f424d3540f59c9fc1bd9 corporate/3.0/i586/kdelibs-common-3.2-36.19.C30mdk.i586.rpm 38bd33a2679b4b5674e066873bec271b corporate/3.0/i586/libkdecore4-3.2-36.19.C30mdk.i586.rpm 218a3e5b7b0878e5b311480058541471 corporate/3.0/i586/libkdecore4-devel-3.2-36.19.C30mdk.i586.rpm 19207b2c9f959c3ebbd5f79a56623019 corporate/3.0/SRPMS/kdelibs-3.2-36.19.C30mdk.src.rpm
Corporate Server 3.0/X86_64
e05e552edb1f2fdecc958b10d4dcd690 corporate/3.0/x86_64/kdelibs-common-3.2-36.19.C30mdk.x86_64.rpm 4b745bb2df2bf4a27f8fc1a771a2ed69 corporate/3.0/x86_64/lib64kdecore4-3.2-36.19.C30mdk.x86_64.rpm 52dee8f032dad49e3d7be1b1b2ec5e0d corporate/3.0/x86_64/lib64kdecore4-devel-3.2-36.19.C30mdk.x86_64.rpm 19207b2c9f959c3ebbd5f79a56623019 corporate/3.0/SRPMS/kdelibs-3.2-36.19.C30mdk.src.rpm
Mandriva Linux 2007
0aa169f71ee453bfae98225220c331cc 2007.0/i586/kdelibs-common-3.5.4-19.5mdv2007.0.i586.rpm 540a3bc9d82874b836b30a6948ef3bc9 2007.0/i586/kdelibs-devel-doc-3.5.4-19.5mdv2007.0.i586.rpm 825e626133ee2026b57a734d4afa8b44 2007.0/i586/libkdecore4-3.5.4-19.5mdv2007.0.i586.rpm 506795606555cd7ece65961e2a9b2b3a 2007.0/i586/libkdecore4-devel-3.5.4-19.5mdv2007.0.i586.rpm 75268625fe932b3031f10b431263c4a2 2007.0/SRPMS/kdelibs-3.5.4-19.5mdv2007.0.src.rpm
Mandriva Linux 2007/X86_64
1e3ce972420dfd5fa9f59f7488aad8ec 2007.0/x86_64/kdelibs-common-3.5.4-19.5mdv2007.0.x86_64.rpm 5dd0d9118284bed00433f49758507199 2007.0/x86_64/kdelibs-devel-doc-3.5.4-19.5mdv2007.0.x86_64.rpm 59e713d7e771adc76c681a748661f7df 2007.0/x86_64/lib64kdecore4-3.5.4-19.5mdv2007.0.x86_64.rpm 0c927e5eeaf866777896e3931dbdc8a1 2007.0/x86_64/lib64kdecore4-devel-3.5.4-19.5mdv2007.0.x86_64.rpm 75268625fe932b3031f10b431263c4a2 2007.0/SRPMS/kdelibs-3.5.4-19.5mdv2007.0.src.rpm
Corporate Server 4.0
5f5ef89ea729076d60807144b008ce8e corporate/4.0/i586/kdelibs-arts-3.5.4-2.6.20060mlcs4.i586.rpm 26b0905eb396fc655ddae0544d968b17 corporate/4.0/i586/kdelibs-common-3.5.4-2.6.20060mlcs4.i586.rpm 30ecb24ea79e5a351e92e908db2f2041 corporate/4.0/i586/kdelibs-devel-doc-3.5.4-2.6.20060mlcs4.i586.rpm 888dca62168338a4c2132aa65fca2194 corporate/4.0/i586/libkdecore4-3.5.4-2.6.20060mlcs4.i586.rpm cccd180b1203fbc89ffa829b4ede997b corporate/4.0/i586/libkdecore4-devel-3.5.4-2.6.20060mlcs4.i586.rpm 9d916dfabd10de831d0d7e4bad1531e4 corporate/4.0/SRPMS/kdelibs-3.5.4-2.6.20060mlcs4.src.rpm
Corporate Server 4.0/X86_64
0f32189c5c8206c675d239041a259228 corporate/4.0/x86_64/kdelibs-arts-3.5.4-2.6.20060mlcs4.x86_64.rpm 94ca6193db1cfeca24243e71189eecb9 corporate/4.0/x86_64/kdelibs-common-3.5.4-2.6.20060mlcs4.x86_64.rpm 5cb2db298db9ce38e72f148807cbe57d corporate/4.0/x86_64/kdelibs-devel-doc-3.5.4-2.6.20060mlcs4.x86_64.rpm 347e22ee06124bd9be049d18d2a91963 corporate/4.0/x86_64/lib64kdecore4-3.5.4-2.6.20060mlcs4.x86_64.rpm e6a02d2d4981c8f4afefc3c95e8346b8 corporate/4.0/x86_64/lib64kdecore4-devel-3.5.4-2.6.20060mlcs4.x86_64.rpm 9d916dfabd10de831d0d7e4bad1531e4 corporate/4.0/SRPMS/kdelibs-3.5.4-2.6.20060mlcs4.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0242
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.