Home > Security > Advisories

Advisories

Mandriva Advisories

Package name kdelibs
Date October 19th, 2006
Advisory ID MDKSA-2006:186
Affected versions CS3.0, 2007.0, CS4.0
Synopsis Updated kdelibs packages fix KHTML vulnerability

Problem Description

A vulnerability was discovered in the way that Qt handled pixmap images
and the KDE khtml library used Qt in such a way that untrusted
parameters could be passed to Qt, resulting in an integer overflow.
This flaw could be exploited by a remote attacker in a malicious
website that, when viewed by an individual using Konqueror, would cause
Konqueror to crash or possibly execute arbitrary code with the
privileges of the user.

Updated packages have been patched to correct this issue.

Updated Packages

Corporate Server 3.0

 692f918e3e7acbe933684d973261ca0c  corporate/3.0/i586/kdelibs-common-3.2-36.16.C30mdk.i586.rpm
 8537e316e30762eb2420e0c2412ffaf8  corporate/3.0/i586/libkdecore4-3.2-36.16.C30mdk.i586.rpm
 37d09cd7b937ac25e98b87fe4161bfe1  corporate/3.0/i586/libkdecore4-devel-3.2-36.16.C30mdk.i586.rpm 
 815b64f8f6d1309414fa128ff049fa8a  corporate/3.0/SRPMS/kdelibs-3.2-36.16.C30mdk.src.rpm

Corporate Server 3.0/X86_64

 80f41ba7cab5c29812574b255487ff75  corporate/3.0/x86_64/kdelibs-common-3.2-36.16.C30mdk.x86_64.rpm
 690b32020e45a8f1e1d7cff8dc3d342b  corporate/3.0/x86_64/lib64kdecore4-3.2-36.16.C30mdk.x86_64.rpm
 39f37ea645b542dfd872b015d7b2db53  corporate/3.0/x86_64/lib64kdecore4-devel-3.2-36.16.C30mdk.x86_64.rpm
 8537e316e30762eb2420e0c2412ffaf8  corporate/3.0/x86_64/libkdecore4-3.2-36.16.C30mdk.i586.rpm 
 815b64f8f6d1309414fa128ff049fa8a  corporate/3.0/SRPMS/kdelibs-3.2-36.16.C30mdk.src.rpm

Mandriva Linux 2007

 0468fedc69128d4967771b9132b756f4  2007.0/i586/kdelibs-common-3.5.4-19.1mdv2007.0.i586.rpm
 2dc30948c1fdce7e25d9b7a8a9379e51  2007.0/i586/kdelibs-devel-doc-3.5.4-19.1mdv2007.0.i586.rpm
 7c637c18db5254991e86662b4d0a3dbd  2007.0/i586/libkdecore4-3.5.4-19.1mdv2007.0.i586.rpm
 2990a2078b4971d5b3fff5a8282834aa  2007.0/i586/libkdecore4-devel-3.5.4-19.1mdv2007.0.i586.rpm 
 de92b184fd62a8aa54278c0a7aeb5f43  2007.0/SRPMS/kdelibs-3.5.4-19.1mdv2007.0.src.rpm

Mandriva Linux 2007/X86_64

 e067573bb458b0606e19c8950fedb860  2007.0/x86_64/kdelibs-common-3.5.4-19.1mdv2007.0.x86_64.rpm
 5143af28520ea05d50bc07a92523bf5a  2007.0/x86_64/kdelibs-devel-doc-3.5.4-19.1mdv2007.0.x86_64.rpm
 452cd5fe9b000d31911cc8b19dbed9ca  2007.0/x86_64/lib64kdecore4-3.5.4-19.1mdv2007.0.x86_64.rpm
 22e66d820ad6e94c332df514e756b06c  2007.0/x86_64/lib64kdecore4-devel-3.5.4-19.1mdv2007.0.x86_64.rpm 
 de92b184fd62a8aa54278c0a7aeb5f43  2007.0/SRPMS/kdelibs-3.5.4-19.1mdv2007.0.src.rpm

Corporate Server 4.0

 3561f4ec95d79ede9284cb1ff897681b  corporate/4.0/i586/kdelibs-arts-3.5.4-1.2.20060mlcs4.i586.rpm
 3e19560491f720fd9034a95dfb4f529d  corporate/4.0/i586/kdelibs-common-3.5.4-1.2.20060mlcs4.i586.rpm
 633e83e144a3a0daa1057ecae48a0991  corporate/4.0/i586/kdelibs-devel-doc-3.5.4-1.2.20060mlcs4.i586.rpm
 853c0d7af1b8515c9226eb3ff1ae0e52  corporate/4.0/i586/libkdecore4-3.5.4-1.2.20060mlcs4.i586.rpm
 ffe121c5ed1528769d981a5b5d526b81  corporate/4.0/i586/libkdecore4-devel-3.5.4-1.2.20060mlcs4.i586.rpm 
 52f9f74e64bf4da50df95c02d350fa11  corporate/4.0/SRPMS/kdelibs-3.5.4-1.2.20060mlcs4.src.rpm

Corporate Server 4.0/X86_64

 6ad107993dc8ba3726eb47bb087393e4  corporate/4.0/x86_64/kdelibs-arts-3.5.4-1.2.20060mlcs4.x86_64.rpm
 4be667bf1d745fedc81314d697e3320a  corporate/4.0/x86_64/kdelibs-common-3.5.4-1.2.20060mlcs4.x86_64.rpm
 a1480b53dcf74c2af2c044c0da4b45d7  corporate/4.0/x86_64/kdelibs-devel-doc-3.5.4-1.2.20060mlcs4.x86_64.rpm
 e40a8bb434849c3976ba57f1e52ba78e  corporate/4.0/x86_64/lib64kdecore4-3.5.4-1.2.20060mlcs4.x86_64.rpm
 4e488a23bad70524ef7d731b834cbe50  corporate/4.0/x86_64/lib64kdecore4-devel-3.5.4-1.2.20060mlcs4.x86_64.rpm 
 52f9f74e64bf4da50df95c02d350fa11  corporate/4.0/SRPMS/kdelibs-3.5.4-1.2.20060mlcs4.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4811

Upgrade

To upgrade automatically, use MandrivaUpdate.


Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.