[UCI-Linux] [SECURITY] Fedora Core 4 Update: kdelibs-3.5.0-0.4.fc4

Mike Iglesias iglesias at draco.acs.uci.edu
Fri Jan 20 13:09:25 PST 2006

From: "Than Ngo" <than at redhat.com>
To: fedora-announce-list at redhat.com
Date: Fri, 20 Jan 2006 12:01:40 -0500
Subject: [SECURITY] Fedora Core 4 Update: kdelibs-3.5.0-0.4.fc4

Fedora Update Notification

Product     : Fedora Core 4
Name        : kdelibs
Version     : 3.5.0                      
Release     : 0.4.fc4                  
Summary     : K Desktop Environment - Libraries
Description :
Libraries for the K Desktop Environment:
KDE Libraries included: kdecore (KDE core library), kdeui (user interface),
kfm (file manager), khtmlw (HTML widget), kio (Input/Output, networking),
kspell (spelling checker), jscript (javascript), kab (addressbook),
kimgio (image manipulation).

Update Information:

A heap overflow flaw was discovered affecting kjs, the
JavaScript interpreter engine used by Konqueror and other
parts of KDE. An attacker could create a malicious web site
containing carefully crafted JavaScript code that would
trigger this flaw and possibly lead to arbitrary code
execution. The Common Vulnerabilities and Exposures project
assigned the name CVE-2006-0019 to this issue. 

Users of KDE should upgrade to these updated packages, which
contain a backported patch from the KDE security team
correcting this issue
* Wed Jan 18 2006 Than Ngo <than at redhat.com> 3.5.0-0.4.fc4 
- apply patch to fix a printing problem
- add requires on iceauth #176571
* Wed Jan 11 2006 Karsten Hopp <karsten at redhat.de> 6:3.5.0-0.3.fc4
- fix kjs encodeuri/decodeuri heap overflow vulnerability, CVE-2006-0019

This update can be downloaded from:

db86b76009dfd868772600e2b643197fd7d7be1a  SRPMS/kdelibs-3.5.0-0.4.fc4.src.rpm
93b3eada75276675171f62e8f82602fc9d4174e8  ppc/kdelibs-3.5.0-0.4.fc4.ppc.rpm
eaa612bac27317b96a0c88d6f122a8595acb1b7a  ppc/kdelibs-devel-3.5.0-0.4.fc4.ppc.rpm
81d47e47869fceaba8a83207577e7e88eadd7eb4  ppc/debug/kdelibs-debuginfo-3.5.0-0.4.fc4.ppc.rpm
e57159f6621915c22645ce3e35dfb34d9e1e8e80  x86_64/kdelibs-3.5.0-0.4.fc4.x86_64.rpm
5558a0aeda509ec10a618c0a7e44532bced642da  x86_64/kdelibs-devel-3.5.0-0.4.fc4.x86_64.rpm
8e0602b9f6f2b307b8317acad389c72e68110b2a  x86_64/debug/kdelibs-debuginfo-3.5.0-0.4.fc4.x86_64.rpm
ba4d3840f602dedb774231eb821fd6dcbe73e3cf  i386/kdelibs-3.5.0-0.4.fc4.i386.rpm
86d01df92bfc26b56e1dfba9f196c2d6aacf1ef8  i386/kdelibs-devel-3.5.0-0.4.fc4.i386.rpm
397f3f220aa17b36ada0a165b31d225f5fd6580d  i386/debug/kdelibs-debuginfo-3.5.0-0.4.fc4.i386.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.

fedora-announce-list mailing list
fedora-announce-list at redhat.com

More information about the UCI-Linux mailing list