Updated kdelibs packages are available for Mandriva Linux
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: kdelibs
Advisory ID: MDKSA-2005:085
Date: May 12th, 2005
Affected versions: 10.1, 10.2, Corporate 3.0
______________________________________________________________________
Problem Description:
A buffer overflow in the PCX decoder of kimgio was discovered by Bruno Rohee. If an attacker could trick a user into loading a malicious PCX image with any KDE application, he could cause the execution of arbitrary code with the privileges of the user opening the image.
The provided packages have been patched to correct this issue.
In addition, the LE2005 packages contain fixes to configuring email into kbugreport, fixing a KDE crasher bug, fixing a kicondialog bug, a KHTML bug, and a knewsticker export symbol problem.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1046
http://bugs.kde.org/show_bug.cgi?id=101577
http://bugs.kde.org/show_bug.cgi?id=104475
http://bugs.kde.org/show_bug.cgi?id=99970
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.1:
d9187f933c87279b7e72df6513490154 10.1/RPMS/kdelibs-common-3.2.3-106.1.101mdk.i586.rpm
debbf58c43f6ceb879175c2b45fb7382 10.1/RPMS/libkdecore4-3.2.3-106.1.101mdk.i586.rpm
3fed03ddab92dafaf8a7edb70ddb6cc9 10.1/RPMS/libkdecore4-devel-3.2.3-106.1.101mdk.i586.rpm
44d483efd87e38e49738825009d65f9c 10.1/SRPMS/kdelibs-3.2.3-106.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
2df5f703c954bcb4c206c2da57c30b50 x86_64/10.1/RPMS/kdelibs-common-3.2.3-106.1.101mdk.x86_64.rpm
d336bec3abe9699aaf20a8aa6b138af9 x86_64/10.1/RPMS/lib64kdecore4-3.2.3-106.1.101mdk.x86_64.rpm
f0f24bd12da26bc53d1385b661499f91 x86_64/10.1/RPMS/lib64kdecore4-devel-3.2.3-106.1.101mdk.x86_64.rpm
debbf58c43f6ceb879175c2b45fb7382 x86_64/10.1/RPMS/libkdecore4-3.2.3-106.1.101mdk.i586.rpm
3fed03ddab92dafaf8a7edb70ddb6cc9 x86_64/10.1/RPMS/libkdecore4-devel-3.2.3-106.1.101mdk.i586.rpm
44d483efd87e38e49738825009d65f9c x86_64/10.1/SRPMS/kdelibs-3.2.3-106.1.101mdk.src.rpm
Mandrakelinux 10.2:
4bbf3caa4f7162f354c8f9049ff04cc6 10.2/RPMS/kdelibs-common-3.3.2-124.1.102mdk.i586.rpm
9f45e9f161e746cef2782d8be428fa67 10.2/RPMS/libkdecore4-3.3.2-124.1.102mdk.i586.rpm
a9848e016ff7b6e468a42f049c1674a8 10.2/RPMS/libkdecore4-devel-3.3.2-124.1.102mdk.i586.rpm
3da564391e8a3ba9e0336b78407e5af1 10.2/SRPMS/kdelibs-3.3.2-124.1.102mdk.src.rpm
Mandrakelinux 10.2/X86_64:
b339bb5667ca8c8e49a91c52e8763953 x86_64/10.2/RPMS/kdelibs-common-3.3.2-124.1.102mdk.x86_64.rpm
6898b9fc463185750f73ca7249d0e079 x86_64/10.2/RPMS/lib64kdecore4-3.3.2-124.1.102mdk.x86_64.rpm
4d6de10fe1dacfd0f7f5ca727a066d6f x86_64/10.2/RPMS/lib64kdecore4-devel-3.3.2-124.1.102mdk.x86_64.rpm
9f45e9f161e746cef2782d8be428fa67 x86_64/10.2/RPMS/libkdecore4-3.3.2-124.1.102mdk.i586.rpm
a9848e016ff7b6e468a42f049c1674a8 x86_64/10.2/RPMS/libkdecore4-devel-3.3.2-124.1.102mdk.i586.rpm
3da564391e8a3ba9e0336b78407e5af1 x86_64/10.2/SRPMS/kdelibs-3.3.2-124.1.102mdk.src.rpm
Corporate 3.0:
8fefa57d6fb048680557990918a44c59 corporate/3.0/RPMS/kdelibs-common-3.2-36.13.C30mdk.i586.rpm
cbaf86b446afde95d87ca74b67788ad6 corporate/3.0/RPMS/libkdecore4-3.2-36.13.C30mdk.i586.rpm
b9a0035248fdb687d370c3eba66b854e corporate/3.0/RPMS/libkdecore4-devel-3.2-36.13.C30mdk.i586.rpm
f6a2b830e0e3810df0fb8d07dc4ac183 corporate/3.0/SRPMS/kdelibs-3.2-36.13.C30mdk.src.rpm
Corporate 3.0/X86_64:
2ca4ecccc1afe1a6a1c7793af93fd324 x86_64/corporate/3.0/RPMS/kdelibs-common-3.2-36.13.C30mdk.x86_64.rpm
8f5cad1f3b8577a824b82d1937fdf127 x86_64/corporate/3.0/RPMS/lib64kdecore4-3.2-36.13.C30mdk.x86_64.rpm
305120c975db121e6e79699d6c7e9ef0 x86_64/corporate/3.0/RPMS/lib64kdecore4-devel-3.2-36.13.C30mdk.x86_64.rpm
cbaf86b446afde95d87ca74b67788ad6 x86_64/corporate/3.0/RPMS/libkdecore4-3.2-36.13.C30mdk.i586.rpm
f6a2b830e0e3810df0fb8d07dc4ac183 x86_64/corporate/3.0/SRPMS/kdelibs-3.2-36.13.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: kdelibs
Advisory ID: MDKSA-2005:085
Date: May 12th, 2005
Affected versions: 10.1, 10.2, Corporate 3.0
______________________________________________________________________
Problem Description:
A buffer overflow in the PCX decoder of kimgio was discovered by Bruno Rohee. If an attacker could trick a user into loading a malicious PCX image with any KDE application, he could cause the execution of arbitrary code with the privileges of the user opening the image.
The provided packages have been patched to correct this issue.
In addition, the LE2005 packages contain fixes to configuring email into kbugreport, fixing a KDE crasher bug, fixing a kicondialog bug, a KHTML bug, and a knewsticker export symbol problem.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1046
http://bugs.kde.org/show_bug.cgi?id=101577
http://bugs.kde.org/show_bug.cgi?id=104475
http://bugs.kde.org/show_bug.cgi?id=99970
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.1:
d9187f933c87279b7e72df6513490154 10.1/RPMS/kdelibs-common-3.2.3-106.1.101mdk.i586.rpm
debbf58c43f6ceb879175c2b45fb7382 10.1/RPMS/libkdecore4-3.2.3-106.1.101mdk.i586.rpm
3fed03ddab92dafaf8a7edb70ddb6cc9 10.1/RPMS/libkdecore4-devel-3.2.3-106.1.101mdk.i586.rpm
44d483efd87e38e49738825009d65f9c 10.1/SRPMS/kdelibs-3.2.3-106.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
2df5f703c954bcb4c206c2da57c30b50 x86_64/10.1/RPMS/kdelibs-common-3.2.3-106.1.101mdk.x86_64.rpm
d336bec3abe9699aaf20a8aa6b138af9 x86_64/10.1/RPMS/lib64kdecore4-3.2.3-106.1.101mdk.x86_64.rpm
f0f24bd12da26bc53d1385b661499f91 x86_64/10.1/RPMS/lib64kdecore4-devel-3.2.3-106.1.101mdk.x86_64.rpm
debbf58c43f6ceb879175c2b45fb7382 x86_64/10.1/RPMS/libkdecore4-3.2.3-106.1.101mdk.i586.rpm
3fed03ddab92dafaf8a7edb70ddb6cc9 x86_64/10.1/RPMS/libkdecore4-devel-3.2.3-106.1.101mdk.i586.rpm
44d483efd87e38e49738825009d65f9c x86_64/10.1/SRPMS/kdelibs-3.2.3-106.1.101mdk.src.rpm
Mandrakelinux 10.2:
4bbf3caa4f7162f354c8f9049ff04cc6 10.2/RPMS/kdelibs-common-3.3.2-124.1.102mdk.i586.rpm
9f45e9f161e746cef2782d8be428fa67 10.2/RPMS/libkdecore4-3.3.2-124.1.102mdk.i586.rpm
a9848e016ff7b6e468a42f049c1674a8 10.2/RPMS/libkdecore4-devel-3.3.2-124.1.102mdk.i586.rpm
3da564391e8a3ba9e0336b78407e5af1 10.2/SRPMS/kdelibs-3.3.2-124.1.102mdk.src.rpm
Mandrakelinux 10.2/X86_64:
b339bb5667ca8c8e49a91c52e8763953 x86_64/10.2/RPMS/kdelibs-common-3.3.2-124.1.102mdk.x86_64.rpm
6898b9fc463185750f73ca7249d0e079 x86_64/10.2/RPMS/lib64kdecore4-3.3.2-124.1.102mdk.x86_64.rpm
4d6de10fe1dacfd0f7f5ca727a066d6f x86_64/10.2/RPMS/lib64kdecore4-devel-3.3.2-124.1.102mdk.x86_64.rpm
9f45e9f161e746cef2782d8be428fa67 x86_64/10.2/RPMS/libkdecore4-3.3.2-124.1.102mdk.i586.rpm
a9848e016ff7b6e468a42f049c1674a8 x86_64/10.2/RPMS/libkdecore4-devel-3.3.2-124.1.102mdk.i586.rpm
3da564391e8a3ba9e0336b78407e5af1 x86_64/10.2/SRPMS/kdelibs-3.3.2-124.1.102mdk.src.rpm
Corporate 3.0:
8fefa57d6fb048680557990918a44c59 corporate/3.0/RPMS/kdelibs-common-3.2-36.13.C30mdk.i586.rpm
cbaf86b446afde95d87ca74b67788ad6 corporate/3.0/RPMS/libkdecore4-3.2-36.13.C30mdk.i586.rpm
b9a0035248fdb687d370c3eba66b854e corporate/3.0/RPMS/libkdecore4-devel-3.2-36.13.C30mdk.i586.rpm
f6a2b830e0e3810df0fb8d07dc4ac183 corporate/3.0/SRPMS/kdelibs-3.2-36.13.C30mdk.src.rpm
Corporate 3.0/X86_64:
2ca4ecccc1afe1a6a1c7793af93fd324 x86_64/corporate/3.0/RPMS/kdelibs-common-3.2-36.13.C30mdk.x86_64.rpm
8f5cad1f3b8577a824b82d1937fdf127 x86_64/corporate/3.0/RPMS/lib64kdecore4-3.2-36.13.C30mdk.x86_64.rpm
305120c975db121e6e79699d6c7e9ef0 x86_64/corporate/3.0/RPMS/lib64kdecore4-devel-3.2-36.13.C30mdk.x86_64.rpm
cbaf86b446afde95d87ca74b67788ad6 x86_64/corporate/3.0/RPMS/libkdecore4-3.2-36.13.C30mdk.i586.rpm
f6a2b830e0e3810df0fb8d07dc4ac183 x86_64/corporate/3.0/SRPMS/kdelibs-3.2-36.13.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com