Jaunty Jackalope Backports

Security Updates needed for kde4libs and kdebase-runtime in jaunty-backports

Bug #502761 reported by Scott Kitterman
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Jaunty Jackalope Backports
Fix Released
High
Scott Kitterman

Bug Description

kde4libs (4:4.2.2-0ubuntu5.4) jaunty-security; urgency=low

  [ Jamie Strandboge ]
  * SECURITY UPDATE: fix buffer overflow when converting string to float
    - debian/patches/CVE-2009-0689.diff: adjust Kmax to handle large field
      numbers in kjs/dtoa.cpp
    - CVE-2009-0689

  [ Jonathan Riddell ]
  * SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability
    - Ark and KMail performs insufficient validation which leads to
      specially crafted archive files, using unknown MIME types, to be
      rendered using a KHTML instance, this can trigger uncontrolled
      XMLHTTPRequests to remote sites
    - Add debian/patches/security_02_XMLHttpRequest_vulnerability.diff,
      restricts xmlhttprequest to http protocols only
    - http://www.kde.org/info/security/advisory-20091027-1.txt
    - oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
    - CVE-2009-XXXX
 -- Jamie Strandboge < <email address hidden>> Mon, 07 Dec 2009 15:25:55 -0600

   Show details 4:4.3.85-0ubuntu2 release (main) 12 days ago
  The Karmic Koala (current stable release)
KDE Base trunk series 8894 Delete Link

   Show details 4:4.3.2-0ubuntu4 release (main) ten weeks ago
   Show details 4:4.3.2-0ubuntu4.1 updates, security (main) three weeks ago
  The Jaunty Jackalope (supported)
KDE Base trunk series 7689 Delete Link

   Show details 4:4.2.2-0ubuntu1.1 updates, security (main) three weeks ago
  Publishing details
Published on 2009-12-11
Copied from ubuntu jaunty in Private PPA for Ubuntu Security Team
Changelog
kdebase-runtime (4:4.2.2-0ubuntu1.1) jaunty-security; urgency=low

  * SECURITY UPDATE: IO Slaves input sanitization errors
   - KDE protocol handlers perform insufficient input validation, an
     attacker can craft malicious URI that would trigger JavaScript
     execution. Additionally the 'help://' protocol handler suffer from
     directory traversal. It should be noted that the scope of this
     issue is limited as the malicious URIs cannot be embedded in
     Internet hosted content.
   - Add security_01_info_kio_no_javascript.diff, stops javascript
     within info kio slave
   - http://www.kde.org/info/security/advisory-20091027-1.txt
   - oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
   - CVE-2009-XXXX
 -- Jonathan Riddell < <email address hidden>> Mon, 07 Dec 2009 17:59:21 +0000

Revision history for this message
Scott Kitterman (kitterman) wrote :

Ack from ubuntu-backporters

security vulnerability: no → yes
Scott Kitterman (kitterman)
Changed in jaunty-backports:
status: New → Fix Committed
importance: Undecided → High
assignee: nobody → Scott Kitterman (kitterman)
Scott Kitterman (kitterman)
Changed in jaunty-backports:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.