From martin@piware.de Tue May 3 08:11:17 2005 From: Martin Pitt To: ubuntu-security-announce@lists.ubuntu.com Cc: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com Date: Tue, 3 May 2005 13:49:55 +0200 Subject: [Full-disclosure] [USN-114-1] kimgio vulnerability =========================================================== Ubuntu Security Notice USN-114-1 May 03, 2005 kdelibs vulnerability CAN-2005-1046 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: kdelibs The problem can be corrected by upgrading the affected package to version 3.4.0-0ubuntu3.1. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Bruno Rohee discovered a buffer overflow in the PCX decoder of kimgio. If an attacker tricked a user into loading a malicious PCX image with a KDE application, he could exploit this to execute arbitrary code with the privileges of the user opening the image. Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.0-0ubuntu3.1.diff.gz Size/MD5: 359873 e047143bce6bc7c4d513ef39f4d9032d http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.0-0ubuntu3.1.dsc Size/MD5: 1334 84191cecdc42f082bb47bf9e0381360e http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.0.orig.tar.gz Size/MD5: 20024253 471740de13cfed37d35eb180fc1b9b38 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.0-0ubuntu3.1_i386.deb Size/MD5: 1300478 e9cbaccebc510a3ab29de999a83ed709 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.0-0ubuntu3.1_i386.deb Size/MD5: 838688 1e6e6725942aeb513c9b441d5c41cb07 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4_3.4.0-0ubuntu3.1_i386.deb Size/MD5: 8395642 d44b82cf611cfbd160593bc05762c622 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.0-0ubuntu3.1_all.deb Size/MD5: 19822 32b8820b1483ce73ba15ffa9d0330487 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.4.0-0ubuntu3.1_all.deb Size/MD5: 8012690 88e4dbac643daaf7235598d8b94a7728 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.4.0-0ubuntu3.1_all.deb Size/MD5: 12072382 58c8c8767295c9ef9b11f2889530c840 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4_3.4.0-0ubuntu3.1_amd64.deb Size/MD5: 8968464 7674d54d68aea22b36319bf1c6051985 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.0-0ubuntu3.1_amd64.deb Size/MD5: 920772 97a404d13d87a8cc93d0562ff60d1fb2 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.0-0ubuntu3.1_amd64.deb Size/MD5: 1303100 8f11bcf3fb6748dc8231b55e055d481d powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.0-0ubuntu3.1_powerpc.deb Size/MD5: 1303876 0083b3b318bce500c7bf47a2fa06ba67 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4_3.4.0-0ubuntu3.1_powerpc.deb Size/MD5: 8367604 80b397e0202fda0ac246797e0ad093e3 http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.0-0ubuntu3.1_powerpc.deb Size/MD5: 903598 9cc850b736e63ee742dd45edc0b56797 [ Part 1.2, "Digital signature" Application/PGP-SIGNATURE ] [ 196bytes. ] [ Unable to print this part. ] [ Part 2: "Attached Text" ] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/