The Slackware Linux Project: Mailing List Info

Mailing List Info

News
Security Advisories
FAQ
Book
General Info
Get Slack
Install Help
Configuration
Packages
ChangeLogs
Propaganda
Ports
Other Sites
Support
Contact

Mailing Lists
Archives

About

From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] kdelibs (SSA:2006-045-05)
Date: Tue, 14 Feb 2006 16:33:24 -0800 (PST)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  kdelibs (SSA:2006-045-05)

New kdelibs packages are available for Slackware 10.0, 10.1, 
and 10.2 to fix a security issue with kjs.

More details about this issue may be found in the Common
Vulnerabilities and Exposures (CVE) database:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0019

Additional information may be found on the KDE website:

  http://www.kde.org/info/security/advisory-20060119-1.txt


Here are the details from the Slackware 10.2 ChangeLog:
+--------------------------+
patches/packages/kdelibs-3.4.2-i486-2.tgz:  Patched a heap overflow
  vulnerability in kjs, the JavaScript interpreter engine used by
  Konqueror and other parts of KDE.
  For more information, see:
    http://www.kde.org/info/security/advisory-20060119-1.txt
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0019
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Updated package for Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/kdelibs-3.2.3-i486-3.tgz

Updated package for Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/kdelibs-3.3.2-i486-3.tgz

Updated package for Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/kdelibs-3.4.2-i486-2.tgz


MD5 signatures:
+-------------+

Slackware 10.0 package:
e16976b57ea2e41520ebd986eba3aab4  kdelibs-3.2.3-i486-3.tgz

Slackware 10.1 package:
9d04a303202670c6698d4c8582bdf7b2  kdelibs-3.3.2-i486-3.tgz

Slackware 10.2 package:
903e2dc4ca1882e021a7223bf4a25d0c  kdelibs-3.4.2-i486-2.tgz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg kdelibs-3.4.2-i486-2.tgz


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list:                          |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back containing instructions to    |
| complete the process.  Please do not reply to this email address.      |
+------------------------------------------------------------------------+

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)

iD8DBQFD8ndGakRjwEAQIjMRAuoEAJ9/Bt+MmeN8cb6ofXSDbGyMglgRIwCbBWl1
Og1iuJyEVkgSvz66KBqRpos=
=TTOC
-----END PGP SIGNATURE-----

Slackware™ is a trademark of Patrick Volkerding.