Support / Security / Advisories / Mandriva Linux 2006 / MDKSA-2006:130

Package name: kdelibs
Date: 2006-07-20
Advisory ID: MDKSA-2006:130
Affected versions: 2006.0 i586 , 2006.0 x86_64

Problem description

KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a denial
of service (application crash) by calling the replaceChild method on a
DOM object, which triggers a null dereference, as demonstrated by calling
document.replaceChild with a 0 (zero) argument.

This issue does not affect Corporate 3.0.

Updated packages have been patched to correct this issue.

Updated packages

2006.0 i586

 9c08048d1eae88a7b1969464d026383d  2006.0/RPMS/kdelibs-common-3.4.2-31.4.20060mdk.i586.rpm
 03181cb4ee659c54cde567e36bb8d0ee  2006.0/RPMS/kdelibs-devel-doc-3.4.2-31.4.20060mdk.i586.rpm
 5a1e16d3e441004c80ced1a4537fa9a5  2006.0/RPMS/libkdecore4-3.4.2-31.4.20060mdk.i586.rpm
 2dfd44b73866f4a8551f9368553a1d44  2006.0/RPMS/libkdecore4-devel-3.4.2-31.4.20060mdk.i586.rpm
 76afd9e941b89499e0e3b4bf2045ffad  2006.0/SRPMS/kdelibs-3.4.2-31.4.20060mdk.src.rpm

2006.0 x86_64

 5de19da9121964246ee06c9eab9ece91  x86_64/2006.0/RPMS/kdelibs-common-3.4.2-31.4.20060mdk.x86_64.rpm
 392daaeb1744ea56dfd6005c0ee1500a  x86_64/2006.0/RPMS/kdelibs-devel-doc-3.4.2-31.4.20060mdk.x86_64.rpm
 4a2b6d8f83f9d5d00b2272334ddf6f24  x86_64/2006.0/RPMS/lib64kdecore4-3.4.2-31.4.20060mdk.x86_64.rpm
 137d119a30a44a9abc4d221354883599  x86_64/2006.0/RPMS/lib64kdecore4-devel-3.4.2-31.4.20060mdk.x86_64.rpm
 5a1e16d3e441004c80ced1a4537fa9a5  x86_64/2006.0/RPMS/libkdecore4-3.4.2-31.4.20060mdk.i586.rpm
 2dfd44b73866f4a8551f9368553a1d44  x86_64/2006.0/RPMS/libkdecore4-devel-3.4.2-31.4.20060mdk.i586.rpm
 76afd9e941b89499e0e3b4bf2045ffad  x86_64/2006.0/SRPMS/kdelibs-3.4.2-31.4.20060mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3672