MDVSA-2010:028

Package name

kdelibs4

Date

2010-01-27

Advisory ID

MDVSA-2010:028

Affected versions

2010.0 x86_64 , 2010.0 i586

Problem description

Multiple vulnerabilities was discovered and corrected in kdelibs4:

KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a
\'\0\' (NUL) character in a domain name in the Subject Alternative
Name field of an X.509 certificate, which allows man-in-the-middle
attackers to spoof arbitrary SSL servers via a crafted certificate
issued by a legitimate Certification Authority, a related issue to
CVE-2009-2408 (CVE-2009-2702).

KDE Konqueror allows remote attackers to cause a denial of service
(memory consumption) via a large integer value for the length property
of a Select object, a related issue to CVE-2009-1692 (CVE-2009-2537).

The gdtoa (aka new dtoa) implementation in gdtoa/misc.c in
libc in FreeBSD 6.4 and 7.2, NetBSD 5.0, and OpenBSD 4.5 allows
context-dependent attackers to cause a denial of service (application
crash) or possibly have unspecified other impact via a large precision
value in the format argument to a printf function, related to an
array overrun. (CVE-2009-0689).

The updated packages have been patched to correct these issues.

Updated packages

2010.0 x86_64

 628c96841b4fe1ae8f60d091fa14f4a8  2010.0/x86_64/kdelibs4-core-4.3.2-11.14mdv2010.0.x86_64.rpm
 49b2d3b07b9972a4ce96c7165365877b  2010.0/x86_64/kdelibs4-devel-4.3.2-11.14mdv2010.0.x86_64.rpm
 653348d413757079608374479aabf7af  2010.0/x86_64/lib64kde3support4-4.3.2-11.14mdv2010.0.x86_64.rpm
 310b1c2d870c6b49b24359ef3f48c5b2  2010.0/x86_64/lib64kdecore5-4.3.2-11.14mdv2010.0.x86_64.rpm
 2204c6207c7d9832f1c9b08e44bab933  2010.0/x86_64/lib64kdefakes5-4.3.2-11.14mdv2010.0.x86_64.rpm
 ded542c4f600ec4ee9578a84eecba90d  2010.0/x86_64/lib64kdesu5-4.3.2-11.14mdv2010.0.x86_64.rpm
 61e898c4a9986d30c9fb5df8cab0c6a2  2010.0/x86_64/lib64kdeui5-4.3.2-11.14mdv2010.0.x86_64.rpm
 2c1372cf3ceb6ccc2b576fd2391f265e  2010.0/x86_64/lib64kdnssd4-4.3.2-11.14mdv2010.0.x86_64.rpm
 5c9c1bc90773a78df10e0c31b7c415a2  2010.0/x86_64/lib64kfile4-4.3.2-11.14mdv2010.0.x86_64.rpm
 154c30e99ce9c2d956fd9bab69a32eb8  2010.0/x86_64/lib64khtml5-4.3.2-11.14mdv2010.0.x86_64.rpm
 6b4fd189b0068c859653f1c0a95d169a  2010.0/x86_64/lib64kimproxy4-4.3.2-11.14mdv2010.0.x86_64.rpm
 599dbbf7689d9ea31991d6b9ce86e0fa  2010.0/x86_64/lib64kio5-4.3.2-11.14mdv2010.0.x86_64.rpm
 2e31f04cb9871f6fa54033281c9fbcfd  2010.0/x86_64/lib64kjs4-4.3.2-11.14mdv2010.0.x86_64.rpm
 ba8d5f97e0d2cc07ac379d12160dc710  2010.0/x86_64/lib64kjsapi4-4.3.2-11.14mdv2010.0.x86_64.rpm
 dac95aac7d233a11f3b920819d120c96  2010.0/x86_64/lib64kjsembed4-4.3.2-11.14mdv2010.0.x86_64.rpm
 3acd8d0df72a1206091397e3f30dc23e  2010.0/x86_64/lib64kmediaplayer4-4.3.2-11.14mdv2010.0.x86_64.rpm
 8d45de302d9197e5956f4559523939ce  2010.0/x86_64/lib64knewstuff2_4-4.3.2-11.14mdv2010.0.x86_64.rpm
 2218d8ca6ab9c49c5302377cbf3fb6d6  2010.0/x86_64/lib64knotifyconfig4-4.3.2-11.14mdv2010.0.x86_64.rpm
 b0f7f7966ecacb227bdf8e5a6f7ec1f4  2010.0/x86_64/lib64kntlm4-4.3.2-11.14mdv2010.0.x86_64.rpm
 df1c765779d67ef5ed75259888f1a399  2010.0/x86_64/lib64kparts4-4.3.2-11.14mdv2010.0.x86_64.rpm
 13a37eefc1eaf718817ab9d4a61ad0d5  2010.0/x86_64/lib64kpty4-4.3.2-11.14mdv2010.0.x86_64.rpm
 77db36915eac2265b955c9730fdc6611  2010.0/x86_64/lib64krosscore4-4.3.2-11.14mdv2010.0.x86_64.rpm
 47f9b8a7070adc1028f3b8dcdf14ed26  2010.0/x86_64/lib64krossui4-4.3.2-11.14mdv2010.0.x86_64.rpm
 8cd7275deff482953895f7d71f232160  2010.0/x86_64/lib64ktexteditor4-4.3.2-11.14mdv2010.0.x86_64.rpm
 5c5b666d4ae0fb58c0d6e012c7522161  2010.0/x86_64/lib64kunittest4-4.3.2-11.14mdv2010.0.x86_64.rpm
 d67c086990110f1fac519f7d3948b053  2010.0/x86_64/lib64kutils4-4.3.2-11.14mdv2010.0.x86_64.rpm
 c9692f6851972ba9fbc9dd1773891db5  2010.0/x86_64/lib64nepomuk4-4.3.2-11.14mdv2010.0.x86_64.rpm
 36674939e5e7ffb36427fbc504e097a8  2010.0/x86_64/lib64plasma3-4.3.2-11.14mdv2010.0.x86_64.rpm
 29087c6119008e740c13e4ac48d6a4d0  2010.0/x86_64/lib64solid4-4.3.2-11.14mdv2010.0.x86_64.rpm
 775291372adee37558c25d9b0f3e0348  2010.0/x86_64/lib64threadweaver4-4.3.2-11.14mdv2010.0.x86_64.rpm 
 efa77a322ba85ef9fe3382173a73d96f  2010.0/SRPMS/kdelibs4-4.3.2-11.14mdv2010.0.src.rpm

2010.0 i586

 33710e4c127e3f066d4ee4dbb48c489b  2010.0/i586/kdelibs4-core-4.3.2-11.14mdv2010.0.i586.rpm
 729ae2fa1575e10820480d0bea2629a1  2010.0/i586/kdelibs4-devel-4.3.2-11.14mdv2010.0.i586.rpm
 5c2e90329653954110f1385bc404ea1f  2010.0/i586/libkde3support4-4.3.2-11.14mdv2010.0.i586.rpm
 5255f87e774bea4fa38d2fd0397a82bd  2010.0/i586/libkdecore5-4.3.2-11.14mdv2010.0.i586.rpm
 e40f53bb3caee308f0ab81d5f091a5db  2010.0/i586/libkdefakes5-4.3.2-11.14mdv2010.0.i586.rpm
 e027288fdb8d917f934641ea934432c7  2010.0/i586/libkdesu5-4.3.2-11.14mdv2010.0.i586.rpm
 e9ca80075872c1e68ca1f5ddeb9ce2a4  2010.0/i586/libkdeui5-4.3.2-11.14mdv2010.0.i586.rpm
 9d9b22a86b5b0684801cf652afb6791a  2010.0/i586/libkdnssd4-4.3.2-11.14mdv2010.0.i586.rpm
 b70ed737e0f857d68d9fefb3fad2cfa1  2010.0/i586/libkfile4-4.3.2-11.14mdv2010.0.i586.rpm
 27bfe29c5952d58c1eaf2bb130668d2c  2010.0/i586/libkhtml5-4.3.2-11.14mdv2010.0.i586.rpm
 a2e2456a104d6085479229bc3edf3370  2010.0/i586/libkimproxy4-4.3.2-11.14mdv2010.0.i586.rpm
 b152961f2b3c06134ae0ca2bdabe77b0  2010.0/i586/libkio5-4.3.2-11.14mdv2010.0.i586.rpm
 1e8d3dc384c46afb23bb4dace40df5f6  2010.0/i586/libkjs4-4.3.2-11.14mdv2010.0.i586.rpm
 64736a9db93696bf4e1658cc9cbed0f5  2010.0/i586/libkjsapi4-4.3.2-11.14mdv2010.0.i586.rpm
 fd005b1db52fbe95b163428e9f1edd43  2010.0/i586/libkjsembed4-4.3.2-11.14mdv2010.0.i586.rpm
 5eb298a371bb5fc31494856a2cddd3a6  2010.0/i586/libkmediaplayer4-4.3.2-11.14mdv2010.0.i586.rpm
 3013d74cdf48c0e6e0c55f8af5bf83a0  2010.0/i586/libknewstuff2_4-4.3.2-11.14mdv2010.0.i586.rpm
 2c31f4c0fa71ec35ec5a5f0e68ff4847  2010.0/i586/libknotifyconfig4-4.3.2-11.14mdv2010.0.i586.rpm
 361a0aa31fb34f77d99a3b2bcc08d06b  2010.0/i586/libkntlm4-4.3.2-11.14mdv2010.0.i586.rpm
 f383eeec52164d5122ea6125b2e9b02f  2010.0/i586/libkparts4-4.3.2-11.14mdv2010.0.i586.rpm
 0d8db89b62359ac9fe6c61661987708f  2010.0/i586/libkpty4-4.3.2-11.14mdv2010.0.i586.rpm
 9bfd72866126f8fbae7b15af580385d5  2010.0/i586/libkrosscore4-4.3.2-11.14mdv2010.0.i586.rpm
 9c5d90d57dbacadd0472c167a3c7a6a5  2010.0/i586/libkrossui4-4.3.2-11.14mdv2010.0.i586.rpm
 2fbe8d729b997df8105edf5595e5fc5f  2010.0/i586/libktexteditor4-4.3.2-11.14mdv2010.0.i586.rpm
 8396960aaa8c205602b4d48bff64f1cb  2010.0/i586/libkunittest4-4.3.2-11.14mdv2010.0.i586.rpm
 a50fa982912201b0785ee37b6e776fc3  2010.0/i586/libkutils4-4.3.2-11.14mdv2010.0.i586.rpm
 6caf366e3455479e9d95fee1a1a36bcc  2010.0/i586/libnepomuk4-4.3.2-11.14mdv2010.0.i586.rpm
 8250fed72d654f5c61cd9cb4d868e06d  2010.0/i586/libplasma3-4.3.2-11.14mdv2010.0.i586.rpm
 a6201c4800f363cba18afdfd8a9fbc15  2010.0/i586/libsolid4-4.3.2-11.14mdv2010.0.i586.rpm
 2a6d763d74f0d420429a1943fc8f288b  2010.0/i586/libthreadweaver4-4.3.2-11.14mdv2010.0.i586.rpm 
 efa77a322ba85ef9fe3382173a73d96f  2010.0/SRPMS/kdelibs4-4.3.2-11.14mdv2010.0.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0689
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2537
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2702