|
Family: Ubuntu Local Security Checks --> Category: infos
USN245-1 : kdelibs vulnerability Vulnerability Scan
Vulnerability Scan Summary kdelibs vulnerability
Detailed Explanation for this Vulnerability Test
Synopsis :
These remote packages are missing security patches :
- kdelibs
- kdelibs-bin
- kdelibs-data
- kdelibs4
- kdelibs4-dev
- kdelibs4-doc
- kdelibs4c2
- kdelibs4c2-dbg
Description :
Maksim Orlovich discovered that kjs, the Javascript interpreter engine
used by Konqueror and other parts of KDE, did not sufficiently verify
the validity of UTF-8 encoded URIs. Specially crafted URIs could
trigger a buffer overflow. By tricking an user into visiting a
web site with malicious JavaScript code, a remote attacker could
exploit this to execute arbitrary code with user rights.
Solution :
Upgrade to :
- kdelibs-3.4.3-0ubuntu2 (Ubuntu 5.10)
- kdelibs-bin-3.4.3-0ubuntu2 (Ubuntu 5.10)
- kdelibs-data-3.4.3-0ubuntu2 (Ubuntu 5.10)
- kdelibs4-3.4.0-0ubuntu3.5 (Ubuntu 5.04)
- kdelibs4-dev-3.4.3-0ubuntu2 (Ubuntu 5.10)
- kdelibs4-doc-3.4.3-0ubuntu2 (Ubuntu 5.10)
- kdelibs4c2-3.4.3-0ubuntu2 (Ubuntu 5.10)
- kdelibs4c2-dbg-3.4.3-0ubuntu2 (Ubuntu 5.10)
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|