kdelibs-3.5.5-11.25AXS3
エラータID: AXSA:2009-427:02
Release date:
Monday, December 7, 2009 - 14:40
Subject:
kdelibs-3.5.5-11.25AXS3
Affected Channels:
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity:
High
Description:
KDE Libraries include: kdecore (KDE core library), kdeui (user interface), kfm (file manager), khtmlw (HTML widget), kio (Input/Output, networking), kspell (spelling checker), jscript (javascript), kab (addressbook), kimgio (image manipulation).
Security bugs fixed with this release:
CVE-2009-0689
The gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc in FreeBSD 6.4 and 7.2, NetBSD 5.0, and OpenBSD 4.5 allows context-dependent attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a large precision value in the format argument to a printf function, related to an array overrun.
Solution:
Update packages.
CVEs:
CVE-2009-0689
Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.
Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.
Additional Info:
N/A
Download:
SRPMS
- kdelibs-3.5.5-11.25AXS3.src.rpm
MD5: 36b1ca876ace50e722b813836583feb2
SHA-256: 651ebc84da91700db45af9aadba5882f94c28a24ea776bce1fcd48b0dab2508c
Size: 14.90 MB
Asianux Server 3 for x86
- kdelibs-3.5.5-11.25AXS3.i386.rpm
MD5: b3be689ac986fdf1f235948816e0dd6c
SHA-256: b8557049d2d460752bce3e955305f311dade97a76192d64a16b8889ed87f01c9
Size: 12.95 MB - kdelibs-devel-3.5.5-11.25AXS3.i386.rpm
MD5: 58ac848abb027251bd35da5662a018da
SHA-256: f39beaa37ac26d9dbc599e48a57cfe8d91f921478f4c69f34051c50e0bcbbfd7
Size: 1.30 MB
Asianux Server 3 for x86_64
- kdelibs-3.5.5-11.25AXS3.x86_64.rpm
MD5: 4f035f3d9651ab7c28d36810dd39a201
SHA-256: 4eeec30178a1f747d70a19227dbb4978041cef010d3bbe4b7edb622096596072
Size: 13.09 MB - kdelibs-devel-3.5.5-11.25AXS3.x86_64.rpm
MD5: d0654935cb3aa49b26c2859146f3aea3
SHA-256: 0f4361a481984d77095497c12d92d4a99ed1a75f6db9fbf9583bc4a45c0a7cf8
Size: 1.30 MB
日本語