News

=========================================================== Ubuntu Security Notice USN-245-1 January 20, 2006 kdelibs vulnerability CVE-2006-0019 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 (Hoary Hedgehog)a Ubuntu 5.10 (Breezy Badger) The following packages are affected: kdelibs4c2 The problem can be corrected by upgrading the affected package to version 4:3.4.0-0ubuntu3.5 (for Ubuntu 5.04), or 4:3.4.3-0ubuntu2 (for Ubuntu 5.10). After a standard system upgrade you need to restart your KDE session to effect the necessary changes. Details follow: Maksim Orlovich discovered that kjs, the Javascript interpreter engine used by Konqueror and other parts of KDE, did not sufficiently verify the validity of UTF-8 encoded URIs. Specially crafted URIs could trigger a buffer overflow. By tricking an user into visiting a web site with malicious JavaScript code, a remote attacker could exploit this to execute arbitrary code with user privileges.