rpms/kdelibs3/devel libltdl-CVE-2009-3736.patch, NONE, 1.1 kdelibs3.spec, 1.76, 1.77
Than Ngo
than at fedoraproject.org
Mon Dec 7 15:16:22 UTC 2009
Author: than
Update of /cvs/extras/rpms/kdelibs3/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv31822
Modified Files:
kdelibs3.spec
Added Files:
libltdl-CVE-2009-3736.patch
Log Message:
fix security issues in libltdl bundle within kdelibs CVE-2009-3736
libltdl-CVE-2009-3736.patch:
ltdl.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
--- NEW FILE libltdl-CVE-2009-3736.patch ---
diff -ur arts-orig/libltdl/ltdl.c arts-1.1.3/libltdl/ltdl.c
--- arts-orig/libltdl/ltdl.c 2003-07-13 21:33:39.000000000 +0200
+++ arts-1.1.3/libltdl/ltdl.c 2009-11-19 16:09:29.000000000 +0100
@@ -1544,7 +1544,8 @@
/* try to open the old library first; if it was dlpreopened,
we want the preopened version of it, even if a dlopenable
module is available */
- if (old_name && tryall_dlopen(handle, old_name) == 0)
+ if (old_name && tryall_dlopen(handle, old_name,
+ advise, lt_dlloader_find ("lt_preopen") ) == 0)
{
return 0;
}
@@ -2158,7 +2159,7 @@
}
#endif
}
- if (!file)
+ else
{
file = fopen (filename, LT_READTEXT_MODE);
}
Index: kdelibs3.spec
===================================================================
RCS file: /cvs/extras/rpms/kdelibs3/devel/kdelibs3.spec,v
retrieving revision 1.76
retrieving revision 1.77
diff -u -p -r1.76 -r1.77
--- kdelibs3.spec 2 Nov 2009 14:55:24 -0000 1.76
+++ kdelibs3.spec 7 Dec 2009 15:16:22 -0000 1.77
@@ -27,7 +27,7 @@
Summary: K Desktop Environment 3 - Libraries
Version: 3.5.10
-Release: 20%{?dist}
+Release: 21%{?dist}
Name: kdelibs3
Obsoletes: kdelibs < 6:%{version}-%{release}
@@ -97,6 +97,8 @@ Patch204: kdelibs-3.5.10-cve-2009-1698.p
Patch205: kdelibs-3.5.10-CVE-2009-2702.patch
# fix oCERT-2009-015 - unrestricted XMLHttpRequest access to local URLs
Patch206: kdelibs-3.5.10-oCERT-2009-015-xmlhttprequest.patch
+# CVE-2009-3736, libltdl may load and execute code from a library in the current directory
+Patch207: libltdl-CVE-2009-3736.patch
Requires: hicolor-icon-theme
%if %{kde_settings}
@@ -249,6 +251,7 @@ format for easy browsing
%patch204 -p1 -b .cve-2009-1698
%patch205 -p1 -b .cve-2009-2702
%patch206 -p0 -b .oCERT-2009-015-xmlhttprequest
+%patch207 -p1 -b .CVE-2009-3736
sed -i -e "s,^#define KDE_VERSION_STRING .*,#define KDE_VERSION_STRING \"%{version}-%{release} %{distname}\"," kdecore/kdeversion.h
@@ -572,6 +575,9 @@ touch --no-create %{_datadir}/icons/crys
%changelog
+* Mon Dec 07 2009 Than Ngo <than at redhat.com> - 3.5.10-21
+- fix security issues in libltdl bundle within kdelibs CVE-2009-3736
+
* Mon Nov 2 2009 Lukáš Tinkl <ltinkl at redhat.com> - 3.5.10-20
- fix unrestricted XMLHttpRequest access to local URLs (oCERT-2009-015), #532428
More information about the fedora-extras-commits
mailing list