[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[SECURITY] Fedora 10 Update: kdelibs-4.2.4-6.fc10



--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-8049
2009-07-27 21:07:34
--------------------------------------------------------------------------------

Name        : kdelibs
Product     : Fedora 10
Version     : 4.2.4
Release     : 6.fc10
URL         : http://www.kde.org/
Summary     : K Desktop Environment 4 - Libraries
Description :
Libraries for the K Desktop Environment 4.

--------------------------------------------------------------------------------
Update Information:

This update fixes several security issues in KHTML (CVE-2009-1725,
CVE-2009-1690, CVE-2009-1687, CVE-2009-1698, CVE-2009-0945, CVE-2009-2537) which
may lead to a denial of service or potentially even arbitrary code execution.
In addition, libplasma was fixed to make Plasmaboard (a virtual keyboard applet)
work, and a bug in a Fedora patch which made builds of the SRPM on single-CPU
machines fail was fixed.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Jul 26 2009 Kevin Kofler <Kevin tigcc ticalc org> - 4.2.4-6
- fix CVE-2009-1725 - crash, possible ACE in numeric character references
- fix CVE-2009-1690 - crash, possible ACE in KHTML (<head> use-after-free)
- fix CVE-2009-1687 - possible ACE in KJS (FIXME: still crashes?)
- fix CVE-2009-1698 - crash, possible ACE in CSS style attribute handling
- fix CVE-2009-0945 - NULL-pointer dereference in the SVGList interface impl
* Thu Jul 23 2009 Jaroslav Reznik <jreznik redhat com> - 4.2.4-5
- CVE-2009-2537 - select length DoS
- correct fixPopupForPlasmaboard.patch
* Wed Jul  8 2009 Kevin Kofler <Kevin tigcc ticalc org> - 4.2.4-4
- fix CMake dependency in parallel_devel patch (#510259, CHIKAMA Masaki)
* Mon Jun 15 2009 Rex Dieter <rdieter fedoraproject org> 4.2.4-3
- fixPopupForPlasmaboard.patch
* Mon Jun  1 2009 Lukáš Tinkl <ltinkl redhat com> - 4.2.4-2
- respun tarball
* Sat May 30 2009 Lukáš Tinkl <ltinkl redhat com> - 4.2.4-1
- KDE 4.2.4
* Tue May 12 2009 Rex Dieter <rdieter fedoraproject org> - 4.2.3-3
- kde4.(sh|csh): drop QT_PLUGINS_PATH munging, kde4-config call (#498809)
* Mon May  4 2009 Than Ngo <than redhat com> - 4.2.3-2
- better fix for strcasestr detection
* Sun May  3 2009 Than Ngo <than redhat com> - 4.2.3-1
- 4.2.3
* Tue Apr 28 2009 Lukáš Tinkl <ltinkl redhat com> - 4.2.2-13
- upstream patch to fix GCC4.4 crashes in kjs
  (kdebug:189809)
* Fri Apr 24 2009 Kevin Kofler <Kevin tigcc ticalc org> - 4.2.2-12
- drop the PopupApplet configuration backports (#495998) for now, kconf_update
  does not work as expected for Plasma
* Thu Apr 23 2009 Kevin Kofler <Kevin tigcc ticalc org> - 4.2.2-11
- fix the kconf_update scriptlet for #495998 again (missing DELETEGROUP)
* Thu Apr 23 2009 Kevin Kofler <Kevin tigcc ticalc org> - 4.2.2-10
- fix the kconf_update scriptlet for #495998 (broken .upd syntax)
* Tue Apr 21 2009 Than Ngo <than redhat com> - 4.2.2-9
- don't let plasma appear over screensaver
* Mon Apr 20 2009 Kevin Kofler <Kevin tigcc ticalc org> 4.2.2-8
- fix Plasma PopupApplet configuration interfering with weather applet (#495998)
* Sun Apr 19 2009 Rex Dieter <rdieter fedoraproject org> 4.2.2-7
- fix and simplify the child struct disposal (kde#180785)
* Sat Apr 18 2009 Rex Dieter <rdieter fedoraproject org> 4.2.2-6
- squash leaky file descriptors in kdeinit (kde#180785,rhbz#484370)
* Fri Apr 10 2009 Rex Dieter <rdieter fedoraproject org> 4.2.2-5
- fix bidi-related hangs in khtml (kde#189161)
* Wed Apr  8 2009 Than Ngo <than redhat com> - 4.2.2-4
- upstream patch fix ReadOnlyPart crash for non-local file
* Tue Apr  7 2009 Than Ngo <than redhat com> - 4.2.2-3
- fix kickoff focus issue
* Tue Apr  7 2009 Than Ngo <than redhat com> - 4.2.2-2
- upstream patch to fix kio_http issue
* Wed Apr  1 2009 Lukáš Tinkl <ltinkl redhat com> - 4.2.2-1
- KDE 4.2.2
* Mon Mar 23 2009 Rex Dieter <rdieter fedoraproject org> - 4.2.1-9
- scriptlet optimization
* Thu Mar 19 2009 Rex Dieter <rdieter fedoraproject org> - 4.2.1-8
- Provides: kdelibs4%{?_isa} ... (#491082)
* Wed Mar 18 2009 Rex Dieter <rdieter fedoraproject org> 4.2.1-7
- Provides: kross(javascript) kross(qtscript)  (#490586)
* Thu Mar 12 2009 Than Ngo <than redhat com> - 4.2.1-6
- apply patch to fix encoding for Qt-4.5.0
* Mon Mar  9 2009 Than Ngo <than redhat com> - 4.2.1-5
- apply patch to fix issue in CSS style that causes konqueror shows a blank page
* Thu Mar  5 2009 Rex Dieter <rdieter fedorproject org> - 4.2.1-4 
- move designer plugins to main/runtime (#487622)
* Sun Mar  1 2009 Than Ngo <than redhat com> - 4.2.1-2
- respin
* Fri Feb 27 2009 Than Ngo <than redhat com> - 4.2.1-1
- 4.2.1
* Thu Feb 26 2009 Than Ngo <than redhat com> 4.2.0-17
- fix build issue against gcc44
* Wed Feb 25 2009 Than Ngo <than redhat com> - 4.2.0-16
- fix files conflicts with 3.5.x
* Tue Feb 24 2009 Kevin Kofler <Kevin tigcc ticalc org> - 4.2.0-15
- fix crash in ~KMainWindow triggered by sending messages in KNode (kde#182322)
* Mon Feb 23 2009 Rex Dieter <rdieter fedoraproject org> - 4.2.0-14
- (Build)Req: soprano(-devel) >= 2.2
- devel: drop Req: zlib-devel libutempter-devel
* Wed Feb 18 2009 Kevin Kofler <Kevin tigcc ticalc org> - 4.2.0-13
- disable strict aliasing in kjs/dtoa.cpp (GCC 4.4 x86_64 crash) (#485968)
* Thu Feb 12 2009 Than Ngo <than redhat com> - 4.2.0-11
- make plasma work better with Qt 4.5 (when built against Qt 4.5)
- add gcc44-workaround
* Fri Feb  6 2009 Than Ngo <than redhat com> - 4.2.0-10
- Fix duplicated applications in the K menu and in keditfiletype
* Thu Feb  5 2009 Rex Dieter <rdieter fedoraproject org> 4.2.0-9
- ssl/proxy patch (kde#179934)
* Sat Jan 31 2009 Rex Dieter <rdieter fedoraproject org> 4.2.0-8
- unowned dirs (#483315,#483318)
* Fri Jan 30 2009 Rex Dieter <rdieter fedoraproject org> 4.2.0-7
- kded/kdirwatch patch (kde#182472)
* Fri Jan 30 2009 Lukáš Tinkl <ltinkl redhat com> 4.2.0-6
- Emit the correct FilesRemoved signal if the job was aborted in the middle of its operation, 
  otherwise it can result in confusion and data loss (overwriting files with files
  that don't exist). kdebug:118593
- Fix "klauncher hangs when kdeinit4 dies" -- this happened because
  klauncher was doing a blocking read forever.
- Repair klauncher support for unique-applications like konsole.
  kdebug:162729, kdebug:75492
* Fri Jan 30 2009 Kevin Kofler <Kevin tigcc ticalc org> - 4.2.0-5
- reenable PolicyKit and NTFS workarounds
* Mon Jan 26 2009 Rex Dieter <rdieter fedoraproject org> - 4.2.0-4
- revert Requires: qt4%{_isa}
* Mon Jan 26 2009 Rex Dieter <rdieter fedoraproject org> - 4.2.0-3
- respun tarball
* Mon Jan 26 2009 Rex Dieter <rdieter fedoraproject org> - 4.2.0-2
- plasma-on-screensaver-security patch
- (Build)Req: automoc4 >= 0.9.88, phonon(-devel) >= 4.3.0
- Requires: strigi-libs >= 0.6.3
- use %{?_isa} to avoid potential multilib heartbreak
* Thu Jan 22 2009 Than Ngo <than redhat com> - 4.2.0-1
- 4.2.0
* Fri Jan 16 2009 Than Ngo <than redhat com> - 4.1.96-9
- drop kdelibs-4.1.85-plasma-default-wallpaper.patch, it's not needed
  since new plasma allows to define default wallpaper, new kde-setting
  is required
- backport fix from trunk to allow symlinks in wallpaper theme
* Fri Jan 16 2009 Kevin Kofler <Kevin tigcc ticalc org> - 4.1.96-8
- rebuild for new OpenSSL
* Mon Jan 12 2009 Rex Dieter <rdieter fedoraproject org> - 4.1.96-7
- Slight speedup to profile.d/kde.sh (#465370)
- (Build)Req: strigi(-devel) >= 0.6.3
* Mon Jan 12 2009 Than Ngo <than redhat com> - 4.1.96-6
- fix a crash (appearing in KSMServer)
* Sat Jan 10 2009 Than Ngo <than redhat com> - 4.1.96-5
- kdeworkspace cmake files in correct place
* Fri Jan  9 2009 Rex Dieter <rdieter fedoraproject org> - 4.1.96-4
- bump min deps (cmake, kde-filesystem, phonon)
- kde.(sh|csh): cleanup QT_PLUGIN_PATH handling (#477095)
- Requires: coreutils grep
* Fri Jan  9 2009 Than Ngo <than redhat com> - 4.1.96-3
- BR soprano >= 2.1.64
* Thu Jan  8 2009 Than Ngo <than redhat com> - 4.1.96-2
- kdepim cmake files in correct place
* Wed Jan  7 2009 Than Ngo <than redhat com> - 4.1.96-1
- 4.2rc1
* Fri Dec 19 2008 Kevin Kofler <Kevin tigcc ticalc org> 4.1.85-6
- add plasma-default-wallpaper libplasma patch from kdebase-workspace-4.1
* Tue Dec 16 2008 Rex Dieter <rdieter fedoraproject org> 4.1.85-5
- respun tarball, integrates kde-l10n-systemsettings patch
* Tue Dec 16 2008 Than Ngo <than redhat com> - 4.1.85-4
- add missing ENTITY systemsettings in pt, that fixes kde-l10
  build breakage
* Mon Dec 15 2008 Than Ngo <than redhat com> - 4.1.85-3
- add missing ENTITY systemsettings in ru/gl/es/pt, that fixes kde-l10
  build breakage
- rename suffix .xxcmake to avoid install .cmake
* Sun Dec 14 2008 Kevin Kofler <Kevin tigcc ticalc org> - 4.1.85-2
- tweak parallel_devel patch to get a -L flag for the symlink directory
* Thu Dec 11 2008 Than Ngo <than redhat com> -  4.1.85-1
- 4.2beta2
* Tue Dec  9 2008 Lorenzo Villani <lvillani binaryhelix net> - 6:4.1.82-2
- rebase parallel devel patch and kde149705 patch
* Mon Dec  8 2008 Lorenzo Villani <lvillani binaryhelix net> - 6:4.1.82-1
- 4.1.82
* Tue Nov 25 2008 Kevin Kofler <Kevin tigcc ticalc org> 4.1.80-5
- remove workaround BR on phonon-backend-gstreamer, it's ineffective since
  phonon now explicitly Requires: phonon-backend-xine and the dependency is no
  longer circular anyway
- update parallel_devel patch
- fix minimum strigi version (only 0.5.9 needed)
* Tue Nov 25 2008 Than Ngo <than redhat com> 4.1.80-4
- respin
* Thu Nov 20 2008 Rex Dieter <rdieter fedoraproject org> 4.1.80-3
- -devel: Provides: plasma-devel
* Thu Nov 20 2008 Than Ngo <than redhat com> 4.1.80-2
- merged
* Thu Nov 20 2008 Lorenzo Villani <lvillani binaryhelix net> - 6:4.1.80-1
- 4.1.80
- BR strigi 0.60
- BR cmake 2.6
- make install/fast
- rebase policykit patch
- rebase cmake patch
- rebase a couple of patches and drop _default_patch_fuzz 2
* Wed Nov 12 2008 Than Ngo <than redhat com> 4.1.3-1
- 4.1.3
* Fri Nov  7 2008 Rex Dieter <rdieter fedoraproject org> 4.1.2-6
- backport http_cache_cleaner fix (kdebug:172182)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #513813 - CVE-2009-1725: KHTML: improper handling of numeric character references (ACE, DoS)
        https://bugzilla.redhat.com/show_bug.cgi?id=513813
  [ 2 ] Bug #505571 - CVE-2009-1690 kdelibs: KHTML Incorrect handling <head> element content once the <head> element was removed (DoS, ACE)
        https://bugzilla.redhat.com/show_bug.cgi?id=505571
  [ 3 ] Bug #506453 - CVE-2009-1687 kdelibs: Integer overflow in KJS JavaScript garbage collector
        https://bugzilla.redhat.com/show_bug.cgi?id=506453
  [ 4 ] Bug #506469 - CVE-2009-1698 kdelibs: KHTML CSS parser - incorrect handling CSS "style" attribute content (DoS, ACE)
        https://bugzilla.redhat.com/show_bug.cgi?id=506469
  [ 5 ] Bug #506703 - CVE-2009-0945 kdegraphics: KSVG NULL-pointer dereference in the SVGList interface implementation (ACE)
        https://bugzilla.redhat.com/show_bug.cgi?id=506703
  [ 6 ] Bug #512911 - CVE-2009-2537 Konqueror: DoS via large length property of a Select object
        https://bugzilla.redhat.com/show_bug.cgi?id=512911
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update kdelibs' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]