| Description: | Description:
The remote host is missing an update to kdelibs
announced via advisory FEDORA-2006-050.
A heap overflow flaw was discovered affecting kjs, the
JavaScript interpreter engine used by Konqueror and other
parts of KDE. An attacker could create a malicious web site
containing carefully crafted JavaScript code that would
trigger this flaw and possibly lead to arbitrary code
execution. The Common Vulnerabilities and Exposures project
assigned the name CVE-2006-0019 to this issue.
Users of KDE should upgrade to these updated packages, which
contain a backported patch from the KDE security team
correcting this issue
* Wed Jan 18 2006 Than Ngo 3.5.0-0.4.fc4
- apply patch to fix a printing problem
- add requires on iceauth #176571
* Wed Jan 11 2006 Karsten Hopp 6:3.5.0-0.3.fc4
- fix kjs encodeuri/decodeuri heap overflow vulnerability, CVE-2006-0019
Solution: Apply the appropriate updates.
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
This update can be installed with the 'yum' update program. Use 'yum update
package-name' at the command line. For more information, refer to 'Managing
Software with yum,' available at http://fedora.redhat.com/docs/yum/.
https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2006-050
Risk factor : High
CVSS Score:
7.5
|
