Debian Local Security Checks : Debian: Security Advisory (DSA-948-1)

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.56190
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-948-1)
Summary:	The remote host is missing an update for the Debian 'kdelibs' package(s) announced via the DSA-948-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'kdelibs' package(s) announced via the DSA-948-1 advisory. Vulnerability Insight: Maksim Orlovich discovered that the kjs Javascript interpreter, used in the Konqueror web browser and in other parts of KDE, performs insufficient bounds checking when parsing UTF-8 encoded Uniform Resource Identifiers, which may lead to a heap based buffer overflow and the execution of arbitrary code. The old stable distribution (woody) is not affected by this problem. For the stable distribution (sarge) this problem has been fixed in version 3.3.2-6.4 For the unstable distribution (sid) this problem will be fixed soon. We recommend that you upgrade your kdelibs package. Affected Software/OS: 'kdelibs' package(s) on Debian 3.1. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-0019 1015512 http://securitytracker.com/id?1015512 16325 http://www.securityfocus.com/bid/16325 18500 http://secunia.com/advisories/18500 18540 http://secunia.com/advisories/18540 18552 http://secunia.com/advisories/18552 18559 http://secunia.com/advisories/18559 18561 http://secunia.com/advisories/18561 18570 http://secunia.com/advisories/18570 18583 http://secunia.com/advisories/18583 18899 http://secunia.com/advisories/18899 20060119 [KDE Security Advisory] kjs encodeuri/decodeuri heap overflow http://www.securityfocus.com/archive/1/422464/100/0/threaded 22659 http://www.osvdb.org/22659 364 http://securityreason.com/securityalert/364 ADV-2006-0265 http://www.vupen.com/english/advisories/2006/0265 DSA-948 http://www.debian.org/security/2006/dsa-948 FLSA:178606 http://www.securityfocus.com/archive/1/427976/100/0/threaded GLSA-200601-11 http://www.gentoo.org/security/en/glsa/glsa-200601-11.xml MDKSA-2006:019 http://www.mandriva.com/security/advisories?name=MDKSA-2006:019 RHSA-2006:0184 http://www.redhat.com/support/errata/RHSA-2006-0184.html SSA:2006-045-05 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.361107 SUSE-SA:2006:003 http://www.securityfocus.com/archive/1/422489/100/0/threaded USN-245-1 http://www.ubuntu.com/usn/usn-245-1 ftp://ftp.kde.org/pub/kde/security_patches/post-3.4.3-kdelibs-kjs.diff http://www.kde.org/info/security/advisory-20060119-1.txt kde-kjs-bo(24242) https://exchange.xforce.ibmcloud.com/vulnerabilities/24242 oval:org.mitre.oval:def:11858 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11858
Copyright	Copyright (C) 2008 Greenbone AG