Description:
===========================================================Ubuntu Security Notice USN-871-2 December 11, 2009kde4libs vulnerabilitieshttps://launchpad.net/bugs/495301===========================================================A security issue affects the following Ubuntu releases:Ubuntu 8.10Ubuntu 9.04Ubuntu 9.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 8.10: kdelibs5 4:4.1.4-0ubuntu1~intrepid1.5Ubuntu 9.04: kdelibs5 4:4.2.2-0ubuntu5.4Ubuntu 9.10: kdelibs5 4:4.3.2-0ubuntu7.2After a standard system upgrade you need to restart your session to effectthe necessary changes.Details follow:USN-871-1 fixed vulnerabilities in KDE. This update provides thecorresponding updates for KDE 4.This update also fixes a directory traversal flaw in KDE when processinghelp:// URLs. This issue only affected Ubuntu 8.10.Original advisory details: It was discovered that the KDE libraries could use KHTML to process an unknown MIME type. If a user or application linked against kdelibs were tricked into opening a crafted file, an attacker could potentially trigger XMLHTTPRequests to remote sites.
More...