Description:
===========================================================Ubuntu Security Notice USN-872-1 December 11, 2009kdebase-runtime vulnerabilitieshttps://launchpad.net/bugs/495301===========================================================A security issue affects the following Ubuntu releases:Ubuntu 8.10Ubuntu 9.04Ubuntu 9.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 8.10: kdebase-runtime 4:4.1.4-0ubuntu1~intrepid1.2Ubuntu 9.04: kdebase-runtime 4:4.2.2-0ubuntu1.1Ubuntu 9.10: kdebase-runtime 4:4.3.2-0ubuntu4.1After a standard system upgrade you need to restart your session to effectthe necessary changes.Details follow:It was discovered that the KIO subsystem of KDE did not properly performinput validation when processing help:// URIs. If a user or KIO applicationprocessed a crafted help:// URI, an attacker could trigger JavaScriptexecution or access files via directory traversal.
More...