Summary
The remote host is missing an update to kdelibs
announced via advisory DSA 948-1.
Maksim Orlovich discovered that the kjs Javascript interpreter, used in the Konqueror web browser and in other parts of KDE, performs insufficient bounds checking when parsing UTF-8 encoded Uniform Resource Identifiers, which may lead to a heap based buffer overflow and the execution of arbitrary code.
The old stable distribution (woody) is not affected by this problem.
Solution
For the stable distribution (sarge) this problem has been fixed in version 3.3.2-6.4
For the unstable distribution (sid) this problem will be fixed soon.
We recommend that you upgrade your kdelibs package.
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20948-1
Severity
Classification
-
CVE CVE-2006-0019 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities