Red Hat Bugzilla – Bug 177618
CVE-2006-0019 kjs encodeuri/decodeuri heap overflow vulnerability
Last modified: 2007-11-30 17:07:22 EST
The KDE security team reported:
interpreter engine used by Konqueror and other parts of KDE. An attacker
leading to arbitrary code execution. The Common Vulnerabilities and
Exposures project assigned the name CAN-2006-0019 to this issue.
This issue does not affect RHEL2.1 or RHEL3
Embargoed until January 19th 2006
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.
From User-Agent: XML-RPC
kdelibs-3.5.0-0.4.fc4 has been pushed for FC4, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.