Several security issues have been discovered in kdelibs, core libraries from the official KDE release. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1690 It was discovered that there is a use-after-free flaw in handling certain DOM event handlers. This could lead to the execution of arbitrary code, when visiting a malicious website. CVE-2009-1698 It was discovered that there could be an uninitialised pointer when handling a Cascading Style Sheets (CSS) attr function call. This could lead to the execution of arbitrary code, when visiting a malicious website. CVE-2009-1687 It was discovered that the JavaScript garbage collector does not handle allocation failures properly, which could lead to the execution of arbitrary code when visiting a malicious website. For the oldstable distribution (etch), these problems have been fixed in version 4:3.5.5a.dfsg.1-8etch2. For the stable distribution (lenny), these problems have been fixed in version 4:3.5.10.dfsg.1-0lenny2. For the testing distribution (squeeze) and the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your kdelibs packages.
Several security issues have been discovered in kdelibs, core libraries from the official KDE release. The Common Vulnerabilities and Exposures project identifies the following problems:
It was discovered that there is a use-after-free flaw in handling certain DOM event handlers. This could lead to the execution of arbitrary code, when visiting a malicious website.
It was discovered that there could be an uninitialised pointer when handling a Cascading Style Sheets (CSS) attr function call. This could lead to the execution of arbitrary code, when visiting a malicious website.
It was discovered that the JavaScript garbage collector does not handle allocation failures properly, which could lead to the execution of arbitrary code when visiting a malicious website.
For the oldstable distribution (etch), these problems have been fixed in version 4:3.5.5a.dfsg.1-8etch4.
For the stable distribution (lenny), these problems have been fixed in version 4:3.5.10.dfsg.1-0lenny2.
For the testing distribution (squeeze) and the unstable distribution (sid), these problems will be fixed soon.
We recommend that you upgrade your kdelibs packages.
MD5 checksums of the listed files are available in the original advisory.