Synopsis
Critical: kdegraphics security update
Type/Severity
Security Advisory: Critical
Topic
Updated kdegraphics packages that fix two security issues are now availablefor Red Hat Enterprise Linux 5This update has been rated as having critical security impact by the RedHat Security Response Team
...
Several vulnerabilities have been discovered in WebKit, a Web content engine
library for Gtk+ The Common Vulnerabilities and Exposures project identifies
the following problems:
CVE-2009-0945
Array index error in the insertItemBefore method in WebKit, allows remote
attackers to execute arbitrary code via a document with a SVGPathList data
structu ...
Two security issues have been discovered in kdegraphics, the graphics
apps from the official KDE release The Common Vulnerabilities and
Exposures project identifies the following problems:
CVE-2009-0945
It was discovered that the KSVG animation element implementation suffers
from a null pointer dereference flaw, which could lead to the execution
...
It was discovered that KDE-Graphics did not properly handle certain
malformed SVG images If a user were tricked into opening a specially
crafted SVG image, an attacker could cause a denial of service or possibly
execute arbitrary code with the privileges of the user invoking the
program ...
It was discovered that KDE-Libs did not properly handle certain malformed
SVG images If a user were tricked into opening a specially crafted SVG
image, an attacker could cause a denial of service or possibly execute
arbitrary code with the privileges of the user invoking the program This
issue only affected Ubuntu 904 (CVE-2009-0945) ...
It was discovered that WebKit did not properly handle certain SVGPathList
data structures If a user were tricked into viewing a malicious website,
an attacker could exploit this to execute arbitrary code with the
privileges of the user invoking the program (CVE-2009-0945) ...
It was discovered that QtWebKit did not properly handle certain SVGPathList
data structures If a user were tricked into viewing a malicious website,
an attacker could exploit this to execute arbitrary code with the
privileges of the user invoking the program (CVE-2009-0945) ...
Debian Bug report logs -
#534946
webkit: CVE-2009-1698 CVE-2009-1690 CVE-2009-1687
Package:
webkit;
Maintainer for webkit is (unknown);
Reported by: Giuseppe Iuculano <giuseppe@iuculanoit>
Date: Sun, 28 Jun 2009 12:48:02 UTC
Severity: grave
Tags: lenny, patch, security
Found in version 101-4
Fixed in versions 115-1, ...
Debian Bug report logs -
#534951
CVE-2009-1709
Package:
kdegraphics;
Maintainer for kdegraphics is Debian Qt/KDE Maintainers <debian-qt-kde@listsdebianorg>; Source for kdegraphics is src:meta-kde (PTS, buildd, popcon)
Reported by: Giuseppe Iuculano <giuseppe@iuculanoit>
Date: Sun, 28 Jun 2009 13:30:01 UTC
Severit ...
Debian Bug report logs -
#532718
libqt4-webkit: CVE-2009-0945: Array index error in the insertItemBefore method in WebKit
Package:
libqt4-webkit;
Maintainer for libqt4-webkit is Debian Qt/KDE Maintainers <debian-qt-kde@listsdebianorg>; Source for libqt4-webkit is src:qt4-x11 (PTS, buildd, popcon)
Reported by: Luciano Bello ...
Debian Bug report logs -
#545793
CVE-2009-2700: QSslCertificate incorrect verification of SSL certificate with NUL in subjectAltName
Package:
qt4-x11;
Maintainer for qt4-x11 is Debian Qt/KDE Maintainers <debian-qt-kde@listsdebianorg>;
Reported by: Giuseppe Iuculano <giuseppe@iuculanoit>
Date: Wed, 9 Sep 2009 08:00 ...
Debian Bug report logs -
#535793
webkit: deluge of security vulnerabilities
Package:
webkit;
Maintainer for webkit is (unknown);
Reported by: Michael S Gilbert <michaelsgilbert@gmailcom>
Date: Sun, 5 Jul 2009 05:18:04 UTC
Severity: grave
Tags: fixed-upstream, security
Found in version 101-4
Fixed in version 1121-1 ...