Synopsis
Critical: kdelibs security update
Type/Severity
Security Advisory: Critical
Topic
Updated kdelibs packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 4 and 5This update has been rated as having critical security impact by the RedHat Security Response Team
...
It was discovered that KDE-Libs did not properly handle certain malformed
SVG images If a user were tricked into opening a specially crafted SVG
image, an attacker could cause a denial of service or possibly execute
arbitrary code with the privileges of the user invoking the program This
issue only affected Ubuntu 904 (CVE-2009-0945) ...
It was discovered that WebKit did not properly handle certain SVGPathList
data structures If a user were tricked into viewing a malicious website,
an attacker could exploit this to execute arbitrary code with the
privileges of the user invoking the program (CVE-2009-0945) ...
It was discovered that QtWebKit did not properly handle certain SVGPathList
data structures If a user were tricked into viewing a malicious website,
an attacker could exploit this to execute arbitrary code with the
privileges of the user invoking the program (CVE-2009-0945) ...
Debian Bug report logs -
#534946
webkit: CVE-2009-1698 CVE-2009-1690 CVE-2009-1687
Package:
webkit;
Maintainer for webkit is (unknown);
Reported by: Giuseppe Iuculano <giuseppe@iuculanoit>
Date: Sun, 28 Jun 2009 12:48:02 UTC
Severity: grave
Tags: lenny, patch, security
Found in version 101-4
Fixed in versions 115-1, ...
Debian Bug report logs -
#546212
CVE-2009-2702: KDE KSSL NULL Character Certificate Spoofing Vulnerability
Package:
kdelibs;
Maintainer for kdelibs is (unknown);
Reported by: Giuseppe Iuculano <giuseppe@iuculanoit>
Date: Fri, 11 Sep 2009 17:42:02 UTC
Severity: serious
Tags: security
Fixed in versions kdelibs/4:3510dfs ...
Debian Bug report logs -
#532718
libqt4-webkit: CVE-2009-0945: Array index error in the insertItemBefore method in WebKit
Package:
libqt4-webkit;
Maintainer for libqt4-webkit is Debian Qt/KDE Maintainers <debian-qt-kde@listsdebianorg>; Source for libqt4-webkit is src:qt4-x11 (PTS, buildd, popcon)
Reported by: Luciano Bello ...
Debian Bug report logs -
#545793
CVE-2009-2700: QSslCertificate incorrect verification of SSL certificate with NUL in subjectAltName
Package:
qt4-x11;
Maintainer for qt4-x11 is Debian Qt/KDE Maintainers <debian-qt-kde@listsdebianorg>;
Reported by: Giuseppe Iuculano <giuseppe@iuculanoit>
Date: Wed, 9 Sep 2009 08:00 ...
Debian Bug report logs -
#535793
webkit: deluge of security vulnerabilities
Package:
webkit;
Maintainer for webkit is (unknown);
Reported by: Michael S Gilbert <michaelsgilbert@gmailcom>
Date: Sun, 5 Jul 2009 05:18:04 UTC
Severity: grave
Tags: fixed-upstream, security
Found in version 101-4
Fixed in version 1121-1 ...
Several vulnerabilities have been discovered in WebKit, a Web content engine
library for Gtk+ The Common Vulnerabilities and Exposures project identifies
the following problems:
CVE-2009-0945
Array index error in the insertItemBefore method in WebKit, allows remote
attackers to execute arbitrary code via a document with a SVGPathList data
structu ...
Several security issues have been discovered in kdelibs, core libraries
from the official KDE release The Common Vulnerabilities and Exposures
project identifies the following problems:
CVE-2009-1690
It was discovered that there is a use-after-free flaw in handling
certain DOM event handlers This could lead to the execution of
arbitrary code, wh ...
Several security issues have been discovered in kde4libs, core libraries
for all KDE 4 applications The Common Vulnerabilities and Exposures
project identifies the following problems:
CVE-2009-1690
It was discovered that there is a use-after-free flaw in handling
certain DOM event handlers This could lead to the execution of
arbitrary code, when ...
Vulmon