Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 547
Alerts This Week
Warning Icon 1 547

Debian 4.0 Lenny: DSA-1866-1 Critical: kdegraphics Null Pointer Issue

debian
Calendar Grey August 19, 2009
Debian Logo
To tackle the critical vulnerabilities in kdegraphics for Debian, as noted in DSA-1866-1, follow the upgrade steps provided below for safety and performance
Two security issues have been discovered in kdegraphics, the graphics apps from the official KDE release

Summary


CVE-2009-0945

It was discovered that the KSVG animation element implementation suffersfrom a null pointer dereference flaw, which could lead to the execution
of arbitrary code.

CVE-2009-1709

It was discovered that the KSVG animation element implementation is
prone to a use-after-free flaw, which could lead to the execution of
arbitrary code.


For the stable distribution (lenny), these problems have been fixed in
version 4:3.5.9-3+lenny2.

For the oldstable distribution (etch), these problems have been fixed
in version 4:3.5.5-3etch4.

For the testing distribution (squeeze) and the unstable distribution
(sid), these problems have been fixed in version 4:4.0.


We recommend that you upgrade your kdegraphics packages.


Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.