Debian 4.0 Lenny: DSA-1867-1 Moderate: Kdelibs Remote Code Execution
debian
August 19, 2009
Several security issues have been discovered in kdelibs, core libraries from the official KDE release
Summary
CVE-2009-1690
It was discovered that there is a use-after-free flaw in handling
certain DOM event handlers. This could lead to the execution of
arbitrary code, when visiting a malicious website.
CVE-2009-1698
It was discovered that there could be an uninitialised pointer when
handling a Cascading Style Sheets (CSS) attr function call. This could
lead to the execution of arbitrary code, when visiting a malicious
website.
CVE-2009-1687
It was discovered that the JavaScript garbage collector does not handle
allocation failures properly, which could lead to the execution of
arbitrary code when visiting a malicious website.
For the stable distribution (lenny), these problems have been fixed in
version 4:3.5.10.dfsg.1-0lenny2.
For the oldstable distribution (etch), these problems have been fixed
in version 4:3.5.5a.dfsg.1-8etch2.
For the testing distribution (squeeze) and the unstable distribution
(sid), these problems will be fixed soon.
We recommend that you upgrade your kdelibs packages.
Upgrade instructions
...
PREVIOUS
NEXT
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!