Debian: DSA-1868-1 Moderate: kde4libs Code Issues Affecting Stability
debian
August 19, 2009
Several security issues have been discovered in kde4libs, core libraries for all KDE 4 applications
Topics Covered
Summary
CVE-2009-1690
It was discovered that there is a use-after-free flaw in handling
certain DOM event handlers. This could lead to the execution of
arbitrary code, when visiting a malicious website.
CVE-2009-1698
It was discovered that there could be an uninitialised pointer when
handling a Cascading Style Sheets (CSS) attr function call. This could
lead to the execution of arbitrary code, when visiting a malicious
website.
CVE-2009-1687
It was discovered that the JavaScript garbage collector does not handle
allocation failures properly, which could lead to the execution of
arbitrary code when visiting a malicious website.
For the stable distribution (lenny), these problems have been fixed in
version 4:4.1.0-3+lenny1.
The oldstable distribution (etch) does not contain kde4libs.
For the testing distribution (squeeze), these problems will be fixed
soon.
For the unstable distribution (sid), these problems have been fixed in
version 4:4.3.0-1.
We recommend that you upgrade your kde4libs packages.
Upgrade instru...
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!