Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 541
Alerts This Week
Warning Icon 1 541

Debian 5.0 DSA-1950 Critical: WebKit Remote Code Execution Issues

debian
Calendar Grey December 12, 2009
Debian Logo
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----------------------------------------------------
Several vulnerabilities have been discovered in webkit, a Web content engine library for Gtk+

Summary


Several vulnerabilities have been discovered in webkit, a Web content engine
library for Gtk+. The Common Vulnerabilities and Exposures project identifies
the following problems:

CVE-2009-0945

Array index error in the insertItemBefore method in WebKit, allows remote
attackers to execute arbitrary code via a document with a SVGPathList data
structure containing a negative index in the SVGTransformList, SVGStringList,
SVGNumberList, SVGPathSegList, SVGPointList, or SVGLengthList SVGList object,
which triggers memory corruption.


CVE-2009-1687

The JavaScript garbage collector in WebKit does not properly handle allocation
failures, which allows remote attackers to execute arbitrary code or cause a
denial of service (memory corruption and application crash) via a crafted HTML
document that triggers write access to an "offset of a NULL pointer."


CVE-2009-1690

Use-after-free vulnerability in WebKit, allows remote attackers to execute
arbitrary code or cause a denial of service (memory corruption and applic...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Package: webkit

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.