Alerts This Week
Warning Icon 1 1,146
Alerts This Week
Warning Icon 1 1,146

Scientific Linux: Critical Kdelibs Security Update on October 30, 2012

Scientific Large Esm H446
Critical: kdelibs security update
Date: Tue, 30 Oct 2012 15:30:01 -0500
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Organization: Fermilab
Subject: Security ERRATA Critical: kdelibs on SL6.x i386/x86_64
MIME-Version: 1.0

Synopsis: Critical: kdelibs security update
Issue Date: 2012-10-30
CVE Numbers: CVE-2012-4513
 CVE-2012-4512
--
A heap-based buffer overflow flaw was found in the way the CSS (Cascading
Style Sheets) parser in kdelibs parsed the location of the source for font
faces. A web page containing malicious content could cause an application
using kdelibs (such as Konqueror) to crash or, potentially, execute
arbitrary code with the privileges of the user running the application.
(CVE-2012-4512)

A heap-based buffer over-read flaw was found in the way kdelibs calculated
canvas dimensions for large images. A web page containing malicious content
could cause an application using kdelibs to crash or disclose portions of
its memory. (CVE-2012-4513)

The desktop must be restarted (log out, then log back in) for this update
to take effect.
--

SL6
 x86_64
 kdelibs-4.3.4-19.el6.i686.rpm
 kdelibs-4.3.4-19.el6.x86_64.rpm
 kdelibs-common-4.3.4-19.el6.x86_64.rpm
 kdelibs-devel-4.3.4-19.el6.i686.rpm
 kdelibs-devel-4.3.4-19.el6.x86_64.rpm
 i386
 kdelibs-4.3.4-19.el6.i686.rpm
 kdelibs-common-4.3.4-19.el6.i686.rpm
 kdelibs-devel-4.3.4-19.el6.i686.rpm
 noarch
 kdelibs-apidocs-4.3.4-19.el6.noarch.rpm

- Scientific Linux Development Team
Your message here