LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

kdelibs: multiple vulnerabilities

Package(s):kdelibs CVE #(s):CVE-2009-1687 CVE-2009-1690 CVE-2009-1698
Created:June 25, 2009 Updated:January 25, 2011
Description: kdelibs has multiple vulnerabilities. From the Red Hat alert: A flaw was found in the way the KDE CSS parser handled content for the CSS "style" attribute. A remote attacker could create a specially-crafted CSS equipped HTML page, which once visited by an unsuspecting user, could cause a denial of service (Konqueror crash) or, potentially, execute arbitrary code with the privileges of the user running Konqueror. (CVE-2009-1698) A flaw was found in the way the KDE HTML parser handled content for the HTML "head" element. A remote attacker could create a specially-crafted HTML page, which once visited by an unsuspecting user, could cause a denial of service (Konqueror crash) or, potentially, execute arbitrary code with the privileges of the user running Konqueror. (CVE-2009-1690) An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the KDE JavaScript garbage collector handled memory allocation requests. A remote attacker could create a specially-crafted HTML page, which once visited by an unsuspecting user, could cause a denial of service (Konqueror crash) or, potentially, execute arbitrary code with the privileges of the user running Konqueror. (CVE-2009-1687)
Alerts:
openSUSE openSUSE-SU-2011:0024-1 2011-01-12
SUSE SUSE-SR:2011:002 2011-01-25
openSUSE openSUSE-SU-2010:1034-1 2010-12-09
Debian DSA-1988-1 2010-02-02
Mandriva MDVSA-2010:027 2010-01-27
Mandriva MDVSA-2009:346 2009-12-29
Debian DSA-1950 2009-12-12
Mandriva MDVSA-2009:330 2009-12-10
Ubuntu USN-836-1 2009-09-23
Fedora FEDORA-2009-9391 2009-09-09
Fedora FEDORA-2009-9400 2009-09-09
Ubuntu USN-822-1 2009-08-24
Debian DSA-1868-1 2009-08-19
Debian DSA-1867-1 2009-08-19
Fedora FEDORA-2009-8020 2009-07-27
Fedora FEDORA-2009-8046 2009-07-27
Fedora FEDORA-2009-8049 2009-07-27
Fedora FEDORA-2009-8039 2009-07-27
CentOS CESA-2009:1127 2009-06-26
CentOS CESA-2009:1128 2009-06-25
Red Hat RHSA-2009:1128-01 2009-06-25
Red Hat RHSA-2009:1127-01 2009-06-25
Ubuntu USN-857-1 2009-11-10
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds