|Category:||Debian Local Security Checks|
|Title:||Debian Security Advisory DSA 1867-1 (kdelibs)|
|Summary:||Debian Security Advisory DSA 1867-1 (kdelibs)|
The remote host is missing an update to kdelibs
announced via advisory DSA 1867-1.
Several security issues have been discovered in kdelibs, core libraries
from the official KDE release. The Common Vulnerabilities and Exposures
project identifies the following problems:
It was discovered that there is a use-after-free flaw in handling
certain DOM event handlers. This could lead to the execution of
arbitrary code, when visiting a malicious website.
It was discovered that there could be an uninitialised pointer when
handling a Cascading Style Sheets (CSS) attr function call. This could
lead to the execution of arbitrary code, when visiting a malicious
allocation failures properly, which could lead to the execution of
arbitrary code when visiting a malicious website.
For the stable distribution (lenny), these problems have been fixed in
For the oldstable distribution (etch), these problems have been fixed
in version 4:3.5.5a.dfsg.1-8etch2.
For the testing distribution (squeeze) and the unstable distribution
(sid), these problems will be fixed soon.
We recommend that you upgrade your kdelibs packages.
Common Vulnerability Exposure (CVE) ID: CVE-2009-1690|
Debian Security Information: DSA-1950 (Google Search)
SuSE Security Announcement: SUSE-SR:2011:002 (Google Search)
BugTraq ID: 35260
Common Vulnerability Exposure (CVE) ID: CVE-2009-1698
Bugtraq: 20090608 ZDI-09-032: Apple WebKit attr() Invalid Attribute Memory Corruption Vulnerability (Google Search)
Bugtraq: 20090614 [TZO-37-2009] Apple Safari <v4 Remote code execution (Google Search)
BugTraq ID: 35318
Common Vulnerability Exposure (CVE) ID: CVE-2009-1687
BugTraq ID: 35309
|Copyright||Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com|
|This is only one of 58962 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.