Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.64280
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2009:1127
Summary:NOSUMMARY
Description:Description:
The remote host is missing updates announced in
advisory RHSA-2009:1127.

The kdelibs packages provide libraries for the K Desktop Environment (KDE).

A flaw was found in the way the KDE CSS parser handled content for the
CSS style attribute. A remote attacker could create a specially-crafted
CSS equipped HTML page, which once visited by an unsuspecting user, could
cause a denial of service (Konqueror crash) or, potentially, execute
arbitrary code with the privileges of the user running Konqueror.
(CVE-2009-1698)

A flaw was found in the way the KDE HTML parser handled content for the
HTML head element. A remote attacker could create a specially-crafted
HTML page, which once visited by an unsuspecting user, could cause a denial
of service (Konqueror crash) or, potentially, execute arbitrary code with
the privileges of the user running Konqueror. (CVE-2009-1690)

An integer overflow flaw, leading to a heap-based buffer overflow, was
found in the way the KDE JavaScript garbage collector handled memory
allocation requests. A remote attacker could create a specially-crafted
HTML page, which once visited by an unsuspecting user, could cause a denial
of service (Konqueror crash) or, potentially, execute arbitrary code with
the privileges of the user running Konqueror. (CVE-2009-1687)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The desktop must be restarted (log out,
then log back in) for this update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2009-1127.html
http://www.redhat.com/security/updates/classification/#critical

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-1687
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
BugTraq ID: 35260
http://www.securityfocus.com/bid/35260
BugTraq ID: 35309
http://www.securityfocus.com/bid/35309
Debian Security Information: DSA-1950 (Google Search)
http://www.debian.org/security/2009/dsa-1950
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.html
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.html
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:330
http://osvdb.org/54985
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10260
http://securitytracker.com/id?1022345
http://secunia.com/advisories/35379
http://secunia.com/advisories/36057
http://secunia.com/advisories/36062
http://secunia.com/advisories/36790
http://secunia.com/advisories/37746
http://secunia.com/advisories/43068
SuSE Security Announcement: SUSE-SR:2011:002 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://www.ubuntu.com/usn/USN-822-1
http://www.ubuntu.com/usn/USN-836-1
http://www.ubuntu.com/usn/USN-857-1
http://www.vupen.com/english/advisories/2009/1522
http://www.vupen.com/english/advisories/2009/1621
http://www.vupen.com/english/advisories/2011/0212
Common Vulnerability Exposure (CVE) ID: CVE-2009-1690
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=803
http://osvdb.org/54990
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11009
Common Vulnerability Exposure (CVE) ID: CVE-2009-1698
BugTraq ID: 35318
http://www.securityfocus.com/bid/35318
Bugtraq: 20090608 ZDI-09-032: Apple WebKit attr() Invalid Attribute Memory Corruption Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/504173/100/0/threaded
Bugtraq: 20090614 [TZO-37-2009] Apple Safari <v4 Remote code execution (Google Search)
http://www.securityfocus.com/archive/1/504295/100/0/threaded
http://blog.zoller.lu/2009/05/advisory-apple-safari-remote-code.html
http://www.zerodayinitiative.com/advisories/ZDI-09-032/
http://osvdb.org/55006
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9484
http://www.redhat.com/support/errata/RHSA-2009-1128.html
http://secunia.com/advisories/35588
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.