Test ID:	1.3.6.1.4.1.25623.1.0.64282
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2009:1130
Summary:	The remote host is missing updates announced in;advisory RHSA-2009:1130.;;The kdegraphics packages contain applications for the K Desktop Environment;(KDE). Scalable Vector Graphics (SVG) is an XML-based language to describe;vector images. KSVG is a framework aimed at implementing the latest W3C SVG;specifications.;;A use-after-free flaw was found in the KDE KSVG animation element;implementation. A remote attacker could create a specially-crafted SVG;image, which once opened by an unsuspecting user, could cause a denial of;service (Konqueror crash) or, potentially, execute arbitrary code with the;privileges of the user running Konqueror. (CVE-2009-1709);;A NULL pointer dereference flaw was found in the KDE, KSVG SVGList;interface implementation. A remote attacker could create a;specially-crafted SVG image, which once opened by an unsuspecting user,;would cause memory corruption, leading to a denial of service (Konqueror;crash). (CVE-2009-0945);;All users of kdegraphics should upgrade to these updated packages, which;contain backported patches to correct these issues. The desktop must be;restarted (log out, then log back in) for this update to take effect.
Description:	Summary: The remote host is missing updates announced in advisory RHSA-2009:1130. The kdegraphics packages contain applications for the K Desktop Environment (KDE). Scalable Vector Graphics (SVG) is an XML-based language to describe vector images. KSVG is a framework aimed at implementing the latest W3C SVG specifications. A use-after-free flaw was found in the KDE KSVG animation element implementation. A remote attacker could create a specially-crafted SVG image, which once opened by an unsuspecting user, could cause a denial of service (Konqueror crash) or, potentially, execute arbitrary code with the privileges of the user running Konqueror. (CVE-2009-1709) A NULL pointer dereference flaw was found in the KDE, KSVG SVGList interface implementation. A remote attacker could create a specially-crafted SVG image, which once opened by an unsuspecting user, would cause memory corruption, leading to a denial of service (Konqueror crash). (CVE-2009-0945) All users of kdegraphics should upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0945 http://lists.apple.com/archives/security-announce/2009/May/msg00000.html http://lists.apple.com/archives/security-announce/2009/May/msg00001.html http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html BugTraq ID: 34924 http://www.securityfocus.com/bid/34924 Bugtraq: 20090519 ZDI-09-022: Apple Safari Malformed SVGList Parsing Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/503594/100/0/threaded Cert/CC Advisory: TA09-133A http://www.us-cert.gov/cas/techalerts/TA09-133A.html Debian Security Information: DSA-1950 (Google Search) http://www.debian.org/security/2009/dsa-1950 https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00303.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html http://www.zerodayinitiative.com/advisories/ZDI-09-022 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11584 http://www.redhat.com/support/errata/RHSA-2009-1130.html http://www.securitytracker.com/id?1022207 http://secunia.com/advisories/35056 http://secunia.com/advisories/35074 http://secunia.com/advisories/35095 http://secunia.com/advisories/35576 http://secunia.com/advisories/35805 http://secunia.com/advisories/36062 http://secunia.com/advisories/36461 http://secunia.com/advisories/36790 http://secunia.com/advisories/37746 http://secunia.com/advisories/43068 SuSE Security Announcement: SUSE-SR:2011:002 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://www.ubuntu.com/usn/USN-822-1 https://usn.ubuntu.com/823-1/ http://www.ubuntu.com/usn/USN-836-1 http://www.ubuntu.com/usn/USN-857-1 http://www.vupen.com/english/advisories/2009/1297 http://www.vupen.com/english/advisories/2009/1298 http://www.vupen.com/english/advisories/2009/1321 http://www.vupen.com/english/advisories/2009/1621 http://www.vupen.com/english/advisories/2011/0212 XForce ISS Database: safari-webkit-svglist-bo(50477) https://exchange.xforce.ibmcloud.com/vulnerabilities/50477 Common Vulnerability Exposure (CVE) ID: CVE-2009-1709 http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html BugTraq ID: 35260 http://www.securityfocus.com/bid/35260 BugTraq ID: 35334 http://www.securityfocus.com/bid/35334 http://www.mandriva.com/security/advisories?name=MDVSA-2010:182 http://www.zerodayinitiative.com/advisories/ZDI-09-034/ http://osvdb.org/55013 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10162 http://securitytracker.com/id?1022345 http://secunia.com/advisories/35379 http://www.vupen.com/english/advisories/2009/1522
Copyright	Copyright (C) 2009 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.