Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.64282
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2009:1130
Summary:NOSUMMARY
Description:Description:
The remote host is missing updates announced in
advisory RHSA-2009:1130.

The kdegraphics packages contain applications for the K Desktop Environment
(KDE). Scalable Vector Graphics (SVG) is an XML-based language to describe
vector images. KSVG is a framework aimed at implementing the latest W3C SVG
specifications.

A use-after-free flaw was found in the KDE KSVG animation element
implementation. A remote attacker could create a specially-crafted SVG
image, which once opened by an unsuspecting user, could cause a denial of
service (Konqueror crash) or, potentially, execute arbitrary code with the
privileges of the user running Konqueror. (CVE-2009-1709)

A NULL pointer dereference flaw was found in the KDE, KSVG SVGList
interface implementation. A remote attacker could create a
specially-crafted SVG image, which once opened by an unsuspecting user,
would cause memory corruption, leading to a denial of service (Konqueror
crash). (CVE-2009-0945)

All users of kdegraphics should upgrade to these updated packages, which
contain backported patches to correct these issues. The desktop must be
restarted (log out, then log back in) for this update to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2009-1130.html
http://www.redhat.com/security/updates/classification/#critical

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-0945
http://lists.apple.com/archives/security-announce/2009/May/msg00000.html
http://lists.apple.com/archives/security-announce/2009/May/msg00001.html
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
BugTraq ID: 34924
http://www.securityfocus.com/bid/34924
Bugtraq: 20090519 ZDI-09-022: Apple Safari Malformed SVGList Parsing Code Execution Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/503594/100/0/threaded
Cert/CC Advisory: TA09-133A
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
Debian Security Information: DSA-1950 (Google Search)
http://www.debian.org/security/2009/dsa-1950
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00303.html
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html
http://www.zerodayinitiative.com/advisories/ZDI-09-022
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11584
http://www.redhat.com/support/errata/RHSA-2009-1130.html
http://www.securitytracker.com/id?1022207
http://secunia.com/advisories/35056
http://secunia.com/advisories/35074
http://secunia.com/advisories/35095
http://secunia.com/advisories/35576
http://secunia.com/advisories/35805
http://secunia.com/advisories/36062
http://secunia.com/advisories/36461
http://secunia.com/advisories/36790
http://secunia.com/advisories/37746
http://secunia.com/advisories/43068
SuSE Security Announcement: SUSE-SR:2011:002 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://www.ubuntu.com/usn/USN-822-1
https://usn.ubuntu.com/823-1/
http://www.ubuntu.com/usn/USN-836-1
http://www.ubuntu.com/usn/USN-857-1
http://www.vupen.com/english/advisories/2009/1297
http://www.vupen.com/english/advisories/2009/1298
http://www.vupen.com/english/advisories/2009/1321
http://www.vupen.com/english/advisories/2009/1621
http://www.vupen.com/english/advisories/2011/0212
XForce ISS Database: safari-webkit-svglist-bo(50477)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50477
Common Vulnerability Exposure (CVE) ID: CVE-2009-1709
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
BugTraq ID: 35260
http://www.securityfocus.com/bid/35260
BugTraq ID: 35334
http://www.securityfocus.com/bid/35334
http://www.mandriva.com/security/advisories?name=MDVSA-2010:182
http://www.zerodayinitiative.com/advisories/ZDI-09-034/
http://osvdb.org/55013
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10162
http://securitytracker.com/id?1022345
http://secunia.com/advisories/35379
http://www.vupen.com/english/advisories/2009/1522
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.