| Description: | Summary:
The remote host is missing an update to kdelibs3
announced via advisory FEDORA-2009-8020.
Note: This VT has been deprecated and is therefore no longer functional.
Vulnerability Insight:
Update Information:
This update fixes several security issues in the KDE 3 compatibility version of
KHTML (CVE-2009-1725, CVE-2009-1690, CVE-2009-1687, CVE-2009-1698,
CVE-2009-2537) which may lead to a denial of service or potentially even
arbitrary code execution. In addition, the package was fixed to build with
the latest version of automake, and the following fixes and improvements were
merged from the Fedora 11 package:
* slight speedup to /etc/profile.d/kde.sh,
* fixed unowned directories,
* fixed harmless (as the file contents match) file conflicts with KDE 4.2.x,
* fixed build with GCC 4.4 (but this package is built with Fedora 10's
GCC 4.3.2),
* moved Qt Designer plugins to the runtime package as they can be needed at
runtime (e.g. by PyKDE programs),
* kdelibs3-apidocs is now a noarch subpackage.
ChangeLog:
* Sun Jul 26 2009 Kevin Kofler - 3.5.10-13
- fix CVE-2009-2537 - select length DoS
- fix CVE-2009-1725 - crash, possible ACE in numeric character references
- fix CVE-2009-1690 - crash, possible ACE in KHTML ( use-after-free)
- fix CVE-2009-1687 - possible ACE in KJS (FIXME: still crashes?)
- fix CVE-2009-1698 - crash, possible ACE in CSS style attribute handling
* Fri Jul 24 2009 Fedora Release Engineering - 3.5.10-12
* Sat Jul 18 2009 Rex Dieter - 3.5.10-12
- FTBFS kdelibs3-3.5.10-11.fc11 (#511571)
- -devel: Requires: %{name}%_isa
Solution:
Apply the appropriate updates.
This update can be installed with the yum update program. Use
su -c 'yum update kdelibs3' at the command line.
CVSS Score:
9.3
CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
