Test ID:	1.3.6.1.4.1.25623.1.0.64778
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-822-1)
Summary:	The remote host is missing an update for the 'kde4libs, kdelibs' package(s) announced via the USN-822-1 advisory.
Description:	Summary: The remote host is missing an update for the 'kde4libs, kdelibs' package(s) announced via the USN-822-1 advisory. Vulnerability Insight: It was discovered that KDE-Libs did not properly handle certain malformed SVG images. If a user were tricked into opening a specially crafted SVG image, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 9.04. (CVE-2009-0945) It was discovered that the KDE JavaScript garbage collector did not properly handle memory allocation failures. If a user were tricked into viewing a malicious website, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1687) It was discovered that KDE-Libs did not properly handle HTML content in the head element. If a user were tricked into viewing a malicious website, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1690) It was discovered that KDE-Libs did not properly handle the Cascading Style Sheets (CSS) attr function call. If a user were tricked into viewing a malicious website, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-1698) Affected Software/OS: 'kde4libs, kdelibs' package(s) on Ubuntu 8.04, Ubuntu 8.10, Ubuntu 9.04. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0945 http://lists.apple.com/archives/security-announce/2009/May/msg00000.html http://lists.apple.com/archives/security-announce/2009/May/msg00001.html http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html BugTraq ID: 34924 http://www.securityfocus.com/bid/34924 Bugtraq: 20090519 ZDI-09-022: Apple Safari Malformed SVGList Parsing Code Execution Vulnerability (Google Search) http://www.securityfocus.com/archive/1/503594/100/0/threaded Cert/CC Advisory: TA09-133A http://www.us-cert.gov/cas/techalerts/TA09-133A.html Debian Security Information: DSA-1950 (Google Search) http://www.debian.org/security/2009/dsa-1950 https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00303.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01177.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01196.html http://www.zerodayinitiative.com/advisories/ZDI-09-022 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11584 http://www.redhat.com/support/errata/RHSA-2009-1130.html http://www.securitytracker.com/id?1022207 http://secunia.com/advisories/35056 http://secunia.com/advisories/35074 http://secunia.com/advisories/35095 http://secunia.com/advisories/35576 http://secunia.com/advisories/35805 http://secunia.com/advisories/36062 http://secunia.com/advisories/36461 http://secunia.com/advisories/36790 http://secunia.com/advisories/37746 http://secunia.com/advisories/43068 SuSE Security Announcement: SUSE-SR:2011:002 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://www.ubuntu.com/usn/USN-822-1 https://usn.ubuntu.com/823-1/ http://www.ubuntu.com/usn/USN-836-1 http://www.ubuntu.com/usn/USN-857-1 http://www.vupen.com/english/advisories/2009/1297 http://www.vupen.com/english/advisories/2009/1298 http://www.vupen.com/english/advisories/2009/1321 http://www.vupen.com/english/advisories/2009/1621 http://www.vupen.com/english/advisories/2011/0212 XForce ISS Database: safari-webkit-svglist-bo(50477) https://exchange.xforce.ibmcloud.com/vulnerabilities/50477 Common Vulnerability Exposure (CVE) ID: CVE-2009-1687 http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html BugTraq ID: 35260 http://www.securityfocus.com/bid/35260 BugTraq ID: 35309 http://www.securityfocus.com/bid/35309 https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01200.html https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01199.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:330 http://osvdb.org/54985 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10260 http://securitytracker.com/id?1022345 http://secunia.com/advisories/35379 http://secunia.com/advisories/36057 http://www.vupen.com/english/advisories/2009/1522 Common Vulnerability Exposure (CVE) ID: CVE-2009-1690 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=803 http://osvdb.org/54990 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11009 Common Vulnerability Exposure (CVE) ID: CVE-2009-1698 BugTraq ID: 35318 http://www.securityfocus.com/bid/35318 Bugtraq: 20090608 ZDI-09-032: Apple WebKit attr() Invalid Attribute Memory Corruption Vulnerability (Google Search) http://www.securityfocus.com/archive/1/504173/100/0/threaded Bugtraq: 20090614 [TZO-37-2009] Apple Safari <v4 Remote code execution (Google Search) http://www.securityfocus.com/archive/1/504295/100/0/threaded http://blog.zoller.lu/2009/05/advisory-apple-safari-remote-code.html http://www.zerodayinitiative.com/advisories/ZDI-09-032/ http://osvdb.org/55006 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9484 http://www.redhat.com/support/errata/RHSA-2009-1128.html http://secunia.com/advisories/35588
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.