Rapid7 Vulnerability & Exploit Database

RHSA-2009:1127: kdelibs security update

Back to Search

RHSA-2009:1127: kdelibs security update

Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
06/10/2009
Created
07/25/2018
Added
09/12/2009
Modified
07/04/2017

Description

The kdelibs packages provide libraries for the K Desktop Environment (KDE).A flaw was found in the way the KDE CSS parser handled content for theCSS "style" attribute. A remote attacker could create a specially-craftedCSS equipped HTML page, which once visited by an unsuspecting user, couldcause a denial of service (Konqueror crash) or, potentially, executearbitrary code with the privileges of the user running Konqueror.(CVE-2009-1698)A flaw was found in the way the KDE HTML parser handled content for theHTML "head" element. A remote attacker could create a specially-craftedHTML page, which once visited by an unsuspecting user, could cause a denialof service (Konqueror crash) or, potentially, execute arbitrary code withthe privileges of the user running Konqueror. (CVE-2009-1690)An integer overflow flaw, leading to a heap-based buffer overflow, wasfound in the way the KDE JavaScript garbage collector handled memoryallocation requests. A remote attacker could create a specially-craftedHTML page, which once visited by an unsuspecting user, could cause a denialof service (Konqueror crash) or, potentially, execute arbitrary code withthe privileges of the user running Konqueror. (CVE-2009-1687)Users should upgrade to these updated packages, which contain backportedpatches to correct these issues. The desktop must be restarted (log out,then log back in) for this update to take effect.

Solution(s)

  • redhat-upgrade-kdelibs
  • redhat-upgrade-kdelibs-apidocs
  • redhat-upgrade-kdelibs-devel

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;