[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1OvYxE-0007za-Nj@titan.mandriva.com>
Date: Tue, 14 Sep 2010 19:06:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:182 ] kdegraphics
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:182
http://www.mandriva.com/security/
_______________________________________________________________________
Package : kdegraphics
Date : September 14, 2010
Affected: 2008.0
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in kdegraphics (ksvg):
Use-after-free vulnerability in the garbage-collection implementation
in WebCore in WebKit in Apple Safari before 4.0 allows remote
attackers to execute arbitrary code or cause a denial of service
(heap corruption and application crash) via an SVG animation element,
related to SVG set objects, SVG marker elements, the targetElement
attribute, and unspecified caches. (CVE-2009-1709)
Packages for 2008.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1709
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
471f47fe7f457c626fd77fca6d664af1 2008.0/i586/kdegraphics-3.5.10-0.3mdv2008.0.i586.rpm
638df04d6fd8e814e5bccf2e6609be5e 2008.0/i586/kdegraphics-common-3.5.10-0.3mdv2008.0.i586.rpm
a6750900bb89c379de0dbccf58eb655d 2008.0/i586/kdegraphics-kcolorchooser-3.5.10-0.3mdv2008.0.i586.rpm
ff11bea7fa112944c270c98748fecfbb 2008.0/i586/kdegraphics-kcoloredit-3.5.10-0.3mdv2008.0.i586.rpm
5d8660d907db81dbe6238758232fc589 2008.0/i586/kdegraphics-kdvi-3.5.10-0.3mdv2008.0.i586.rpm
94a5b1f074b3878ad1924d22609d683e 2008.0/i586/kdegraphics-kfax-3.5.10-0.3mdv2008.0.i586.rpm
3bcad1f12d268896a93fbe22c8a6cf8d 2008.0/i586/kdegraphics-kghostview-3.5.10-0.3mdv2008.0.i586.rpm
932203c975f06c83c0762480e1fda2ae 2008.0/i586/kdegraphics-kiconedit-3.5.10-0.3mdv2008.0.i586.rpm
b1cd4d78f12ad4e11b68d3f12c91749a 2008.0/i586/kdegraphics-kolourpaint-3.5.10-0.3mdv2008.0.i586.rpm
95dcc8ead986122eb4680d67989ac51c 2008.0/i586/kdegraphics-kooka-3.5.10-0.3mdv2008.0.i586.rpm
932ae2193c84cc051bbe55058508c250 2008.0/i586/kdegraphics-kpdf-3.5.10-0.3mdv2008.0.i586.rpm
6922bcb6a13a0dd577715c8d6b375322 2008.0/i586/kdegraphics-kpovmodeler-3.5.10-0.3mdv2008.0.i586.rpm
1952127621e3bb8398dbcca1d13cc22e 2008.0/i586/kdegraphics-kruler-3.5.10-0.3mdv2008.0.i586.rpm
64cc740e330357b485f71cfa51bccf3d 2008.0/i586/kdegraphics-ksnapshot-3.5.10-0.3mdv2008.0.i586.rpm
8b247a6eeb6391b9a3631e60a07d8722 2008.0/i586/kdegraphics-ksvg-3.5.10-0.3mdv2008.0.i586.rpm
d45f01099fb15169e940535fe708de73 2008.0/i586/kdegraphics-kuickshow-3.5.10-0.3mdv2008.0.i586.rpm
7ee507dd2110fca8c4535dc791a584da 2008.0/i586/kdegraphics-kview-3.5.10-0.3mdv2008.0.i586.rpm
445631492084d06791e6003bd54d6222 2008.0/i586/kdegraphics-mrmlsearch-3.5.10-0.3mdv2008.0.i586.rpm
ca58f9549eba49942b4632e9b9c71a7d 2008.0/i586/libkdegraphics0-common-3.5.10-0.3mdv2008.0.i586.rpm
28b81e97ba02bf625ec6a164cd4f20d2 2008.0/i586/libkdegraphics0-common-devel-3.5.10-0.3mdv2008.0.i586.rpm
55991fbf2a4f30b42be0ee3ee7f17af0 2008.0/i586/libkdegraphics0-kghostview-3.5.10-0.3mdv2008.0.i586.rpm
12ad689af055d34637b0b9c6981c89fc 2008.0/i586/libkdegraphics0-kghostview-devel-3.5.10-0.3mdv2008.0.i586.rpm
c49ec0b24f583a97e1ac575f7bbc9ad1 2008.0/i586/libkdegraphics0-kooka-3.5.10-0.3mdv2008.0.i586.rpm
930d4bf4f5d25a6b2a38060632f0d673 2008.0/i586/libkdegraphics0-kooka-devel-3.5.10-0.3mdv2008.0.i586.rpm
22e39f8103b4adcc5bf487a036e83d69 2008.0/i586/libkdegraphics0-kpovmodeler-3.5.10-0.3mdv2008.0.i586.rpm
8dbc0fe503c2b93e088c8be1386eb193 2008.0/i586/libkdegraphics0-kpovmodeler-devel-3.5.10-0.3mdv2008.0.i586.rpm
a4b31f3a3ad7e1f3448a27c350e4e075 2008.0/i586/libkdegraphics0-ksvg-3.5.10-0.3mdv2008.0.i586.rpm
529f4485ca07efbb13aa6142df1c9f1d 2008.0/i586/libkdegraphics0-ksvg-devel-3.5.10-0.3mdv2008.0.i586.rpm
20cf6a5d8ac277e51a7a31caff9dd5b9 2008.0/i586/libkdegraphics0-kview-3.5.10-0.3mdv2008.0.i586.rpm
b9fe4f8a7e1a29b1972d6f5e10d6cf0c 2008.0/i586/libkdegraphics0-kview-devel-3.5.10-0.3mdv2008.0.i586.rpm
d967904fc04008cbcd08581b082bc133 2008.0/SRPMS/kdegraphics-3.5.10-0.3mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
f995438b3cf719995d1a73c0a50cdaaf 2008.0/x86_64/kdegraphics-3.5.10-0.3mdv2008.0.x86_64.rpm
2a5b125b04e5ef8ad43db2eef4b9ece8 2008.0/x86_64/kdegraphics-common-3.5.10-0.3mdv2008.0.x86_64.rpm
4194048ddbaaae2c51794d5e351106b1 2008.0/x86_64/kdegraphics-kcolorchooser-3.5.10-0.3mdv2008.0.x86_64.rpm
6f48cd361535e6160e321a354ef23817 2008.0/x86_64/kdegraphics-kcoloredit-3.5.10-0.3mdv2008.0.x86_64.rpm
bab4eb51dcd4ee42806875216d2ccf93 2008.0/x86_64/kdegraphics-kdvi-3.5.10-0.3mdv2008.0.x86_64.rpm
e84d65f8b025c3c68ccc8bd95d0c3b16 2008.0/x86_64/kdegraphics-kfax-3.5.10-0.3mdv2008.0.x86_64.rpm
b6243f48c5eead29fa871996a25b3e8c 2008.0/x86_64/kdegraphics-kghostview-3.5.10-0.3mdv2008.0.x86_64.rpm
30421b5bd6f7e0b67a3dd9f0d5c74a09 2008.0/x86_64/kdegraphics-kiconedit-3.5.10-0.3mdv2008.0.x86_64.rpm
982073503274c67111485b254fe72ef6 2008.0/x86_64/kdegraphics-kolourpaint-3.5.10-0.3mdv2008.0.x86_64.rpm
b6be63c044977ab63417c74aed0bf6a7 2008.0/x86_64/kdegraphics-kooka-3.5.10-0.3mdv2008.0.x86_64.rpm
9b4729dda5ff717274675188c29efc18 2008.0/x86_64/kdegraphics-kpdf-3.5.10-0.3mdv2008.0.x86_64.rpm
bb879319e20da5a889d4ac5269e4abf4 2008.0/x86_64/kdegraphics-kpovmodeler-3.5.10-0.3mdv2008.0.x86_64.rpm
ebe403ddf82e81a1df2a15969562bf1b 2008.0/x86_64/kdegraphics-kruler-3.5.10-0.3mdv2008.0.x86_64.rpm
7cc1e5abb2b3b78cccdceee465a1de61 2008.0/x86_64/kdegraphics-ksnapshot-3.5.10-0.3mdv2008.0.x86_64.rpm
2ceee537f22fb4bab200930cdc0a02df 2008.0/x86_64/kdegraphics-ksvg-3.5.10-0.3mdv2008.0.x86_64.rpm
37b47a799a660629dbc23e37b31a2ade 2008.0/x86_64/kdegraphics-kuickshow-3.5.10-0.3mdv2008.0.x86_64.rpm
228b1a276129e6396ab31f477c020782 2008.0/x86_64/kdegraphics-kview-3.5.10-0.3mdv2008.0.x86_64.rpm
77fd532817b84d7656e792b333a26b6c 2008.0/x86_64/kdegraphics-mrmlsearch-3.5.10-0.3mdv2008.0.x86_64.rpm
860389579b984e0cccc9b9cf172ed7ad 2008.0/x86_64/lib64kdegraphics0-common-3.5.10-0.3mdv2008.0.x86_64.rpm
a351c2673677d2c697673d9fd1668739 2008.0/x86_64/lib64kdegraphics0-common-devel-3.5.10-0.3mdv2008.0.x86_64.rpm
9a5c2f6e524f0adddf8236233ee44bf0 2008.0/x86_64/lib64kdegraphics0-kghostview-3.5.10-0.3mdv2008.0.x86_64.rpm
a231fd4f654e288c693d5234b7a114ac 2008.0/x86_64/lib64kdegraphics0-kghostview-devel-3.5.10-0.3mdv2008.0.x86_64.rpm
8c534896946226ab349a806625f5d0ed 2008.0/x86_64/lib64kdegraphics0-kooka-3.5.10-0.3mdv2008.0.x86_64.rpm
4ce0e7978cccbdf2a1d66e4dc78197be 2008.0/x86_64/lib64kdegraphics0-kooka-devel-3.5.10-0.3mdv2008.0.x86_64.rpm
d3be0874a77df32854fe4d30cd21d73c 2008.0/x86_64/lib64kdegraphics0-kpovmodeler-3.5.10-0.3mdv2008.0.x86_64.rpm
de8d6c3b53f3bac5f59dca08ae56a2c5 2008.0/x86_64/lib64kdegraphics0-kpovmodeler-devel-3.5.10-0.3mdv2008.0.x86_64.rpm
0e6f79e0ea995b46748e24be9f8c31ba 2008.0/x86_64/lib64kdegraphics0-ksvg-3.5.10-0.3mdv2008.0.x86_64.rpm
b70d1fe40c2133b95934e72d1a3c941f 2008.0/x86_64/lib64kdegraphics0-ksvg-devel-3.5.10-0.3mdv2008.0.x86_64.rpm
792c07ace7925b7134243876b02a0b5a 2008.0/x86_64/lib64kdegraphics0-kview-3.5.10-0.3mdv2008.0.x86_64.rpm
0f1edd9fe8031b68b9dc0a6d15a7c950 2008.0/x86_64/lib64kdegraphics0-kview-devel-3.5.10-0.3mdv2008.0.x86_64.rpm
d967904fc04008cbcd08581b082bc133 2008.0/SRPMS/kdegraphics-3.5.10-0.3mdv2008.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFMj3+pmqjQ0CJFipgRAl7+AKD1uXHNySl69Dc+UhRyjpbd4rYbUwCfe/WK
6Y1ITHYZFvaWJS71VpS9n5A=
=DF8i
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists