lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1OvYxE-0007za-Nj@titan.mandriva.com>
Date: Tue, 14 Sep 2010 19:06:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:182 ] kdegraphics

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:182
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : kdegraphics
 Date    : September 14, 2010
 Affected: 2008.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in kdegraphics (ksvg):
 
 Use-after-free vulnerability in the garbage-collection implementation
 in WebCore in WebKit in Apple Safari before 4.0 allows remote
 attackers to execute arbitrary code or cause a denial of service
 (heap corruption and application crash) via an SVG animation element,
 related to SVG set objects, SVG marker elements, the targetElement
 attribute, and unspecified caches. (CVE-2009-1709)
 
 Packages for 2008.0 are provided as of the Extended Maintenance
 Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&products_id=490
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1709
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 471f47fe7f457c626fd77fca6d664af1  2008.0/i586/kdegraphics-3.5.10-0.3mdv2008.0.i586.rpm
 638df04d6fd8e814e5bccf2e6609be5e  2008.0/i586/kdegraphics-common-3.5.10-0.3mdv2008.0.i586.rpm
 a6750900bb89c379de0dbccf58eb655d  2008.0/i586/kdegraphics-kcolorchooser-3.5.10-0.3mdv2008.0.i586.rpm
 ff11bea7fa112944c270c98748fecfbb  2008.0/i586/kdegraphics-kcoloredit-3.5.10-0.3mdv2008.0.i586.rpm
 5d8660d907db81dbe6238758232fc589  2008.0/i586/kdegraphics-kdvi-3.5.10-0.3mdv2008.0.i586.rpm
 94a5b1f074b3878ad1924d22609d683e  2008.0/i586/kdegraphics-kfax-3.5.10-0.3mdv2008.0.i586.rpm
 3bcad1f12d268896a93fbe22c8a6cf8d  2008.0/i586/kdegraphics-kghostview-3.5.10-0.3mdv2008.0.i586.rpm
 932203c975f06c83c0762480e1fda2ae  2008.0/i586/kdegraphics-kiconedit-3.5.10-0.3mdv2008.0.i586.rpm
 b1cd4d78f12ad4e11b68d3f12c91749a  2008.0/i586/kdegraphics-kolourpaint-3.5.10-0.3mdv2008.0.i586.rpm
 95dcc8ead986122eb4680d67989ac51c  2008.0/i586/kdegraphics-kooka-3.5.10-0.3mdv2008.0.i586.rpm
 932ae2193c84cc051bbe55058508c250  2008.0/i586/kdegraphics-kpdf-3.5.10-0.3mdv2008.0.i586.rpm
 6922bcb6a13a0dd577715c8d6b375322  2008.0/i586/kdegraphics-kpovmodeler-3.5.10-0.3mdv2008.0.i586.rpm
 1952127621e3bb8398dbcca1d13cc22e  2008.0/i586/kdegraphics-kruler-3.5.10-0.3mdv2008.0.i586.rpm
 64cc740e330357b485f71cfa51bccf3d  2008.0/i586/kdegraphics-ksnapshot-3.5.10-0.3mdv2008.0.i586.rpm
 8b247a6eeb6391b9a3631e60a07d8722  2008.0/i586/kdegraphics-ksvg-3.5.10-0.3mdv2008.0.i586.rpm
 d45f01099fb15169e940535fe708de73  2008.0/i586/kdegraphics-kuickshow-3.5.10-0.3mdv2008.0.i586.rpm
 7ee507dd2110fca8c4535dc791a584da  2008.0/i586/kdegraphics-kview-3.5.10-0.3mdv2008.0.i586.rpm
 445631492084d06791e6003bd54d6222  2008.0/i586/kdegraphics-mrmlsearch-3.5.10-0.3mdv2008.0.i586.rpm
 ca58f9549eba49942b4632e9b9c71a7d  2008.0/i586/libkdegraphics0-common-3.5.10-0.3mdv2008.0.i586.rpm
 28b81e97ba02bf625ec6a164cd4f20d2  2008.0/i586/libkdegraphics0-common-devel-3.5.10-0.3mdv2008.0.i586.rpm
 55991fbf2a4f30b42be0ee3ee7f17af0  2008.0/i586/libkdegraphics0-kghostview-3.5.10-0.3mdv2008.0.i586.rpm
 12ad689af055d34637b0b9c6981c89fc  2008.0/i586/libkdegraphics0-kghostview-devel-3.5.10-0.3mdv2008.0.i586.rpm
 c49ec0b24f583a97e1ac575f7bbc9ad1  2008.0/i586/libkdegraphics0-kooka-3.5.10-0.3mdv2008.0.i586.rpm
 930d4bf4f5d25a6b2a38060632f0d673  2008.0/i586/libkdegraphics0-kooka-devel-3.5.10-0.3mdv2008.0.i586.rpm
 22e39f8103b4adcc5bf487a036e83d69  2008.0/i586/libkdegraphics0-kpovmodeler-3.5.10-0.3mdv2008.0.i586.rpm
 8dbc0fe503c2b93e088c8be1386eb193  2008.0/i586/libkdegraphics0-kpovmodeler-devel-3.5.10-0.3mdv2008.0.i586.rpm
 a4b31f3a3ad7e1f3448a27c350e4e075  2008.0/i586/libkdegraphics0-ksvg-3.5.10-0.3mdv2008.0.i586.rpm
 529f4485ca07efbb13aa6142df1c9f1d  2008.0/i586/libkdegraphics0-ksvg-devel-3.5.10-0.3mdv2008.0.i586.rpm
 20cf6a5d8ac277e51a7a31caff9dd5b9  2008.0/i586/libkdegraphics0-kview-3.5.10-0.3mdv2008.0.i586.rpm
 b9fe4f8a7e1a29b1972d6f5e10d6cf0c  2008.0/i586/libkdegraphics0-kview-devel-3.5.10-0.3mdv2008.0.i586.rpm 
 d967904fc04008cbcd08581b082bc133  2008.0/SRPMS/kdegraphics-3.5.10-0.3mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 f995438b3cf719995d1a73c0a50cdaaf  2008.0/x86_64/kdegraphics-3.5.10-0.3mdv2008.0.x86_64.rpm
 2a5b125b04e5ef8ad43db2eef4b9ece8  2008.0/x86_64/kdegraphics-common-3.5.10-0.3mdv2008.0.x86_64.rpm
 4194048ddbaaae2c51794d5e351106b1  2008.0/x86_64/kdegraphics-kcolorchooser-3.5.10-0.3mdv2008.0.x86_64.rpm
 6f48cd361535e6160e321a354ef23817  2008.0/x86_64/kdegraphics-kcoloredit-3.5.10-0.3mdv2008.0.x86_64.rpm
 bab4eb51dcd4ee42806875216d2ccf93  2008.0/x86_64/kdegraphics-kdvi-3.5.10-0.3mdv2008.0.x86_64.rpm
 e84d65f8b025c3c68ccc8bd95d0c3b16  2008.0/x86_64/kdegraphics-kfax-3.5.10-0.3mdv2008.0.x86_64.rpm
 b6243f48c5eead29fa871996a25b3e8c  2008.0/x86_64/kdegraphics-kghostview-3.5.10-0.3mdv2008.0.x86_64.rpm
 30421b5bd6f7e0b67a3dd9f0d5c74a09  2008.0/x86_64/kdegraphics-kiconedit-3.5.10-0.3mdv2008.0.x86_64.rpm
 982073503274c67111485b254fe72ef6  2008.0/x86_64/kdegraphics-kolourpaint-3.5.10-0.3mdv2008.0.x86_64.rpm
 b6be63c044977ab63417c74aed0bf6a7  2008.0/x86_64/kdegraphics-kooka-3.5.10-0.3mdv2008.0.x86_64.rpm
 9b4729dda5ff717274675188c29efc18  2008.0/x86_64/kdegraphics-kpdf-3.5.10-0.3mdv2008.0.x86_64.rpm
 bb879319e20da5a889d4ac5269e4abf4  2008.0/x86_64/kdegraphics-kpovmodeler-3.5.10-0.3mdv2008.0.x86_64.rpm
 ebe403ddf82e81a1df2a15969562bf1b  2008.0/x86_64/kdegraphics-kruler-3.5.10-0.3mdv2008.0.x86_64.rpm
 7cc1e5abb2b3b78cccdceee465a1de61  2008.0/x86_64/kdegraphics-ksnapshot-3.5.10-0.3mdv2008.0.x86_64.rpm
 2ceee537f22fb4bab200930cdc0a02df  2008.0/x86_64/kdegraphics-ksvg-3.5.10-0.3mdv2008.0.x86_64.rpm
 37b47a799a660629dbc23e37b31a2ade  2008.0/x86_64/kdegraphics-kuickshow-3.5.10-0.3mdv2008.0.x86_64.rpm
 228b1a276129e6396ab31f477c020782  2008.0/x86_64/kdegraphics-kview-3.5.10-0.3mdv2008.0.x86_64.rpm
 77fd532817b84d7656e792b333a26b6c  2008.0/x86_64/kdegraphics-mrmlsearch-3.5.10-0.3mdv2008.0.x86_64.rpm
 860389579b984e0cccc9b9cf172ed7ad  2008.0/x86_64/lib64kdegraphics0-common-3.5.10-0.3mdv2008.0.x86_64.rpm
 a351c2673677d2c697673d9fd1668739  2008.0/x86_64/lib64kdegraphics0-common-devel-3.5.10-0.3mdv2008.0.x86_64.rpm
 9a5c2f6e524f0adddf8236233ee44bf0  2008.0/x86_64/lib64kdegraphics0-kghostview-3.5.10-0.3mdv2008.0.x86_64.rpm
 a231fd4f654e288c693d5234b7a114ac  2008.0/x86_64/lib64kdegraphics0-kghostview-devel-3.5.10-0.3mdv2008.0.x86_64.rpm
 8c534896946226ab349a806625f5d0ed  2008.0/x86_64/lib64kdegraphics0-kooka-3.5.10-0.3mdv2008.0.x86_64.rpm
 4ce0e7978cccbdf2a1d66e4dc78197be  2008.0/x86_64/lib64kdegraphics0-kooka-devel-3.5.10-0.3mdv2008.0.x86_64.rpm
 d3be0874a77df32854fe4d30cd21d73c  2008.0/x86_64/lib64kdegraphics0-kpovmodeler-3.5.10-0.3mdv2008.0.x86_64.rpm
 de8d6c3b53f3bac5f59dca08ae56a2c5  2008.0/x86_64/lib64kdegraphics0-kpovmodeler-devel-3.5.10-0.3mdv2008.0.x86_64.rpm
 0e6f79e0ea995b46748e24be9f8c31ba  2008.0/x86_64/lib64kdegraphics0-ksvg-3.5.10-0.3mdv2008.0.x86_64.rpm
 b70d1fe40c2133b95934e72d1a3c941f  2008.0/x86_64/lib64kdegraphics0-ksvg-devel-3.5.10-0.3mdv2008.0.x86_64.rpm
 792c07ace7925b7134243876b02a0b5a  2008.0/x86_64/lib64kdegraphics0-kview-3.5.10-0.3mdv2008.0.x86_64.rpm
 0f1edd9fe8031b68b9dc0a6d15a7c950  2008.0/x86_64/lib64kdegraphics0-kview-devel-3.5.10-0.3mdv2008.0.x86_64.rpm 
 d967904fc04008cbcd08581b082bc133  2008.0/SRPMS/kdegraphics-3.5.10-0.3mdv2008.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFMj3+pmqjQ0CJFipgRAl7+AKD1uXHNySl69Dc+UhRyjpbd4rYbUwCfe/WK
6Y1ITHYZFvaWJS71VpS9n5A=
=DF8i
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ