rhsa-2009_1130
Vulnerability from csaf_redhat
Published
2009-06-25 16:19
Modified
2024-11-22 02:52
Summary
Red Hat Security Advisory: kdegraphics security update
Notes
Topic
Updated kdegraphics packages that fix two security issues are now available
for Red Hat Enterprise Linux 5.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Details
The kdegraphics packages contain applications for the K Desktop Environment
(KDE). Scalable Vector Graphics (SVG) is an XML-based language to describe
vector images. KSVG is a framework aimed at implementing the latest W3C SVG
specifications.
A use-after-free flaw was found in the KDE KSVG animation element
implementation. A remote attacker could create a specially-crafted SVG
image, which once opened by an unsuspecting user, could cause a denial of
service (Konqueror crash) or, potentially, execute arbitrary code with the
privileges of the user running Konqueror. (CVE-2009-1709)
A NULL pointer dereference flaw was found in the KDE, KSVG SVGList
interface implementation. A remote attacker could create a
specially-crafted SVG image, which once opened by an unsuspecting user,
would cause memory corruption, leading to a denial of service (Konqueror
crash). (CVE-2009-0945)
All users of kdegraphics should upgrade to these updated packages, which
contain backported patches to correct these issues. The desktop must be
restarted (log out, then log back in) for this update to take effect.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated kdegraphics packages that fix two security issues are now available\nfor Red Hat Enterprise Linux 5.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.", "title": "Topic" }, { "category": "general", "text": "The kdegraphics packages contain applications for the K Desktop Environment\n(KDE). Scalable Vector Graphics (SVG) is an XML-based language to describe\nvector images. KSVG is a framework aimed at implementing the latest W3C SVG\nspecifications.\n\nA use-after-free flaw was found in the KDE KSVG animation element\nimplementation. A remote attacker could create a specially-crafted SVG\nimage, which once opened by an unsuspecting user, could cause a denial of\nservice (Konqueror crash) or, potentially, execute arbitrary code with the\nprivileges of the user running Konqueror. (CVE-2009-1709)\n\nA NULL pointer dereference flaw was found in the KDE, KSVG SVGList\ninterface implementation. A remote attacker could create a\nspecially-crafted SVG image, which once opened by an unsuspecting user,\nwould cause memory corruption, leading to a denial of service (Konqueror\ncrash). (CVE-2009-0945)\n\nAll users of kdegraphics should upgrade to these updated packages, which\ncontain backported patches to correct these issues. The desktop must be\nrestarted (log out, then log back in) for this update to take effect.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2009:1130", "url": "https://access.redhat.com/errata/RHSA-2009:1130" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#critical", "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "category": "external", "summary": "506246", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=506246" }, { "category": "external", "summary": "506703", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=506703" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1130.json" } ], "title": "Red Hat Security Advisory: kdegraphics security update", "tracking": { "current_release_date": "2024-11-22T02:52:03+00:00", "generator": { "date": "2024-11-22T02:52:03+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2009:1130", "initial_release_date": "2009-06-25T16:19:00+00:00", "revision_history": [ { "date": "2009-06-25T16:19:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2009-06-25T12:19:13+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T02:52:03+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", "product": { "name": "Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", "product_id": "5Server-DPAS", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_productivity:5" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop (v. 5 client)", "product": { "name": "Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:5::client" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product": { "name": "Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:5::client_workstation" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "kdegraphics-debuginfo-7:3.5.4-13.el5_3.x86_64", "product": { "name": "kdegraphics-debuginfo-7:3.5.4-13.el5_3.x86_64", "product_id": "kdegraphics-debuginfo-7:3.5.4-13.el5_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kdegraphics-debuginfo@3.5.4-13.el5_3?arch=x86_64\u0026epoch=7" } } }, { "category": "product_version", "name": "kdegraphics-devel-7:3.5.4-13.el5_3.x86_64", "product": { "name": "kdegraphics-devel-7:3.5.4-13.el5_3.x86_64", "product_id": "kdegraphics-devel-7:3.5.4-13.el5_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kdegraphics-devel@3.5.4-13.el5_3?arch=x86_64\u0026epoch=7" } } }, { "category": "product_version", "name": "kdegraphics-7:3.5.4-13.el5_3.x86_64", "product": { "name": "kdegraphics-7:3.5.4-13.el5_3.x86_64", "product_id": "kdegraphics-7:3.5.4-13.el5_3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kdegraphics@3.5.4-13.el5_3?arch=x86_64\u0026epoch=7" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "kdegraphics-debuginfo-7:3.5.4-13.el5_3.i386", "product": { "name": "kdegraphics-debuginfo-7:3.5.4-13.el5_3.i386", "product_id": "kdegraphics-debuginfo-7:3.5.4-13.el5_3.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/kdegraphics-debuginfo@3.5.4-13.el5_3?arch=i386\u0026epoch=7" } } }, { "category": "product_version", "name": "kdegraphics-devel-7:3.5.4-13.el5_3.i386", "product": { "name": "kdegraphics-devel-7:3.5.4-13.el5_3.i386", "product_id": "kdegraphics-devel-7:3.5.4-13.el5_3.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/kdegraphics-devel@3.5.4-13.el5_3?arch=i386\u0026epoch=7" } } }, { "category": "product_version", "name": "kdegraphics-7:3.5.4-13.el5_3.i386", "product": { "name": "kdegraphics-7:3.5.4-13.el5_3.i386", "product_id": "kdegraphics-7:3.5.4-13.el5_3.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/kdegraphics@3.5.4-13.el5_3?arch=i386\u0026epoch=7" } } } ], "category": "architecture", "name": "i386" }, { "branches": [ { "category": "product_version", "name": "kdegraphics-7:3.5.4-13.el5_3.src", "product": { "name": "kdegraphics-7:3.5.4-13.el5_3.src", "product_id": "kdegraphics-7:3.5.4-13.el5_3.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/kdegraphics@3.5.4-13.el5_3?arch=src\u0026epoch=7" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "kdegraphics-7:3.5.4-13.el5_3.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:kdegraphics-7:3.5.4-13.el5_3.i386" }, "product_reference": "kdegraphics-7:3.5.4-13.el5_3.i386", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "kdegraphics-7:3.5.4-13.el5_3.src as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:kdegraphics-7:3.5.4-13.el5_3.src" }, "product_reference": "kdegraphics-7:3.5.4-13.el5_3.src", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "kdegraphics-7:3.5.4-13.el5_3.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:kdegraphics-7:3.5.4-13.el5_3.x86_64" }, "product_reference": "kdegraphics-7:3.5.4-13.el5_3.x86_64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "kdegraphics-debuginfo-7:3.5.4-13.el5_3.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:kdegraphics-debuginfo-7:3.5.4-13.el5_3.i386" }, "product_reference": "kdegraphics-debuginfo-7:3.5.4-13.el5_3.i386", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "kdegraphics-debuginfo-7:3.5.4-13.el5_3.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:kdegraphics-debuginfo-7:3.5.4-13.el5_3.x86_64" }, "product_reference": "kdegraphics-debuginfo-7:3.5.4-13.el5_3.x86_64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "kdegraphics-devel-7:3.5.4-13.el5_3.i386 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:kdegraphics-devel-7:3.5.4-13.el5_3.i386" }, "product_reference": "kdegraphics-devel-7:3.5.4-13.el5_3.i386", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "kdegraphics-devel-7:3.5.4-13.el5_3.x86_64 as a component of Red Hat Enterprise Linux Desktop Workstation (v. 5 client)", "product_id": "5Client-Workstation:kdegraphics-devel-7:3.5.4-13.el5_3.x86_64" }, "product_reference": "kdegraphics-devel-7:3.5.4-13.el5_3.x86_64", "relates_to_product_reference": "5Client-Workstation" }, { "category": "default_component_of", "full_product_name": { "name": "kdegraphics-7:3.5.4-13.el5_3.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:kdegraphics-7:3.5.4-13.el5_3.i386" }, "product_reference": "kdegraphics-7:3.5.4-13.el5_3.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "kdegraphics-7:3.5.4-13.el5_3.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:kdegraphics-7:3.5.4-13.el5_3.src" }, "product_reference": "kdegraphics-7:3.5.4-13.el5_3.src", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "kdegraphics-7:3.5.4-13.el5_3.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:kdegraphics-7:3.5.4-13.el5_3.x86_64" }, "product_reference": "kdegraphics-7:3.5.4-13.el5_3.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "kdegraphics-debuginfo-7:3.5.4-13.el5_3.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:kdegraphics-debuginfo-7:3.5.4-13.el5_3.i386" }, "product_reference": "kdegraphics-debuginfo-7:3.5.4-13.el5_3.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "kdegraphics-debuginfo-7:3.5.4-13.el5_3.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:kdegraphics-debuginfo-7:3.5.4-13.el5_3.x86_64" }, "product_reference": "kdegraphics-debuginfo-7:3.5.4-13.el5_3.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "kdegraphics-devel-7:3.5.4-13.el5_3.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:kdegraphics-devel-7:3.5.4-13.el5_3.i386" }, "product_reference": "kdegraphics-devel-7:3.5.4-13.el5_3.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "kdegraphics-devel-7:3.5.4-13.el5_3.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:kdegraphics-devel-7:3.5.4-13.el5_3.x86_64" }, "product_reference": "kdegraphics-devel-7:3.5.4-13.el5_3.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "kdegraphics-7:3.5.4-13.el5_3.i386 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", "product_id": "5Server-DPAS:kdegraphics-7:3.5.4-13.el5_3.i386" }, "product_reference": "kdegraphics-7:3.5.4-13.el5_3.i386", "relates_to_product_reference": "5Server-DPAS" }, { "category": "default_component_of", "full_product_name": { "name": "kdegraphics-7:3.5.4-13.el5_3.src as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", "product_id": "5Server-DPAS:kdegraphics-7:3.5.4-13.el5_3.src" }, "product_reference": "kdegraphics-7:3.5.4-13.el5_3.src", "relates_to_product_reference": "5Server-DPAS" }, { "category": "default_component_of", "full_product_name": { "name": "kdegraphics-7:3.5.4-13.el5_3.x86_64 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", "product_id": "5Server-DPAS:kdegraphics-7:3.5.4-13.el5_3.x86_64" }, "product_reference": "kdegraphics-7:3.5.4-13.el5_3.x86_64", "relates_to_product_reference": "5Server-DPAS" }, { "category": "default_component_of", "full_product_name": { "name": "kdegraphics-debuginfo-7:3.5.4-13.el5_3.i386 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", "product_id": "5Server-DPAS:kdegraphics-debuginfo-7:3.5.4-13.el5_3.i386" }, "product_reference": "kdegraphics-debuginfo-7:3.5.4-13.el5_3.i386", "relates_to_product_reference": "5Server-DPAS" }, { "category": "default_component_of", "full_product_name": { "name": "kdegraphics-debuginfo-7:3.5.4-13.el5_3.x86_64 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", "product_id": "5Server-DPAS:kdegraphics-debuginfo-7:3.5.4-13.el5_3.x86_64" }, "product_reference": "kdegraphics-debuginfo-7:3.5.4-13.el5_3.x86_64", "relates_to_product_reference": "5Server-DPAS" }, { "category": "default_component_of", "full_product_name": { "name": "kdegraphics-devel-7:3.5.4-13.el5_3.i386 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", "product_id": "5Server-DPAS:kdegraphics-devel-7:3.5.4-13.el5_3.i386" }, "product_reference": "kdegraphics-devel-7:3.5.4-13.el5_3.i386", "relates_to_product_reference": "5Server-DPAS" }, { "category": "default_component_of", "full_product_name": { "name": "kdegraphics-devel-7:3.5.4-13.el5_3.x86_64 as a component of Red Hat Enterprise Linux Optional Productivity Applications (v. 5 server)", "product_id": "5Server-DPAS:kdegraphics-devel-7:3.5.4-13.el5_3.x86_64" }, "product_reference": "kdegraphics-devel-7:3.5.4-13.el5_3.x86_64", "relates_to_product_reference": "5Server-DPAS" } ] }, "vulnerabilities": [ { "cve": "CVE-2009-0945", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "discovery_date": "2009-05-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "506703" } ], "notes": [ { "category": "description", "text": "Array index error in the insertItemBefore method in WebKit, as used in Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the (1) SVGTransformList, (2) SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5) SVGPointList, or (6) SVGLengthList SVGList object, which triggers memory corruption.", "title": "Vulnerability description" }, { "category": "summary", "text": "kdegraphics: KSVG NULL-pointer dereference in the SVGList interface implementation (ACE)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-Workstation:kdegraphics-7:3.5.4-13.el5_3.i386", "5Client-Workstation:kdegraphics-7:3.5.4-13.el5_3.src", "5Client-Workstation:kdegraphics-7:3.5.4-13.el5_3.x86_64", "5Client-Workstation:kdegraphics-debuginfo-7:3.5.4-13.el5_3.i386", "5Client-Workstation:kdegraphics-debuginfo-7:3.5.4-13.el5_3.x86_64", "5Client-Workstation:kdegraphics-devel-7:3.5.4-13.el5_3.i386", "5Client-Workstation:kdegraphics-devel-7:3.5.4-13.el5_3.x86_64", "5Client:kdegraphics-7:3.5.4-13.el5_3.i386", "5Client:kdegraphics-7:3.5.4-13.el5_3.src", "5Client:kdegraphics-7:3.5.4-13.el5_3.x86_64", "5Client:kdegraphics-debuginfo-7:3.5.4-13.el5_3.i386", "5Client:kdegraphics-debuginfo-7:3.5.4-13.el5_3.x86_64", "5Client:kdegraphics-devel-7:3.5.4-13.el5_3.i386", "5Client:kdegraphics-devel-7:3.5.4-13.el5_3.x86_64", "5Server-DPAS:kdegraphics-7:3.5.4-13.el5_3.i386", "5Server-DPAS:kdegraphics-7:3.5.4-13.el5_3.src", "5Server-DPAS:kdegraphics-7:3.5.4-13.el5_3.x86_64", "5Server-DPAS:kdegraphics-debuginfo-7:3.5.4-13.el5_3.i386", "5Server-DPAS:kdegraphics-debuginfo-7:3.5.4-13.el5_3.x86_64", "5Server-DPAS:kdegraphics-devel-7:3.5.4-13.el5_3.i386", "5Server-DPAS:kdegraphics-devel-7:3.5.4-13.el5_3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-0945" }, { "category": "external", "summary": "RHBZ#506703", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=506703" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0945", "url": "https://www.cve.org/CVERecord?id=CVE-2009-0945" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0945", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0945" } ], "release_date": "2009-06-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-06-25T16:19:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client-Workstation:kdegraphics-7:3.5.4-13.el5_3.i386", "5Client-Workstation:kdegraphics-7:3.5.4-13.el5_3.src", "5Client-Workstation:kdegraphics-7:3.5.4-13.el5_3.x86_64", "5Client-Workstation:kdegraphics-debuginfo-7:3.5.4-13.el5_3.i386", "5Client-Workstation:kdegraphics-debuginfo-7:3.5.4-13.el5_3.x86_64", "5Client-Workstation:kdegraphics-devel-7:3.5.4-13.el5_3.i386", "5Client-Workstation:kdegraphics-devel-7:3.5.4-13.el5_3.x86_64", "5Client:kdegraphics-7:3.5.4-13.el5_3.i386", "5Client:kdegraphics-7:3.5.4-13.el5_3.src", "5Client:kdegraphics-7:3.5.4-13.el5_3.x86_64", "5Client:kdegraphics-debuginfo-7:3.5.4-13.el5_3.i386", "5Client:kdegraphics-debuginfo-7:3.5.4-13.el5_3.x86_64", "5Client:kdegraphics-devel-7:3.5.4-13.el5_3.i386", "5Client:kdegraphics-devel-7:3.5.4-13.el5_3.x86_64", "5Server-DPAS:kdegraphics-7:3.5.4-13.el5_3.i386", "5Server-DPAS:kdegraphics-7:3.5.4-13.el5_3.src", "5Server-DPAS:kdegraphics-7:3.5.4-13.el5_3.x86_64", "5Server-DPAS:kdegraphics-debuginfo-7:3.5.4-13.el5_3.i386", "5Server-DPAS:kdegraphics-debuginfo-7:3.5.4-13.el5_3.x86_64", "5Server-DPAS:kdegraphics-devel-7:3.5.4-13.el5_3.i386", "5Server-DPAS:kdegraphics-devel-7:3.5.4-13.el5_3.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1130" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-Workstation:kdegraphics-7:3.5.4-13.el5_3.i386", "5Client-Workstation:kdegraphics-7:3.5.4-13.el5_3.src", "5Client-Workstation:kdegraphics-7:3.5.4-13.el5_3.x86_64", "5Client-Workstation:kdegraphics-debuginfo-7:3.5.4-13.el5_3.i386", "5Client-Workstation:kdegraphics-debuginfo-7:3.5.4-13.el5_3.x86_64", "5Client-Workstation:kdegraphics-devel-7:3.5.4-13.el5_3.i386", "5Client-Workstation:kdegraphics-devel-7:3.5.4-13.el5_3.x86_64", "5Client:kdegraphics-7:3.5.4-13.el5_3.i386", "5Client:kdegraphics-7:3.5.4-13.el5_3.src", "5Client:kdegraphics-7:3.5.4-13.el5_3.x86_64", "5Client:kdegraphics-debuginfo-7:3.5.4-13.el5_3.i386", "5Client:kdegraphics-debuginfo-7:3.5.4-13.el5_3.x86_64", "5Client:kdegraphics-devel-7:3.5.4-13.el5_3.i386", "5Client:kdegraphics-devel-7:3.5.4-13.el5_3.x86_64", "5Server-DPAS:kdegraphics-7:3.5.4-13.el5_3.i386", "5Server-DPAS:kdegraphics-7:3.5.4-13.el5_3.src", "5Server-DPAS:kdegraphics-7:3.5.4-13.el5_3.x86_64", "5Server-DPAS:kdegraphics-debuginfo-7:3.5.4-13.el5_3.i386", "5Server-DPAS:kdegraphics-debuginfo-7:3.5.4-13.el5_3.x86_64", "5Server-DPAS:kdegraphics-devel-7:3.5.4-13.el5_3.i386", "5Server-DPAS:kdegraphics-devel-7:3.5.4-13.el5_3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "kdegraphics: KSVG NULL-pointer dereference in the SVGList interface implementation (ACE)" }, { "cve": "CVE-2009-1709", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2009-06-10T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "506246" } ], "notes": [ { "category": "description", "text": "Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via an SVG animation element, related to SVG set objects, SVG marker elements, the targetElement attribute, and unspecified \"caches.\"", "title": "Vulnerability description" }, { "category": "summary", "text": "kdegraphics: KSVG Pointer use-after-free error in the SVG animation element (DoS, ACE)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-Workstation:kdegraphics-7:3.5.4-13.el5_3.i386", "5Client-Workstation:kdegraphics-7:3.5.4-13.el5_3.src", "5Client-Workstation:kdegraphics-7:3.5.4-13.el5_3.x86_64", "5Client-Workstation:kdegraphics-debuginfo-7:3.5.4-13.el5_3.i386", "5Client-Workstation:kdegraphics-debuginfo-7:3.5.4-13.el5_3.x86_64", "5Client-Workstation:kdegraphics-devel-7:3.5.4-13.el5_3.i386", "5Client-Workstation:kdegraphics-devel-7:3.5.4-13.el5_3.x86_64", "5Client:kdegraphics-7:3.5.4-13.el5_3.i386", "5Client:kdegraphics-7:3.5.4-13.el5_3.src", "5Client:kdegraphics-7:3.5.4-13.el5_3.x86_64", "5Client:kdegraphics-debuginfo-7:3.5.4-13.el5_3.i386", "5Client:kdegraphics-debuginfo-7:3.5.4-13.el5_3.x86_64", "5Client:kdegraphics-devel-7:3.5.4-13.el5_3.i386", "5Client:kdegraphics-devel-7:3.5.4-13.el5_3.x86_64", "5Server-DPAS:kdegraphics-7:3.5.4-13.el5_3.i386", "5Server-DPAS:kdegraphics-7:3.5.4-13.el5_3.src", "5Server-DPAS:kdegraphics-7:3.5.4-13.el5_3.x86_64", "5Server-DPAS:kdegraphics-debuginfo-7:3.5.4-13.el5_3.i386", "5Server-DPAS:kdegraphics-debuginfo-7:3.5.4-13.el5_3.x86_64", "5Server-DPAS:kdegraphics-devel-7:3.5.4-13.el5_3.i386", "5Server-DPAS:kdegraphics-devel-7:3.5.4-13.el5_3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-1709" }, { "category": "external", "summary": "RHBZ#506246", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=506246" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-1709", "url": "https://www.cve.org/CVERecord?id=CVE-2009-1709" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1709", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1709" } ], "release_date": "2009-06-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-06-25T16:19:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "5Client-Workstation:kdegraphics-7:3.5.4-13.el5_3.i386", "5Client-Workstation:kdegraphics-7:3.5.4-13.el5_3.src", "5Client-Workstation:kdegraphics-7:3.5.4-13.el5_3.x86_64", "5Client-Workstation:kdegraphics-debuginfo-7:3.5.4-13.el5_3.i386", "5Client-Workstation:kdegraphics-debuginfo-7:3.5.4-13.el5_3.x86_64", "5Client-Workstation:kdegraphics-devel-7:3.5.4-13.el5_3.i386", "5Client-Workstation:kdegraphics-devel-7:3.5.4-13.el5_3.x86_64", "5Client:kdegraphics-7:3.5.4-13.el5_3.i386", "5Client:kdegraphics-7:3.5.4-13.el5_3.src", "5Client:kdegraphics-7:3.5.4-13.el5_3.x86_64", "5Client:kdegraphics-debuginfo-7:3.5.4-13.el5_3.i386", "5Client:kdegraphics-debuginfo-7:3.5.4-13.el5_3.x86_64", "5Client:kdegraphics-devel-7:3.5.4-13.el5_3.i386", "5Client:kdegraphics-devel-7:3.5.4-13.el5_3.x86_64", "5Server-DPAS:kdegraphics-7:3.5.4-13.el5_3.i386", "5Server-DPAS:kdegraphics-7:3.5.4-13.el5_3.src", "5Server-DPAS:kdegraphics-7:3.5.4-13.el5_3.x86_64", "5Server-DPAS:kdegraphics-debuginfo-7:3.5.4-13.el5_3.i386", "5Server-DPAS:kdegraphics-debuginfo-7:3.5.4-13.el5_3.x86_64", "5Server-DPAS:kdegraphics-devel-7:3.5.4-13.el5_3.i386", "5Server-DPAS:kdegraphics-devel-7:3.5.4-13.el5_3.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1130" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-Workstation:kdegraphics-7:3.5.4-13.el5_3.i386", "5Client-Workstation:kdegraphics-7:3.5.4-13.el5_3.src", "5Client-Workstation:kdegraphics-7:3.5.4-13.el5_3.x86_64", "5Client-Workstation:kdegraphics-debuginfo-7:3.5.4-13.el5_3.i386", "5Client-Workstation:kdegraphics-debuginfo-7:3.5.4-13.el5_3.x86_64", "5Client-Workstation:kdegraphics-devel-7:3.5.4-13.el5_3.i386", "5Client-Workstation:kdegraphics-devel-7:3.5.4-13.el5_3.x86_64", "5Client:kdegraphics-7:3.5.4-13.el5_3.i386", "5Client:kdegraphics-7:3.5.4-13.el5_3.src", "5Client:kdegraphics-7:3.5.4-13.el5_3.x86_64", "5Client:kdegraphics-debuginfo-7:3.5.4-13.el5_3.i386", "5Client:kdegraphics-debuginfo-7:3.5.4-13.el5_3.x86_64", "5Client:kdegraphics-devel-7:3.5.4-13.el5_3.i386", "5Client:kdegraphics-devel-7:3.5.4-13.el5_3.x86_64", "5Server-DPAS:kdegraphics-7:3.5.4-13.el5_3.i386", "5Server-DPAS:kdegraphics-7:3.5.4-13.el5_3.src", "5Server-DPAS:kdegraphics-7:3.5.4-13.el5_3.x86_64", "5Server-DPAS:kdegraphics-debuginfo-7:3.5.4-13.el5_3.i386", "5Server-DPAS:kdegraphics-debuginfo-7:3.5.4-13.el5_3.x86_64", "5Server-DPAS:kdegraphics-devel-7:3.5.4-13.el5_3.i386", "5Server-DPAS:kdegraphics-devel-7:3.5.4-13.el5_3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "kdegraphics: KSVG Pointer use-after-free error in the SVG animation element (DoS, ACE)" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.