_______________________________________________________________________
Package : kdegraphics
Date : December 10, 2009
Affected: Corporate 4.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities has been found and corrected in kdegraphics:
Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2
and earlier allow remote attackers to cause a denial of service
(crash) via a crafted PDF file, related to (1) setBitmap and (2)
readSymbolDictSeg (CVE-2009-0146).
Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and
earlier allow remote attackers to cause a denial of service (crash)
via a crafted PDF file (CVE-2009-0147).
The JBIG2 decoder in Xpdf 3.02pl2 and earlier allows remote attackers
to cause a denial of service (crash) via a crafted PDF file that
triggers a free of uninitialized memory (CVE-2009-0166).
Multiple integer overflows in the pdftops filter in CUPS 1.1.17,
1.1.22, and 1.3.7 allow remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a crafted
PDF file that triggers a heap-based buffer overflow, possibly
related to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c, (4)
JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE: the
JBIG2Stream.cxx vector may overlap CVE-2009-1179. (CVE-2009-0791).
Use-after-free vulnerability in the garbage-collection implementation
in WebCore in WebKit in Apple Safari before 4.0 allows remote
attackers to execute arbitrary code or cause a denial of service
(heap corruption and application crash) via an SVG animation element,
related to SVG set objects, SVG marker elements, the targetElement
attribute, and unspecified caches. (CVE-2009-1709).
WebKit, as used in Safari before 3.2.3 and 4 Public Beta, on Apple
Mac OS X 10.4.11 and 10.5 before 10.5.7 and Windows allows remote
attackers to execute arbitrary code via a crafted SVGList object that
triggers memory corruption (CVE-2009-0945).
This update provides a solution to this vulnerability.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-0146
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-0147
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-0166
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-0791
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-0945
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-1709
_______________________________________________________________________
[ MDVSA-2009:331 ] kdegraphics
Ensimmäinen lukematon viesti • 1 viesti
• Sivu 1/1
[ MDVSA-2009:331 ] kdegraphics
Kirjoittaja dude67 » 12 Joulu 2009, 17:43
1. Mageia-1 KDE4 x86_64 (& Win7 Pro) | desktop
2. Mageia-2 KDE4 (& Win7 Home Premium) | laptop Acer 7530
3. Mageia-1 KDE4 (& Win7 Starter) | Samsung NC-10 miniläppäri
4. Mageia-1 KDE4 | serverinä toimiva desktop
Luotettavaa Linux käyttöä jo Mandriva 2006.0:sta lähtien
-
dude67 - Site Admin
- Viestit: 2256
- Liittynyt: 27 Syys 2007, 16:58
- Paikkakunta: Espoo
1 viesti
• Sivu 1/1
Paluu Mandrivan turvallisuustiedotteet
Paikallaolijat
Käyttäjiä lukemassa tätä aluetta: Ei rekisteröityneitä käyttäjiä ja 45 vierailijaa