ID

VAR-200901-0719

CVE

CVE-2009-1709

TITLE

Apple Safari of WebKit Vulnerable to arbitrary code execution related to garbage collection implementation

DESCRIPTION

Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via an SVG animation element, related to SVG set objects, SVG marker elements, the targetElement attribute, and unspecified "caches.". This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.The specific flaw exists in the garbage collection of JavaScript set elements in WebCore. When an SVG set object is appended to an SVG marker element that is dereferenced, calls to the targetElement attribute will fail to reference count the marker element. When the set element is appended to another object, subsequent calls to the targetElement attribute will result in a heap corruption which can be leveraged to execute arbitrary code under the context of the current user. WebKit is prone to a remote code-execution vulnerability. Failed exploit attempts will result in a denial-of-service condition. NOTE: This issue was previously covered in BID 35260 (Apple Safari Prior to 4.0 Multiple Security Vulnerabilities), but has been assigned its own record to better document it. WebKit is an open source web browser engine currently used by browsers such as Safari and Chrome. =========================================================== Ubuntu Security Notice USN-823-1 August 24, 2009 kdegraphics vulnerabilities CVE-2009-0945, CVE-2009-1709 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: ksvg 4:3.5.10-0ubuntu1~hardy1.1 After a standard system upgrade you need to restart your session to effect the necessary changes. Details follow: It was discovered that KDE-Graphics did not properly handle certain malformed SVG images. Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kdegraphics_3.5.10-0ubuntu1~hardy1.1.diff.gz Size/MD5: 855597 2ce6d700dbb5c1ed0adfd4d1264713ea http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kdegraphics_3.5.10-0ubuntu1~hardy1.1.dsc Size/MD5: 1523 3f59822daa292354c1a068b20e6d4d11 http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kdegraphics_3.5.10.orig.tar.gz Size/MD5: 9033567 a5df57c0533ba1978ba7f5c375f3b8e2 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kdegraphics-doc-html_3.5.10-0ubuntu1~hardy1.1_all.deb Size/MD5: 148228 8c48a5c6e73f61613275d4c322740761 http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kdegraphics_3.5.10-0ubuntu1~hardy1.1_all.deb Size/MD5: 15676 9754496d16002d753df1faf142146983 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kamera_3.5.10-0ubuntu1~hardy1.1_amd64.deb Size/MD5: 91118 abef1540cdffd100731aa22dd8c3b347 http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kdegraphics-dbg_3.5.10-0ubuntu1~hardy1.1_amd64.deb Size/MD5: 24851972 c6eab2f11115d68fd401092efd9ba0ec http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kdegraphics-dev_3.5.10-0ubuntu1~hardy1.1_amd64.deb Size/MD5: 81740 e14c17a3bed21e88bcb41bbb471251ae http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.10-0ubuntu1~hardy1.1_amd64.deb Size/MD5: 301554 23fa6907d9f6a78973c519f2c29eddeb http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kfaxview_3.5.10-0ubuntu1~hardy1.1_amd64.deb Size/MD5: 99112 b26131b0a1db75624913df503413eb35 http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kghostview_3.5.10-0ubuntu1~hardy1.1_amd64.deb Size/MD5: 241582 d79b4abf45b1120153231888e9369b27 http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kmrml_3.5.10-0ubuntu1~hardy1.1_amd64.deb Size/MD5: 243856 4617f4efe70c3d2334dbf3815b26b080 http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kooka_3.5.10-0ubuntu1~hardy1.1_amd64.deb Size/MD5: 756496 fe6b36367b8160192d243f44c8d7959c http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kpdf_3.5.10-0ubuntu1~hardy1.1_amd64.deb Size/MD5: 349032 951323e154abeb8ff0b1d5990a3356d9 http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kpovmodeler_3.5.10-0ubuntu1~hardy1.1_amd64.deb Size/MD5: 2341164 898b02269693c1dc9d4e85eacdb991fe http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/ksnapshot_3.5.10-0ubuntu1~hardy1.1_amd64.deb Size/MD5: 174080 f880c10ee8abcc5971d4d71cfbd5a789 http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/ksvg_3.5.10-0ubuntu1~hardy1.1_amd64.deb Size/MD5: 1280720 6a2768a71394f74ed4fdd8b154014fb7 http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kview_3.5.10-0ubuntu1~hardy1.1_amd64.deb Size/MD5: 428970 ccc8c86963b89ac3f806ff0b915ac6b8 http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kviewshell_3.5.10-0ubuntu1~hardy1.1_amd64.deb Size/MD5: 846094 ecda53751ab05f59428df9db44d153b9 http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/libkscan-dev_3.5.10-0ubuntu1~hardy1.1_amd64.deb Size/MD5: 1844 7066cb7dd5bc5b52a4f8579e23b8c1fc http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/libkscan1_3.5.10-0ubuntu1~hardy1.1_amd64.deb Size/MD5: 142682 04d14b576294367b82cf7f3dcbd0ca61 http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kcoloredit_3.5.10-0ubuntu1~hardy1.1_amd64.deb Size/MD5: 108744 4f59b8fbd87d2e2c2dd12f02dee15893 http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kdvi_3.5.10-0ubuntu1~hardy1.1_amd64.deb Size/MD5: 525376 f259112b9c05caa00de335b5fc2a4e35 http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kfax_3.5.10-0ubuntu1~hardy1.1_amd64.deb Size/MD5: 147818 42b1730925c9d53e51ede12887eb60da http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kgamma_3.5.10-0ubuntu1~hardy1.1_amd64.deb Size/MD5: 77926 56d949ef7c22725ea10e798d09b570d8 http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kiconedit_3.5.10-0ubuntu1~hardy1.1_amd64.deb Size/MD5: 183782 6eaef2a0b5dfea5c277681eae394389f http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kolourpaint_3.5.10-0ubuntu1~hardy1.1_amd64.deb Size/MD5: 1105220 4f71d3e5e84648b2f8fb662c7bdd8721 http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kruler_3.5.10-0ubuntu1~hardy1.1_amd64.deb Size/MD5: 65914 c2a4c7ef659d47bcac41429c81e8035e i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kamera_3.5.10-0ubuntu1~hardy1.1_i386.deb Size/MD5: 85788 53be85a3920683eda23b432f57acd796 http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kdegraphics-dbg_3.5.10-0ubuntu1~hardy1.1_i386.deb Size/MD5: 24304626 2b3be6612267da16ab97b35e89b9471b http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kdegraphics-dev_3.5.10-0ubuntu1~hardy1.1_i386.deb Size/MD5: 81748 7e9a1ca18216f45cb27d3b11d45f09bb http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.10-0ubuntu1~hardy1.1_i386.deb Size/MD5: 257800 95f21ec8cf903152c389d7a2e7cf48f6 http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kfaxview_3.5.10-0ubuntu1~hardy1.1_i386.deb Size/MD5: 94336 768adaaa0d41b35b86045017f37cde7d http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kghostview_3.5.10-0ubuntu1~hardy1.1_i386.deb Size/MD5: 230324 b22891898ec973c4e86c4622b8e18f91 http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kmrml_3.5.10-0ubuntu1~hardy1.1_i386.deb Size/MD5: 219756 517cfb5a18459f7f67df3f7bd0755a48 http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kooka_3.5.10-0ubuntu1~hardy1.1_i386.deb Size/MD5: 740916 8a45e2620184dd7eacf8eafcfe4f660d http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kpdf_3.5.10-0ubuntu1~hardy1.1_i386.deb Size/MD5: 330956 68041c2a4e20586ac770877585b5d77e http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kpovmodeler_3.5.10-0ubuntu1~hardy1.1_i386.deb Size/MD5: 2204438 240cba9a4bcb16ba9237297e02614857 http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/ksnapshot_3.5.10-0ubuntu1~hardy1.1_i386.deb Size/MD5: 170214 53c2b16e78f9e398158a7111d1ad11df http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/ksvg_3.5.10-0ubuntu1~hardy1.1_i386.deb Size/MD5: 1239112 53012b575051578597258b126dff3b49 http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kview_3.5.10-0ubuntu1~hardy1.1_i386.deb Size/MD5: 387384 b56cb31d40f545c88100bfa030ae0ab9 http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/kviewshell_3.5.10-0ubuntu1~hardy1.1_i386.deb Size/MD5: 776140 d848385988e6b5bc513e4d12f4d7af82 http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/libkscan-dev_3.5.10-0ubuntu1~hardy1.1_i386.deb Size/MD5: 1842 b20aa9d301448add14cb5c9c5457b979 http://security.ubuntu.com/ubuntu/pool/main/k/kdegraphics/libkscan1_3.5.10-0ubuntu1~hardy1.1_i386.deb Size/MD5: 130190 b26befcc538142491521783fc01aacef http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kcoloredit_3.5.10-0ubuntu1~hardy1.1_i386.deb Size/MD5: 100774 105aace69481c23b1a5b735324411da0 http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kdvi_3.5.10-0ubuntu1~hardy1.1_i386.deb Size/MD5: 511044 fccefc6eeed48f4366be4940da3964fe http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kfax_3.5.10-0ubuntu1~hardy1.1_i386.deb Size/MD5: 143354 908f3178d759ecf90ff53131ec9d67a6 http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kgamma_3.5.10-0ubuntu1~hardy1.1_i386.deb Size/MD5: 74352 bc89f12091e5a09fc267f540b5245c2f http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kiconedit_3.5.10-0ubuntu1~hardy1.1_i386.deb Size/MD5: 172366 25c5a1925b01d6ffd3ee9c02a17a8fc4 http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kolourpaint_3.5.10-0ubuntu1~hardy1.1_i386.deb Size/MD5: 1064362 1851b039bac9321ca8f5e0e052e58b99 http://security.ubuntu.com/ubuntu/pool/universe/k/kdegraphics/kruler_3.5.10-0ubuntu1~hardy1.1_i386.deb Size/MD5: 64086 5c64a636e7acbcf6cd11162764950d3b lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/k/kdegraphics/kamera_3.5.10-0ubuntu1~hardy1.1_lpia.deb Size/MD5: 86070 5dc2774b81dddd388cde34c5d4ca0ddb http://ports.ubuntu.com/pool/main/k/kdegraphics/kdegraphics-dbg_3.5.10-0ubuntu1~hardy1.1_lpia.deb Size/MD5: 24351384 15a94944aeb9304e179348be29381238 http://ports.ubuntu.com/pool/main/k/kdegraphics/kdegraphics-dev_3.5.10-0ubuntu1~hardy1.1_lpia.deb Size/MD5: 81752 3030ff1d36cfe6ca7f861f8be8683e97 http://ports.ubuntu.com/pool/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.10-0ubuntu1~hardy1.1_lpia.deb Size/MD5: 258026 fc8db1d46249b1fcee9bb847863bb835 http://ports.ubuntu.com/pool/main/k/kdegraphics/kfaxview_3.5.10-0ubuntu1~hardy1.1_lpia.deb Size/MD5: 94502 420687d63f968021285df74ad432fdd6 http://ports.ubuntu.com/pool/main/k/kdegraphics/kghostview_3.5.10-0ubuntu1~hardy1.1_lpia.deb Size/MD5: 228460 0df599c4953a42cb9af25095ecd73968 http://ports.ubuntu.com/pool/main/k/kdegraphics/kmrml_3.5.10-0ubuntu1~hardy1.1_lpia.deb Size/MD5: 218950 c20e72957108373ec48c91b7fa8e8767 http://ports.ubuntu.com/pool/main/k/kdegraphics/kooka_3.5.10-0ubuntu1~hardy1.1_lpia.deb Size/MD5: 742730 5803e967672c4f199be5e8a322ca6960 http://ports.ubuntu.com/pool/main/k/kdegraphics/kpdf_3.5.10-0ubuntu1~hardy1.1_lpia.deb Size/MD5: 330260 0984f2faadeda3c0c81527a93ec25ef3 http://ports.ubuntu.com/pool/main/k/kdegraphics/kpovmodeler_3.5.10-0ubuntu1~hardy1.1_lpia.deb Size/MD5: 2201702 17148aab651d8b05e4c93bf0f2d391c4 http://ports.ubuntu.com/pool/main/k/kdegraphics/ksnapshot_3.5.10-0ubuntu1~hardy1.1_lpia.deb Size/MD5: 169790 5ea61da51979d8f9924c7916cf780178 http://ports.ubuntu.com/pool/main/k/kdegraphics/ksvg_3.5.10-0ubuntu1~hardy1.1_lpia.deb Size/MD5: 1233850 48432d230e652ea2cde954cc45c9c28e http://ports.ubuntu.com/pool/main/k/kdegraphics/kview_3.5.10-0ubuntu1~hardy1.1_lpia.deb Size/MD5: 384086 207ba362f7e4239b55b2dac3046858a0 http://ports.ubuntu.com/pool/main/k/kdegraphics/kviewshell_3.5.10-0ubuntu1~hardy1.1_lpia.deb Size/MD5: 776560 1d201d86fbeea107b2aad2cb2400fc37 http://ports.ubuntu.com/pool/main/k/kdegraphics/libkscan-dev_3.5.10-0ubuntu1~hardy1.1_lpia.deb Size/MD5: 1842 8df7be1bc072ba4ff273b03c5b19e819 http://ports.ubuntu.com/pool/main/k/kdegraphics/libkscan1_3.5.10-0ubuntu1~hardy1.1_lpia.deb Size/MD5: 129570 64052cec559b5767aade626217b8bcd7 http://ports.ubuntu.com/pool/universe/k/kdegraphics/kcoloredit_3.5.10-0ubuntu1~hardy1.1_lpia.deb Size/MD5: 101256 e3658bf00d56721d2da85ca3660a506b http://ports.ubuntu.com/pool/universe/k/kdegraphics/kdvi_3.5.10-0ubuntu1~hardy1.1_lpia.deb Size/MD5: 513070 54020e97a43eede6b305de18200a2488 http://ports.ubuntu.com/pool/universe/k/kdegraphics/kfax_3.5.10-0ubuntu1~hardy1.1_lpia.deb Size/MD5: 144298 2034357eddd9a4cb52f8f54e5561ba63 http://ports.ubuntu.com/pool/universe/k/kdegraphics/kgamma_3.5.10-0ubuntu1~hardy1.1_lpia.deb Size/MD5: 74600 ed7e4c54a488bb79332d64a045accf98 http://ports.ubuntu.com/pool/universe/k/kdegraphics/kiconedit_3.5.10-0ubuntu1~hardy1.1_lpia.deb Size/MD5: 172846 d5a69b17755c86f324fec2246bccc87d http://ports.ubuntu.com/pool/universe/k/kdegraphics/kolourpaint_3.5.10-0ubuntu1~hardy1.1_lpia.deb Size/MD5: 1064046 017762a5bebef4487f39a366d1cad312 http://ports.ubuntu.com/pool/universe/k/kdegraphics/kruler_3.5.10-0ubuntu1~hardy1.1_lpia.deb Size/MD5: 63990 5c84f27036378f9af9433ac37cc974cf powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/k/kdegraphics/kamera_3.5.10-0ubuntu1~hardy1.1_powerpc.deb Size/MD5: 91948 e0bb55a2bdb1d154998fe9c7134aeef0 http://ports.ubuntu.com/pool/main/k/kdegraphics/kdegraphics-dbg_3.5.10-0ubuntu1~hardy1.1_powerpc.deb Size/MD5: 25632492 982599c525a707753babdba69be52942 http://ports.ubuntu.com/pool/main/k/kdegraphics/kdegraphics-dev_3.5.10-0ubuntu1~hardy1.1_powerpc.deb Size/MD5: 81758 dc2736841857f69cc382449c9e32393c http://ports.ubuntu.com/pool/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.10-0ubuntu1~hardy1.1_powerpc.deb Size/MD5: 336510 d20fb086662c92a1a85c46e99f90969b http://ports.ubuntu.com/pool/main/k/kdegraphics/kfaxview_3.5.10-0ubuntu1~hardy1.1_powerpc.deb Size/MD5: 102892 4f46136b41f2113c5fee391205d9d71c http://ports.ubuntu.com/pool/main/k/kdegraphics/kghostview_3.5.10-0ubuntu1~hardy1.1_powerpc.deb Size/MD5: 240014 4958424bfb1e78f61cbe23dad1ad167d http://ports.ubuntu.com/pool/main/k/kdegraphics/kmrml_3.5.10-0ubuntu1~hardy1.1_powerpc.deb Size/MD5: 247146 493a10260793626081a521296f7be5ee http://ports.ubuntu.com/pool/main/k/kdegraphics/kooka_3.5.10-0ubuntu1~hardy1.1_powerpc.deb Size/MD5: 755698 c7bc281bfdab14b32f10599ef88b3c7c http://ports.ubuntu.com/pool/main/k/kdegraphics/kpdf_3.5.10-0ubuntu1~hardy1.1_powerpc.deb Size/MD5: 350586 5cfa544547a2d3c9045d4cb35d302ae5 http://ports.ubuntu.com/pool/main/k/kdegraphics/kpovmodeler_3.5.10-0ubuntu1~hardy1.1_powerpc.deb Size/MD5: 2301042 ad7f27f34aafe49fe1c2997e3f75ea49 http://ports.ubuntu.com/pool/main/k/kdegraphics/ksnapshot_3.5.10-0ubuntu1~hardy1.1_powerpc.deb Size/MD5: 176980 6c7197638796a81c6e6464e96b9c575d http://ports.ubuntu.com/pool/main/k/kdegraphics/ksvg_3.5.10-0ubuntu1~hardy1.1_powerpc.deb Size/MD5: 1335906 3cb7c32d633955d3dd5c8d78b9f8c93e http://ports.ubuntu.com/pool/main/k/kdegraphics/kview_3.5.10-0ubuntu1~hardy1.1_powerpc.deb Size/MD5: 443116 a07748f9ebe7156f4513138395f17aa2 http://ports.ubuntu.com/pool/main/k/kdegraphics/kviewshell_3.5.10-0ubuntu1~hardy1.1_powerpc.deb Size/MD5: 831266 e95881ef6279a70b3ec7aa1fa10231ae http://ports.ubuntu.com/pool/main/k/kdegraphics/libkscan-dev_3.5.10-0ubuntu1~hardy1.1_powerpc.deb Size/MD5: 1844 99b1bf1059675540d7765898c26dbff3 http://ports.ubuntu.com/pool/main/k/kdegraphics/libkscan1_3.5.10-0ubuntu1~hardy1.1_powerpc.deb Size/MD5: 137596 ecb9f47360d9a8518a3262fb7b3c8f78 http://ports.ubuntu.com/pool/universe/k/kdegraphics/kcoloredit_3.5.10-0ubuntu1~hardy1.1_powerpc.deb Size/MD5: 111332 c3243de9d689a670cbc45f27c31c8524 http://ports.ubuntu.com/pool/universe/k/kdegraphics/kdvi_3.5.10-0ubuntu1~hardy1.1_powerpc.deb Size/MD5: 529446 af7a701269708c45bfdb07de5594d901 http://ports.ubuntu.com/pool/universe/k/kdegraphics/kfax_3.5.10-0ubuntu1~hardy1.1_powerpc.deb Size/MD5: 150738 7a016034d38ddde02edca41118c794bd http://ports.ubuntu.com/pool/universe/k/kdegraphics/kgamma_3.5.10-0ubuntu1~hardy1.1_powerpc.deb Size/MD5: 79102 a82657bbda43c62efc264f0bc208ee5a http://ports.ubuntu.com/pool/universe/k/kdegraphics/kiconedit_3.5.10-0ubuntu1~hardy1.1_powerpc.deb Size/MD5: 184020 457c16d19ed7410f817037fb58a1255b http://ports.ubuntu.com/pool/universe/k/kdegraphics/kolourpaint_3.5.10-0ubuntu1~hardy1.1_powerpc.deb Size/MD5: 1078896 962a7d823a4661745503cf7cad02c20d http://ports.ubuntu.com/pool/universe/k/kdegraphics/kruler_3.5.10-0ubuntu1~hardy1.1_powerpc.deb Size/MD5: 67866 3e4c53ef4cde081bf9f574f2519def1e sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/k/kdegraphics/kamera_3.5.10-0ubuntu1~hardy1.1_sparc.deb Size/MD5: 83866 cbaa71c066561b83a323af6a590664d7 http://ports.ubuntu.com/pool/main/k/kdegraphics/kdegraphics-dbg_3.5.10-0ubuntu1~hardy1.1_sparc.deb Size/MD5: 24348032 2754a596f5c685aa9219f7f56bee3b30 http://ports.ubuntu.com/pool/main/k/kdegraphics/kdegraphics-dev_3.5.10-0ubuntu1~hardy1.1_sparc.deb Size/MD5: 81750 c0e36be365dff7b385690b8012501c26 http://ports.ubuntu.com/pool/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.10-0ubuntu1~hardy1.1_sparc.deb Size/MD5: 260116 bf4ee3267d0a210a3d5fff19303b8f34 http://ports.ubuntu.com/pool/main/k/kdegraphics/kfaxview_3.5.10-0ubuntu1~hardy1.1_sparc.deb Size/MD5: 92776 a7c707629eafd6fd431e6a650fbac5be http://ports.ubuntu.com/pool/main/k/kdegraphics/kghostview_3.5.10-0ubuntu1~hardy1.1_sparc.deb Size/MD5: 226558 3ac2a71cd980fdf5d900846a371f14ae http://ports.ubuntu.com/pool/main/k/kdegraphics/kmrml_3.5.10-0ubuntu1~hardy1.1_sparc.deb Size/MD5: 219676 d28df83337830bab08729b8f94fc033f http://ports.ubuntu.com/pool/main/k/kdegraphics/kooka_3.5.10-0ubuntu1~hardy1.1_sparc.deb Size/MD5: 742670 9179a1326aa6432e0e4e3759e208b4d1 http://ports.ubuntu.com/pool/main/k/kdegraphics/kpdf_3.5.10-0ubuntu1~hardy1.1_sparc.deb Size/MD5: 331092 88a715409b9c1bc015420295eabc6ee1 http://ports.ubuntu.com/pool/main/k/kdegraphics/kpovmodeler_3.5.10-0ubuntu1~hardy1.1_sparc.deb Size/MD5: 2258850 79f901432f73373a28b77479477246bd http://ports.ubuntu.com/pool/main/k/kdegraphics/ksnapshot_3.5.10-0ubuntu1~hardy1.1_sparc.deb Size/MD5: 171042 773130f71a0952dad31b0c6c234c71da http://ports.ubuntu.com/pool/main/k/kdegraphics/ksvg_3.5.10-0ubuntu1~hardy1.1_sparc.deb Size/MD5: 1299618 a91476637867effa378b7b9e9d69df8f http://ports.ubuntu.com/pool/main/k/kdegraphics/kview_3.5.10-0ubuntu1~hardy1.1_sparc.deb Size/MD5: 382468 cf37a8a67930633e4cc620943303f21d http://ports.ubuntu.com/pool/main/k/kdegraphics/kviewshell_3.5.10-0ubuntu1~hardy1.1_sparc.deb Size/MD5: 783416 9b95823311c16e4d60fb33f964dc20c8 http://ports.ubuntu.com/pool/main/k/kdegraphics/libkscan-dev_3.5.10-0ubuntu1~hardy1.1_sparc.deb Size/MD5: 1844 e936526996a56fd4b75c15839b730d89 http://ports.ubuntu.com/pool/main/k/kdegraphics/libkscan1_3.5.10-0ubuntu1~hardy1.1_sparc.deb Size/MD5: 127684 eafaad98a0b1e37beb534d046bf44e78 http://ports.ubuntu.com/pool/universe/k/kdegraphics/kcoloredit_3.5.10-0ubuntu1~hardy1.1_sparc.deb Size/MD5: 100906 5a95d17f36487dd23a28a8a4fb7ae28b http://ports.ubuntu.com/pool/universe/k/kdegraphics/kdvi_3.5.10-0ubuntu1~hardy1.1_sparc.deb Size/MD5: 516752 f47caeef90291df73353dda3ce0b161d http://ports.ubuntu.com/pool/universe/k/kdegraphics/kfax_3.5.10-0ubuntu1~hardy1.1_sparc.deb Size/MD5: 144748 7765211ed85bf307ae9d9b6ab9351d7e http://ports.ubuntu.com/pool/universe/k/kdegraphics/kgamma_3.5.10-0ubuntu1~hardy1.1_sparc.deb Size/MD5: 74212 1011fcfbb859742c76dc97fb73b5dc08 http://ports.ubuntu.com/pool/universe/k/kdegraphics/kiconedit_3.5.10-0ubuntu1~hardy1.1_sparc.deb Size/MD5: 173242 50ab9248cd7ff049fde225bc3104c1bb http://ports.ubuntu.com/pool/universe/k/kdegraphics/kolourpaint_3.5.10-0ubuntu1~hardy1.1_sparc.deb Size/MD5: 1052678 e8cb038cb06e5f288f9ab8b500ea1b42 http://ports.ubuntu.com/pool/universe/k/kdegraphics/kruler_3.5.10-0ubuntu1~hardy1.1_sparc.deb Size/MD5: 63748 c05e6e11a40ab7c7734611c6b2d26c17 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:331 http://www.mandriva.com/security/ _______________________________________________________________________ Package : kdegraphics Date : December 10, 2009 Affected: Corporate 4.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been found and corrected in kdegraphics: Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) setBitmap and (2) readSymbolDictSeg (CVE-2009-0146). Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier allow remote attackers to cause a denial of service (crash) via a crafted PDF file (CVE-2009-0147). The JBIG2 decoder in Xpdf 3.02pl2 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory (CVE-2009-0166). NOTE: the JBIG2Stream.cxx vector may overlap CVE-2009-1179. (CVE-2009-0791). (CVE-2009-1709). This update provides a solution to this vulnerability. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0791 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0945 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1709 _______________________________________________________________________ Updated Packages: Corporate 4.0: 0ec7bf7b568cd017c976b581046a4665 corporate/4.0/i586/kdegraphics-3.5.4-0.9.20060mlcs4.i586.rpm 32bf2180033208d0d7fb98a1670f76ef corporate/4.0/i586/kdegraphics-common-3.5.4-0.9.20060mlcs4.i586.rpm fc4d07f38b7c38a41924a87d1da87a7b corporate/4.0/i586/kdegraphics-kcolorchooser-3.5.4-0.9.20060mlcs4.i586.rpm 60ac7ec91991f24378608445602156b4 corporate/4.0/i586/kdegraphics-kcoloredit-3.5.4-0.9.20060mlcs4.i586.rpm e23a46f8928ff9bf43dfb85d030d66f4 corporate/4.0/i586/kdegraphics-kdvi-3.5.4-0.9.20060mlcs4.i586.rpm 0da4d8567fd0102fa3b71e14d7e77cce corporate/4.0/i586/kdegraphics-kfax-3.5.4-0.9.20060mlcs4.i586.rpm 71e5fc67191644df05dc3eeaf3eea182 corporate/4.0/i586/kdegraphics-kghostview-3.5.4-0.9.20060mlcs4.i586.rpm 5f712336e95e534ee5438bd6b601a6d5 corporate/4.0/i586/kdegraphics-kiconedit-3.5.4-0.9.20060mlcs4.i586.rpm b37b6097ac674ebc3296125ed1c33615 corporate/4.0/i586/kdegraphics-kolourpaint-3.5.4-0.9.20060mlcs4.i586.rpm d873b5de956fa6f936135a0046387bf1 corporate/4.0/i586/kdegraphics-kooka-3.5.4-0.9.20060mlcs4.i586.rpm 2474e300ccd833db71a756b34d9fec94 corporate/4.0/i586/kdegraphics-kpdf-3.5.4-0.9.20060mlcs4.i586.rpm 0454ff14fce7eda256890967555693bb corporate/4.0/i586/kdegraphics-kpovmodeler-3.5.4-0.9.20060mlcs4.i586.rpm bd79021aab7f406657774da069cc677d corporate/4.0/i586/kdegraphics-kruler-3.5.4-0.9.20060mlcs4.i586.rpm 5ab29c519209bc802613729896d84c63 corporate/4.0/i586/kdegraphics-ksnapshot-3.5.4-0.9.20060mlcs4.i586.rpm 771cf8aa682b615babcc8748cc09f4a9 corporate/4.0/i586/kdegraphics-ksvg-3.5.4-0.9.20060mlcs4.i586.rpm 1445a204c7aa0dae1eefab7b0d5f5839 corporate/4.0/i586/kdegraphics-kuickshow-3.5.4-0.9.20060mlcs4.i586.rpm fbd113f1442541e0cb05b624a2e08c74 corporate/4.0/i586/kdegraphics-kview-3.5.4-0.9.20060mlcs4.i586.rpm 94dec05663eb9499d974ba3d6b14e885 corporate/4.0/i586/kdegraphics-mrmlsearch-3.5.4-0.9.20060mlcs4.i586.rpm 86ca6e187a798897c25d5c9a66112b96 corporate/4.0/i586/libkdegraphics0-common-3.5.4-0.9.20060mlcs4.i586.rpm ed07099f0f6983c87188cd7cbe6fa4f5 corporate/4.0/i586/libkdegraphics0-common-devel-3.5.4-0.9.20060mlcs4.i586.rpm 978a543e6af07842a0facab486419848 corporate/4.0/i586/libkdegraphics0-kghostview-3.5.4-0.9.20060mlcs4.i586.rpm 9a7f4cf394eda5f91fe2d288bf6f6248 corporate/4.0/i586/libkdegraphics0-kghostview-devel-3.5.4-0.9.20060mlcs4.i586.rpm c47855bb4af164237de071eca478b852 corporate/4.0/i586/libkdegraphics0-kooka-3.5.4-0.9.20060mlcs4.i586.rpm 61361d801c9e0bfc677147a0ebed83cc corporate/4.0/i586/libkdegraphics0-kooka-devel-3.5.4-0.9.20060mlcs4.i586.rpm 78333238aa1949fbd32f4bbe17587819 corporate/4.0/i586/libkdegraphics0-kpovmodeler-3.5.4-0.9.20060mlcs4.i586.rpm cd42ba63d5df96750d5e0b65662a16c7 corporate/4.0/i586/libkdegraphics0-kpovmodeler-devel-3.5.4-0.9.20060mlcs4.i586.rpm 45077a5366e72fd55f7ddf819ce087f9 corporate/4.0/i586/libkdegraphics0-ksvg-3.5.4-0.9.20060mlcs4.i586.rpm efbe90c91e2762073332c0994bdf0349 corporate/4.0/i586/libkdegraphics0-ksvg-devel-3.5.4-0.9.20060mlcs4.i586.rpm 4acdcf255082a2bb7328a4ac805dbcaa corporate/4.0/i586/libkdegraphics0-kview-3.5.4-0.9.20060mlcs4.i586.rpm fddafb351cdd4da03e33f08d4af73622 corporate/4.0/i586/libkdegraphics0-kview-devel-3.5.4-0.9.20060mlcs4.i586.rpm 64deef0a4a406a04f476f5263478d2e3 corporate/4.0/SRPMS/kdegraphics-3.5.4-0.9.20060mlcs4.src.rpm Corporate 4.0/X86_64: 0fd67ad8a003f2cc7b4b5b0f295af59e corporate/4.0/x86_64/kdegraphics-3.5.4-0.9.20060mlcs4.x86_64.rpm 1e62299bf29230174331f43de7215366 corporate/4.0/x86_64/kdegraphics-common-3.5.4-0.9.20060mlcs4.x86_64.rpm a9c5b4e3f0db3db937261c8f504c44ca corporate/4.0/x86_64/kdegraphics-kcolorchooser-3.5.4-0.9.20060mlcs4.x86_64.rpm 0c0cfaf7fb1fe22bac1740425df135b2 corporate/4.0/x86_64/kdegraphics-kcoloredit-3.5.4-0.9.20060mlcs4.x86_64.rpm 9e961f83cdc9734007f9d5a90f4c888c corporate/4.0/x86_64/kdegraphics-kdvi-3.5.4-0.9.20060mlcs4.x86_64.rpm a7a5204dadd20443f879cc696906ed70 corporate/4.0/x86_64/kdegraphics-kfax-3.5.4-0.9.20060mlcs4.x86_64.rpm 1bfb78ecd8e44dc61c48dad786238bad corporate/4.0/x86_64/kdegraphics-kghostview-3.5.4-0.9.20060mlcs4.x86_64.rpm ddf5c19dbfcc64bb227173cb331dd661 corporate/4.0/x86_64/kdegraphics-kiconedit-3.5.4-0.9.20060mlcs4.x86_64.rpm 3b77da395b388a38a39805244ffb45dc corporate/4.0/x86_64/kdegraphics-kolourpaint-3.5.4-0.9.20060mlcs4.x86_64.rpm 52a4a93e2655edafc36d2e75c4adacb0 corporate/4.0/x86_64/kdegraphics-kooka-3.5.4-0.9.20060mlcs4.x86_64.rpm 6f4cdfee02441d22543b93252023490c corporate/4.0/x86_64/kdegraphics-kpdf-3.5.4-0.9.20060mlcs4.x86_64.rpm e7351156f775cda56b9a026d6d230b66 corporate/4.0/x86_64/kdegraphics-kpovmodeler-3.5.4-0.9.20060mlcs4.x86_64.rpm 54062812371d272f1f7115143d750d18 corporate/4.0/x86_64/kdegraphics-kruler-3.5.4-0.9.20060mlcs4.x86_64.rpm 7967101313636798c9e67d7d6d9f7e8e corporate/4.0/x86_64/kdegraphics-ksnapshot-3.5.4-0.9.20060mlcs4.x86_64.rpm db3dc6a00c46848ae9a31f8db2adb76b corporate/4.0/x86_64/kdegraphics-ksvg-3.5.4-0.9.20060mlcs4.x86_64.rpm 7bf017292f4ea7eb0007e30ee5f7ea06 corporate/4.0/x86_64/kdegraphics-kuickshow-3.5.4-0.9.20060mlcs4.x86_64.rpm ea3a9b102557f7b71e5988b11812fb9d corporate/4.0/x86_64/kdegraphics-kview-3.5.4-0.9.20060mlcs4.x86_64.rpm 49ce4f2918d3ca3a726f157db4e326ff corporate/4.0/x86_64/kdegraphics-mrmlsearch-3.5.4-0.9.20060mlcs4.x86_64.rpm 37962c005b21c9f034168193ac143686 corporate/4.0/x86_64/lib64kdegraphics0-common-3.5.4-0.9.20060mlcs4.x86_64.rpm 78bc99fdf48570c57b8d8e04578d0b0f corporate/4.0/x86_64/lib64kdegraphics0-common-devel-3.5.4-0.9.20060mlcs4.x86_64.rpm f2627650fccc5194666844f18ff6a2e9 corporate/4.0/x86_64/lib64kdegraphics0-kghostview-3.5.4-0.9.20060mlcs4.x86_64.rpm d6031ac8e48c554df0456a5c6ca25a6c corporate/4.0/x86_64/lib64kdegraphics0-kghostview-devel-3.5.4-0.9.20060mlcs4.x86_64.rpm e485c792b85edd25c29025900c71d9a5 corporate/4.0/x86_64/lib64kdegraphics0-kooka-3.5.4-0.9.20060mlcs4.x86_64.rpm c9d19e68cc7d9b1c17fce9f572c063d7 corporate/4.0/x86_64/lib64kdegraphics0-kooka-devel-3.5.4-0.9.20060mlcs4.x86_64.rpm c984a53011f393d7cbb6f2cc0774efa3 corporate/4.0/x86_64/lib64kdegraphics0-kpovmodeler-3.5.4-0.9.20060mlcs4.x86_64.rpm 8d1c6a2c8eaf161632f5a333bd1639d8 corporate/4.0/x86_64/lib64kdegraphics0-kpovmodeler-devel-3.5.4-0.9.20060mlcs4.x86_64.rpm 0f066ee3e189779638a4c5d7c6d08b78 corporate/4.0/x86_64/lib64kdegraphics0-ksvg-3.5.4-0.9.20060mlcs4.x86_64.rpm 7efa7c6905de7b624e95ea8ba16088d8 corporate/4.0/x86_64/lib64kdegraphics0-ksvg-devel-3.5.4-0.9.20060mlcs4.x86_64.rpm e407dc0360d9108ce56b58b0bbce8d7e corporate/4.0/x86_64/lib64kdegraphics0-kview-3.5.4-0.9.20060mlcs4.x86_64.rpm a1227e9c72b228994582c91678763e1e corporate/4.0/x86_64/lib64kdegraphics0-kview-devel-3.5.4-0.9.20060mlcs4.x86_64.rpm 64deef0a4a406a04f476f5263478d2e3 corporate/4.0/SRPMS/kdegraphics-3.5.4-0.9.20060mlcs4.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFLIQ2nmqjQ0CJFipgRAtveAKDD76Mn1SvVN71DMEESnFqN7Qk5+wCdGGMa H2tf9QJ8H8rPmPybWHl8Yxs= =DMWI -----END PGP SIGNATURE----- . ZDI-09-034: Apple Safari SVG Set.targetElement() Memory Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-09-034 June 8, 2009 -- CVE ID: CVE-2009-1709 -- Affected Vendors: Apple -- Affected Products: Apple Safari -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 6569. -- Vendor Response: Apple has issued an update to correct this vulnerability. More details can be found at: http://support.apple.com/kb/HT3613 -- Disclosure Timeline: 2008-11-10 - Vulnerability reported to vendor 2009-06-08 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by: * Anonymous -- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. Our vulnerability disclosure policy is available online at: http://www.zerodayinitiative.com/advisories/disclosure_policy/ . (CVE-2009-1709) Packages for 2008.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

resource management error

CONFIGURATIONS

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Anonymous

SOURCES

LAST UPDATE DATE

2024-11-23T21:05:58.919000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE