Bug 20648

Summary: KDE Multiple Vulnerabilities: CVE-2009-1687 CVE-2009-1698 CVE-2009-1709
Product: Branch 5.0 Reporter: Sergey V Turchin <zerg>
Component: kde4libsAssignee: Sergey V Turchin <zerg>
Status: CLOSED FIXED QA Contact: qa-5.0 <qa-5.0>
Severity: critical    
Priority: P3 CC: cas, crux
Version: unspecifiedKeywords: security
Hardware: all   
OS: Linux   
URL: http://secunia.com/advisories/35582/3/
Bug Depends on: 20633    
Bug Blocks:    

Description Sergey V Turchin 2009-07-01 14:56:20 MSD 
+++ Данная ошибка создана размножением ошибки 20633 +++

Некоторые уязвимости, обнаруженные в webkit, относятся и к движку KHTML KDE:

2) A vulnerability is caused due to a use-after-free error when processing certain SVG images, which can be exploited to execute arbitrary code via specially crafted SVG images.

4) An error exists within the processing of a certain CSS attribute. This can be exploited to cause a memory corruption when visiting a malicious web page.

5) An integer overflow exists within the JavaScript garbage collector, which can be exploited to exploited when visiting a malicious website.
Comment 1 Sergey V Turchin 2010-01-20 17:34:56 MSK 
Уже все исправлено, как-минимум, в kde-4.3.4