Bug 20648 - KDE Multiple Vulnerabilities: CVE-2009-1687 CVE-2009-1698 CVE-2009-1709
Summary: KDE Multiple Vulnerabilities: CVE-2009-1687 CVE-2009-1698 CVE-2009-1709
Status: CLOSED FIXED
Alias: None
Product: Branch 5.0
Classification: Distributions
Component: kde4libs (show other bugs)
Version: unspecified
Hardware: all Linux
: P3 critical
Assignee: Sergey V Turchin
QA Contact: qa-5.0@altlinux.org
URL: http://secunia.com/advisories/35582/3/
Keywords: security
Depends on: 20633
Blocks:
  Show dependency tree
 
Reported: 2009-07-01 14:56 MSD by Sergey V Turchin
Modified: 2010-01-20 17:34 MSK (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sergey V Turchin 2009-07-01 14:56:20 MSD 
+++ Данная ошибка создана размножением ошибки 20633 +++

Некоторые уязвимости, обнаруженные в webkit, относятся и к движку KHTML KDE:

2) A vulnerability is caused due to a use-after-free error when processing certain SVG images, which can be exploited to execute arbitrary code via specially crafted SVG images.

4) An error exists within the processing of a certain CSS attribute. This can be exploited to cause a memory corruption when visiting a malicious web page.

5) An integer overflow exists within the JavaScript garbage collector, which can be exploited to exploited when visiting a malicious website.
Comment 1 Sergey V Turchin 2010-01-20 17:34:56 MSK 
Уже все исправлено, как-минимум, в kde-4.3.4