[SECURITY] Fedora 11 Update: kdelibs-4.2.4-6.fc11

updates at fedoraproject.org updates at fedoraproject.org
Tue Jul 28 18:23:23 UTC 2009 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-8039
2009-07-27 21:07:20
--------------------------------------------------------------------------------

Name        : kdelibs
Product     : Fedora 11
Version     : 4.2.4
Release     : 6.fc11
URL         : http://www.kde.org/
Summary     : K Desktop Environment 4 - Libraries
Description :
Libraries for the K Desktop Environment 4.

--------------------------------------------------------------------------------
Update Information:

This update fixes several security issues in KHTML (CVE-2009-1725,
CVE-2009-1690, CVE-2009-1687, CVE-2009-1698, CVE-2009-0945, CVE-2009-2537) which
may lead to a denial of service or potentially even arbitrary code execution.
In addition, libplasma was fixed to make Plasmaboard (a virtual keyboard applet)
work, and a bug in a Fedora patch which made builds of the SRPM on single-CPU
machines fail was fixed.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Jul 26 2009 Kevin Kofler <Kevin at tigcc.ticalc.org> - 4.2.4-6
- fix CVE-2009-1725 - crash, possible ACE in numeric character references
- fix CVE-2009-1690 - crash, possible ACE in KHTML (<head> use-after-free)
- fix CVE-2009-1687 - possible ACE in KJS (FIXME: still crashes?)
- fix CVE-2009-1698 - crash, possible ACE in CSS style attribute handling
- fix CVE-2009-0945 - NULL-pointer dereference in the SVGList interface impl
* Thu Jul 23 2009 Jaroslav Reznik <jreznik at redhat.com> - 4.2.4-5
- CVE-2009-2537 - select length DoS
- correct fixPopupForPlasmaboard.patch
* Wed Jul  8 2009 Kevin Kofler <Kevin at tigcc.ticalc.org> - 4.2.4-4
- fix CMake dependency in parallel_devel patch (#510259, CHIKAMA Masaki)
* Mon Jun 15 2009 Rex Dieter <rdieter at fedoraproject.org> 4.2.4-3
- fixPopupForPlasmaboard.patch
* Mon Jun  1 2009 Lukáš Tinkl <ltinkl at redhat.com> - 4.2.4-2
- respun tarball
* Sat May 30 2009 Lukáš Tinkl <ltinkl at redhat.com> - 4.2.4-1
- KDE 4.2.4
* Tue May 12 2009 Rex Dieter <rdieter at fedoraproject.org> - 4.2.3-3
- kde4.(sh|csh): drop QT_PLUGINS_PATH munging, kde4-config call (#498809)
* Mon May  4 2009 Than Ngo <than at redhat.com> - 4.2.3-2
- better fix for strcasestr detection
* Sun May  3 2009 Than Ngo <than at redhat.com> - 4.2.3-1
- 4.2.3
* Tue Apr 28 2009 Lukáš Tinkl <ltinkl at redhat.com> - 4.2.2-13
- upstream patch to fix GCC4.4 crashes in kjs
  (kdebug:189809)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #513813 - CVE-2009-1725: KHTML: improper handling of numeric character references (ACE, DoS)
        https://bugzilla.redhat.com/show_bug.cgi?id=513813
  [ 2 ] Bug #505571 - CVE-2009-1690 kdelibs: KHTML Incorrect handling <head> element content once the <head> element was removed (DoS, ACE)
        https://bugzilla.redhat.com/show_bug.cgi?id=505571
  [ 3 ] Bug #506453 - CVE-2009-1687 kdelibs: Integer overflow in KJS JavaScript garbage collector
        https://bugzilla.redhat.com/show_bug.cgi?id=506453
  [ 4 ] Bug #506469 - CVE-2009-1698 kdelibs: KHTML CSS parser - incorrect handling CSS "style" attribute content (DoS, ACE)
        https://bugzilla.redhat.com/show_bug.cgi?id=506469
  [ 5 ] Bug #506703 - CVE-2009-0945 kdegraphics: KSVG NULL-pointer dereference in the SVGList interface implementation (ACE)
        https://bugzilla.redhat.com/show_bug.cgi?id=506703
  [ 6 ] Bug #512911 - CVE-2009-2537 Konqueror: DoS via large length property of a Select object
        https://bugzilla.redhat.com/show_bug.cgi?id=512911
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update kdelibs' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the Fedora-package-announce mailing list