Ubuntu Security Notice USN-823-1 August 24, 2009========================================================== kdegraphics vulnerabilities CVE-2009-0945, CVE-2009-1709 ========================================================== A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 8.04 LTS: ksvg 4:3.5.10-0ubuntu1~hardy1.1
After a standard system upgrade you need to restart your session to effect the necessary changes.
Details follow:
It was discovered that KDE-Graphics did not properly handle certain malformed SVG images. If a user were tricked into opening a specially crafted SVG image, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program.