Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in kdegraphics
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in kdegraphics
ID: MDVSA-2009:331
Distribution: Mandriva
Plattformen: Mandriva Corporate 4.0
Datum: Do, 10. Dezember 2009, 19:09
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0791
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0945
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1709
Applikationen: KDE Software Compilation

Originalnachricht

This is a multi-part message in MIME format...

------------=_1260468571-24326-1915


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:331
http://www.mandriva.com/security/
_______________________________________________________________________

Package : kdegraphics
Date : December 10, 2009
Affected: Corporate 4.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been found and corrected in kdegraphics:

Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2
and earlier allow remote attackers to cause a denial of service
(crash) via a crafted PDF file, related to (1) setBitmap and (2)
readSymbolDictSeg (CVE-2009-0146).

Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and
earlier allow remote attackers to cause a denial of service (crash)
via a crafted PDF file (CVE-2009-0147).

The JBIG2 decoder in Xpdf 3.02pl2 and earlier allows remote attackers
to cause a denial of service (crash) via a crafted PDF file that
triggers a free of uninitialized memory (CVE-2009-0166).

Multiple integer overflows in the pdftops filter in CUPS 1.1.17,
1.1.22, and 1.3.7 allow remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a crafted
PDF file that triggers a heap-based buffer overflow, possibly
related to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c, (4)
JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE: the
JBIG2Stream.cxx vector may overlap CVE-2009-1179. (CVE-2009-0791).

Use-after-free vulnerability in the garbage-collection implementation
in WebCore in WebKit in Apple Safari before 4.0 allows remote
attackers to execute arbitrary code or cause a denial of service
(heap corruption and application crash) via an SVG animation element,
related to SVG set objects, SVG marker elements, the targetElement
attribute, and unspecified caches. (CVE-2009-1709).

WebKit, as used in Safari before 3.2.3 and 4 Public Beta, on Apple
Mac OS X 10.4.11 and 10.5 before 10.5.7 and Windows allows remote
attackers to execute arbitrary code via a crafted SVGList object that
triggers memory corruption (CVE-2009-0945).

This update provides a solution to this vulnerability.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0791
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0945
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1709
_______________________________________________________________________

Updated Packages:

Corporate 4.0:
0ec7bf7b568cd017c976b581046a4665
corporate/4.0/i586/kdegraphics-3.5.4-0.9.20060mlcs4.i586.rpm
32bf2180033208d0d7fb98a1670f76ef
corporate/4.0/i586/kdegraphics-common-3.5.4-0.9.20060mlcs4.i586.rpm
fc4d07f38b7c38a41924a87d1da87a7b
corporate/4.0/i586/kdegraphics-kcolorchooser-3.5.4-0.9.20060mlcs4.i586.rpm
60ac7ec91991f24378608445602156b4
corporate/4.0/i586/kdegraphics-kcoloredit-3.5.4-0.9.20060mlcs4.i586.rpm
e23a46f8928ff9bf43dfb85d030d66f4
corporate/4.0/i586/kdegraphics-kdvi-3.5.4-0.9.20060mlcs4.i586.rpm
0da4d8567fd0102fa3b71e14d7e77cce
corporate/4.0/i586/kdegraphics-kfax-3.5.4-0.9.20060mlcs4.i586.rpm
71e5fc67191644df05dc3eeaf3eea182
corporate/4.0/i586/kdegraphics-kghostview-3.5.4-0.9.20060mlcs4.i586.rpm
5f712336e95e534ee5438bd6b601a6d5
corporate/4.0/i586/kdegraphics-kiconedit-3.5.4-0.9.20060mlcs4.i586.rpm
b37b6097ac674ebc3296125ed1c33615
corporate/4.0/i586/kdegraphics-kolourpaint-3.5.4-0.9.20060mlcs4.i586.rpm
d873b5de956fa6f936135a0046387bf1
corporate/4.0/i586/kdegraphics-kooka-3.5.4-0.9.20060mlcs4.i586.rpm
2474e300ccd833db71a756b34d9fec94
corporate/4.0/i586/kdegraphics-kpdf-3.5.4-0.9.20060mlcs4.i586.rpm
0454ff14fce7eda256890967555693bb
corporate/4.0/i586/kdegraphics-kpovmodeler-3.5.4-0.9.20060mlcs4.i586.rpm
bd79021aab7f406657774da069cc677d
corporate/4.0/i586/kdegraphics-kruler-3.5.4-0.9.20060mlcs4.i586.rpm
5ab29c519209bc802613729896d84c63
corporate/4.0/i586/kdegraphics-ksnapshot-3.5.4-0.9.20060mlcs4.i586.rpm
771cf8aa682b615babcc8748cc09f4a9
corporate/4.0/i586/kdegraphics-ksvg-3.5.4-0.9.20060mlcs4.i586.rpm
1445a204c7aa0dae1eefab7b0d5f5839
corporate/4.0/i586/kdegraphics-kuickshow-3.5.4-0.9.20060mlcs4.i586.rpm
fbd113f1442541e0cb05b624a2e08c74
corporate/4.0/i586/kdegraphics-kview-3.5.4-0.9.20060mlcs4.i586.rpm
94dec05663eb9499d974ba3d6b14e885
corporate/4.0/i586/kdegraphics-mrmlsearch-3.5.4-0.9.20060mlcs4.i586.rpm
86ca6e187a798897c25d5c9a66112b96
corporate/4.0/i586/libkdegraphics0-common-3.5.4-0.9.20060mlcs4.i586.rpm
ed07099f0f6983c87188cd7cbe6fa4f5
corporate/4.0/i586/libkdegraphics0-common-devel-3.5.4-0.9.20060mlcs4.i586.rpm
978a543e6af07842a0facab486419848
corporate/4.0/i586/libkdegraphics0-kghostview-3.5.4-0.9.20060mlcs4.i586.rpm
9a7f4cf394eda5f91fe2d288bf6f6248
corporate/4.0/i586/libkdegraphics0-kghostview-devel-3.5.4-0.9.20060mlcs4.i586.rpm
c47855bb4af164237de071eca478b852
corporate/4.0/i586/libkdegraphics0-kooka-3.5.4-0.9.20060mlcs4.i586.rpm
61361d801c9e0bfc677147a0ebed83cc
corporate/4.0/i586/libkdegraphics0-kooka-devel-3.5.4-0.9.20060mlcs4.i586.rpm
78333238aa1949fbd32f4bbe17587819
corporate/4.0/i586/libkdegraphics0-kpovmodeler-3.5.4-0.9.20060mlcs4.i586.rpm
cd42ba63d5df96750d5e0b65662a16c7
corporate/4.0/i586/libkdegraphics0-kpovmodeler-devel-3.5.4-0.9.20060mlcs4.i586.rpm
45077a5366e72fd55f7ddf819ce087f9
corporate/4.0/i586/libkdegraphics0-ksvg-3.5.4-0.9.20060mlcs4.i586.rpm
efbe90c91e2762073332c0994bdf0349
corporate/4.0/i586/libkdegraphics0-ksvg-devel-3.5.4-0.9.20060mlcs4.i586.rpm
4acdcf255082a2bb7328a4ac805dbcaa
corporate/4.0/i586/libkdegraphics0-kview-3.5.4-0.9.20060mlcs4.i586.rpm
fddafb351cdd4da03e33f08d4af73622
corporate/4.0/i586/libkdegraphics0-kview-devel-3.5.4-0.9.20060mlcs4.i586.rpm
64deef0a4a406a04f476f5263478d2e3
corporate/4.0/SRPMS/kdegraphics-3.5.4-0.9.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
0fd67ad8a003f2cc7b4b5b0f295af59e
corporate/4.0/x86_64/kdegraphics-3.5.4-0.9.20060mlcs4.x86_64.rpm
1e62299bf29230174331f43de7215366
corporate/4.0/x86_64/kdegraphics-common-3.5.4-0.9.20060mlcs4.x86_64.rpm
a9c5b4e3f0db3db937261c8f504c44ca
corporate/4.0/x86_64/kdegraphics-kcolorchooser-3.5.4-0.9.20060mlcs4.x86_64.rpm
0c0cfaf7fb1fe22bac1740425df135b2
corporate/4.0/x86_64/kdegraphics-kcoloredit-3.5.4-0.9.20060mlcs4.x86_64.rpm
9e961f83cdc9734007f9d5a90f4c888c
corporate/4.0/x86_64/kdegraphics-kdvi-3.5.4-0.9.20060mlcs4.x86_64.rpm
a7a5204dadd20443f879cc696906ed70
corporate/4.0/x86_64/kdegraphics-kfax-3.5.4-0.9.20060mlcs4.x86_64.rpm
1bfb78ecd8e44dc61c48dad786238bad
corporate/4.0/x86_64/kdegraphics-kghostview-3.5.4-0.9.20060mlcs4.x86_64.rpm
ddf5c19dbfcc64bb227173cb331dd661
corporate/4.0/x86_64/kdegraphics-kiconedit-3.5.4-0.9.20060mlcs4.x86_64.rpm
3b77da395b388a38a39805244ffb45dc
corporate/4.0/x86_64/kdegraphics-kolourpaint-3.5.4-0.9.20060mlcs4.x86_64.rpm
52a4a93e2655edafc36d2e75c4adacb0
corporate/4.0/x86_64/kdegraphics-kooka-3.5.4-0.9.20060mlcs4.x86_64.rpm
6f4cdfee02441d22543b93252023490c
corporate/4.0/x86_64/kdegraphics-kpdf-3.5.4-0.9.20060mlcs4.x86_64.rpm
e7351156f775cda56b9a026d6d230b66
corporate/4.0/x86_64/kdegraphics-kpovmodeler-3.5.4-0.9.20060mlcs4.x86_64.rpm
54062812371d272f1f7115143d750d18
corporate/4.0/x86_64/kdegraphics-kruler-3.5.4-0.9.20060mlcs4.x86_64.rpm
7967101313636798c9e67d7d6d9f7e8e
corporate/4.0/x86_64/kdegraphics-ksnapshot-3.5.4-0.9.20060mlcs4.x86_64.rpm
db3dc6a00c46848ae9a31f8db2adb76b
corporate/4.0/x86_64/kdegraphics-ksvg-3.5.4-0.9.20060mlcs4.x86_64.rpm
7bf017292f4ea7eb0007e30ee5f7ea06
corporate/4.0/x86_64/kdegraphics-kuickshow-3.5.4-0.9.20060mlcs4.x86_64.rpm
ea3a9b102557f7b71e5988b11812fb9d
corporate/4.0/x86_64/kdegraphics-kview-3.5.4-0.9.20060mlcs4.x86_64.rpm
49ce4f2918d3ca3a726f157db4e326ff
corporate/4.0/x86_64/kdegraphics-mrmlsearch-3.5.4-0.9.20060mlcs4.x86_64.rpm
37962c005b21c9f034168193ac143686
corporate/4.0/x86_64/lib64kdegraphics0-common-3.5.4-0.9.20060mlcs4.x86_64.rpm
78bc99fdf48570c57b8d8e04578d0b0f
corporate/4.0/x86_64/lib64kdegraphics0-common-devel-3.5.4-0.9.20060mlcs4.x86_64.rpm
f2627650fccc5194666844f18ff6a2e9
corporate/4.0/x86_64/lib64kdegraphics0-kghostview-3.5.4-0.9.20060mlcs4.x86_64.rpm
d6031ac8e48c554df0456a5c6ca25a6c
corporate/4.0/x86_64/lib64kdegraphics0-kghostview-devel-3.5.4-0.9.20060mlcs4.x86_64.rpm
e485c792b85edd25c29025900c71d9a5
corporate/4.0/x86_64/lib64kdegraphics0-kooka-3.5.4-0.9.20060mlcs4.x86_64.rpm
c9d19e68cc7d9b1c17fce9f572c063d7
corporate/4.0/x86_64/lib64kdegraphics0-kooka-devel-3.5.4-0.9.20060mlcs4.x86_64.rpm
c984a53011f393d7cbb6f2cc0774efa3
corporate/4.0/x86_64/lib64kdegraphics0-kpovmodeler-3.5.4-0.9.20060mlcs4.x86_64.rpm
8d1c6a2c8eaf161632f5a333bd1639d8
corporate/4.0/x86_64/lib64kdegraphics0-kpovmodeler-devel-3.5.4-0.9.20060mlcs4.x86_64.rpm
0f066ee3e189779638a4c5d7c6d08b78
corporate/4.0/x86_64/lib64kdegraphics0-ksvg-3.5.4-0.9.20060mlcs4.x86_64.rpm
7efa7c6905de7b624e95ea8ba16088d8
corporate/4.0/x86_64/lib64kdegraphics0-ksvg-devel-3.5.4-0.9.20060mlcs4.x86_64.rpm
e407dc0360d9108ce56b58b0bbce8d7e
corporate/4.0/x86_64/lib64kdegraphics0-kview-3.5.4-0.9.20060mlcs4.x86_64.rpm
a1227e9c72b228994582c91678763e1e
corporate/4.0/x86_64/lib64kdegraphics0-kview-devel-3.5.4-0.9.20060mlcs4.x86_64.rpm
64deef0a4a406a04f476f5263478d2e3
corporate/4.0/SRPMS/kdegraphics-3.5.4-0.9.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLIQ2nmqjQ0CJFipgRAtveAKDD76Mn1SvVN71DMEESnFqN7Qk5+wCdGGMa
H2tf9QJ8H8rPmPybWHl8Yxs=
=DMWI
-----END PGP SIGNATURE-----


------------=_1260468571-24326-1915
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1260468571-24326-1915--
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung