[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

ELSA-2012-1418 -- Oracle kdelibs

ID: oval:org.secpod.oval:def:1500011Date: (C)2013-03-20   (M)2023-02-20
Class: PATCHFamily: unix




Updated kdelibs packages that fix two security issues are now available forRed Hat Enterprise Linux 6 FasTrack.The Red Hat Security Response Team has rated this update as having criticalsecurity impact. Common Vulnerability Scoring System base scores,which give detailed severity ratings, are available for each vulnerabilityfrom the CVE links in the References section.[Updated 21st February 2013]Packages previously available in this erratum were moved to RHBA-2013:0553to prevent this erratum from incorrectly showing as a security update tousers that do not enable FasTrack channels and who had previously receivedthese security fixes via RHSA-2012:1416. The kdelibs packages provide libraries for the K Desktop Environment. Konqueror is a web browser.A heap-based buffer overflow flaw was found in the way the CSS parser in kdelibs parsed the location of the source for fontfaces. A web page containing malicious content could cause an applicationusing kdelibs to crash or, potentially, executearbitrary code with the privileges of the user running the application.A heap-based buffer over-read flaw was found in the way kdelibs calculatedcanvas dimensions for large images. A web page containing malicious contentcould cause an application using kdelibs to crash or disclose portions ofits memory. Users should upgrade to these updated packages, which contain backportedpatches to correct these issues. The desktop must be restarted for this update to take effect.

Platform:
Oracle Linux 6
Product:
kdelibs
Reference:
ELSA-2012-1418
CVE-2012-4512
CVE-2012-4513
CVE    2
CVE-2012-4512
CVE-2012-4513
CPE    2
cpe:/a:kde:kdelibs
cpe:/o:oracle:linux:6

© SecPod Technologies