-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2010:182 http://www.mandriva.com/security/ _______________________________________________________________________ Package : kdegraphics Date : September 14, 2010 Affected: 2008.0 _______________________________________________________________________ Problem Description: A vulnerability has been found and corrected in kdegraphics (ksvg): Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via an SVG animation element, related to SVG set objects, SVG marker elements, the targetElement attribute, and unspecified caches. (CVE-2009-1709) Packages for 2008.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1709 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 471f47fe7f457c626fd77fca6d664af1 2008.0/i586/kdegraphics-3.5.10-0.3mdv2008.0.i586.rpm 638df04d6fd8e814e5bccf2e6609be5e 2008.0/i586/kdegraphics-common-3.5.10-0.3mdv2008.0.i586.rpm a6750900bb89c379de0dbccf58eb655d 2008.0/i586/kdegraphics-kcolorchooser-3.5.10-0.3mdv2008.0.i586.rpm ff11bea7fa112944c270c98748fecfbb 2008.0/i586/kdegraphics-kcoloredit-3.5.10-0.3mdv2008.0.i586.rpm 5d8660d907db81dbe6238758232fc589 2008.0/i586/kdegraphics-kdvi-3.5.10-0.3mdv2008.0.i586.rpm 94a5b1f074b3878ad1924d22609d683e 2008.0/i586/kdegraphics-kfax-3.5.10-0.3mdv2008.0.i586.rpm 3bcad1f12d268896a93fbe22c8a6cf8d 2008.0/i586/kdegraphics-kghostview-3.5.10-0.3mdv2008.0.i586.rpm 932203c975f06c83c0762480e1fda2ae 2008.0/i586/kdegraphics-kiconedit-3.5.10-0.3mdv2008.0.i586.rpm b1cd4d78f12ad4e11b68d3f12c91749a 2008.0/i586/kdegraphics-kolourpaint-3.5.10-0.3mdv2008.0.i586.rpm 95dcc8ead986122eb4680d67989ac51c 2008.0/i586/kdegraphics-kooka-3.5.10-0.3mdv2008.0.i586.rpm 932ae2193c84cc051bbe55058508c250 2008.0/i586/kdegraphics-kpdf-3.5.10-0.3mdv2008.0.i586.rpm 6922bcb6a13a0dd577715c8d6b375322 2008.0/i586/kdegraphics-kpovmodeler-3.5.10-0.3mdv2008.0.i586.rpm 1952127621e3bb8398dbcca1d13cc22e 2008.0/i586/kdegraphics-kruler-3.5.10-0.3mdv2008.0.i586.rpm 64cc740e330357b485f71cfa51bccf3d 2008.0/i586/kdegraphics-ksnapshot-3.5.10-0.3mdv2008.0.i586.rpm 8b247a6eeb6391b9a3631e60a07d8722 2008.0/i586/kdegraphics-ksvg-3.5.10-0.3mdv2008.0.i586.rpm d45f01099fb15169e940535fe708de73 2008.0/i586/kdegraphics-kuickshow-3.5.10-0.3mdv2008.0.i586.rpm 7ee507dd2110fca8c4535dc791a584da 2008.0/i586/kdegraphics-kview-3.5.10-0.3mdv2008.0.i586.rpm 445631492084d06791e6003bd54d6222 2008.0/i586/kdegraphics-mrmlsearch-3.5.10-0.3mdv2008.0.i586.rpm ca58f9549eba49942b4632e9b9c71a7d 2008.0/i586/libkdegraphics0-common-3.5.10-0.3mdv2008.0.i586.rpm 28b81e97ba02bf625ec6a164cd4f20d2 2008.0/i586/libkdegraphics0-common-devel-3.5.10-0.3mdv2008.0.i586.rpm 55991fbf2a4f30b42be0ee3ee7f17af0 2008.0/i586/libkdegraphics0-kghostview-3.5.10-0.3mdv2008.0.i586.rpm 12ad689af055d34637b0b9c6981c89fc 2008.0/i586/libkdegraphics0-kghostview-devel-3.5.10-0.3mdv2008.0.i586.rpm c49ec0b24f583a97e1ac575f7bbc9ad1 2008.0/i586/libkdegraphics0-kooka-3.5.10-0.3mdv2008.0.i586.rpm 930d4bf4f5d25a6b2a38060632f0d673 2008.0/i586/libkdegraphics0-kooka-devel-3.5.10-0.3mdv2008.0.i586.rpm 22e39f8103b4adcc5bf487a036e83d69 2008.0/i586/libkdegraphics0-kpovmodeler-3.5.10-0.3mdv2008.0.i586.rpm 8dbc0fe503c2b93e088c8be1386eb193 2008.0/i586/libkdegraphics0-kpovmodeler-devel-3.5.10-0.3mdv2008.0.i586.rpm a4b31f3a3ad7e1f3448a27c350e4e075 2008.0/i586/libkdegraphics0-ksvg-3.5.10-0.3mdv2008.0.i586.rpm 529f4485ca07efbb13aa6142df1c9f1d 2008.0/i586/libkdegraphics0-ksvg-devel-3.5.10-0.3mdv2008.0.i586.rpm 20cf6a5d8ac277e51a7a31caff9dd5b9 2008.0/i586/libkdegraphics0-kview-3.5.10-0.3mdv2008.0.i586.rpm b9fe4f8a7e1a29b1972d6f5e10d6cf0c 2008.0/i586/libkdegraphics0-kview-devel-3.5.10-0.3mdv2008.0.i586.rpm d967904fc04008cbcd08581b082bc133 2008.0/SRPMS/kdegraphics-3.5.10-0.3mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: f995438b3cf719995d1a73c0a50cdaaf 2008.0/x86_64/kdegraphics-3.5.10-0.3mdv2008.0.x86_64.rpm 2a5b125b04e5ef8ad43db2eef4b9ece8 2008.0/x86_64/kdegraphics-common-3.5.10-0.3mdv2008.0.x86_64.rpm 4194048ddbaaae2c51794d5e351106b1 2008.0/x86_64/kdegraphics-kcolorchooser-3.5.10-0.3mdv2008.0.x86_64.rpm 6f48cd361535e6160e321a354ef23817 2008.0/x86_64/kdegraphics-kcoloredit-3.5.10-0.3mdv2008.0.x86_64.rpm bab4eb51dcd4ee42806875216d2ccf93 2008.0/x86_64/kdegraphics-kdvi-3.5.10-0.3mdv2008.0.x86_64.rpm e84d65f8b025c3c68ccc8bd95d0c3b16 2008.0/x86_64/kdegraphics-kfax-3.5.10-0.3mdv2008.0.x86_64.rpm b6243f48c5eead29fa871996a25b3e8c 2008.0/x86_64/kdegraphics-kghostview-3.5.10-0.3mdv2008.0.x86_64.rpm 30421b5bd6f7e0b67a3dd9f0d5c74a09 2008.0/x86_64/kdegraphics-kiconedit-3.5.10-0.3mdv2008.0.x86_64.rpm 982073503274c67111485b254fe72ef6 2008.0/x86_64/kdegraphics-kolourpaint-3.5.10-0.3mdv2008.0.x86_64.rpm b6be63c044977ab63417c74aed0bf6a7 2008.0/x86_64/kdegraphics-kooka-3.5.10-0.3mdv2008.0.x86_64.rpm 9b4729dda5ff717274675188c29efc18 2008.0/x86_64/kdegraphics-kpdf-3.5.10-0.3mdv2008.0.x86_64.rpm bb879319e20da5a889d4ac5269e4abf4 2008.0/x86_64/kdegraphics-kpovmodeler-3.5.10-0.3mdv2008.0.x86_64.rpm ebe403ddf82e81a1df2a15969562bf1b 2008.0/x86_64/kdegraphics-kruler-3.5.10-0.3mdv2008.0.x86_64.rpm 7cc1e5abb2b3b78cccdceee465a1de61 2008.0/x86_64/kdegraphics-ksnapshot-3.5.10-0.3mdv2008.0.x86_64.rpm 2ceee537f22fb4bab200930cdc0a02df 2008.0/x86_64/kdegraphics-ksvg-3.5.10-0.3mdv2008.0.x86_64.rpm 37b47a799a660629dbc23e37b31a2ade 2008.0/x86_64/kdegraphics-kuickshow-3.5.10-0.3mdv2008.0.x86_64.rpm 228b1a276129e6396ab31f477c020782 2008.0/x86_64/kdegraphics-kview-3.5.10-0.3mdv2008.0.x86_64.rpm 77fd532817b84d7656e792b333a26b6c 2008.0/x86_64/kdegraphics-mrmlsearch-3.5.10-0.3mdv2008.0.x86_64.rpm 860389579b984e0cccc9b9cf172ed7ad 2008.0/x86_64/lib64kdegraphics0-common-3.5.10-0.3mdv2008.0.x86_64.rpm a351c2673677d2c697673d9fd1668739 2008.0/x86_64/lib64kdegraphics0-common-devel-3.5.10-0.3mdv2008.0.x86_64.rpm 9a5c2f6e524f0adddf8236233ee44bf0 2008.0/x86_64/lib64kdegraphics0-kghostview-3.5.10-0.3mdv2008.0.x86_64.rpm a231fd4f654e288c693d5234b7a114ac 2008.0/x86_64/lib64kdegraphics0-kghostview-devel-3.5.10-0.3mdv2008.0.x86_64.rpm 8c534896946226ab349a806625f5d0ed 2008.0/x86_64/lib64kdegraphics0-kooka-3.5.10-0.3mdv2008.0.x86_64.rpm 4ce0e7978cccbdf2a1d66e4dc78197be 2008.0/x86_64/lib64kdegraphics0-kooka-devel-3.5.10-0.3mdv2008.0.x86_64.rpm d3be0874a77df32854fe4d30cd21d73c 2008.0/x86_64/lib64kdegraphics0-kpovmodeler-3.5.10-0.3mdv2008.0.x86_64.rpm de8d6c3b53f3bac5f59dca08ae56a2c5 2008.0/x86_64/lib64kdegraphics0-kpovmodeler-devel-3.5.10-0.3mdv2008.0.x86_64.rpm 0e6f79e0ea995b46748e24be9f8c31ba 2008.0/x86_64/lib64kdegraphics0-ksvg-3.5.10-0.3mdv2008.0.x86_64.rpm b70d1fe40c2133b95934e72d1a3c941f 2008.0/x86_64/lib64kdegraphics0-ksvg-devel-3.5.10-0.3mdv2008.0.x86_64.rpm 792c07ace7925b7134243876b02a0b5a 2008.0/x86_64/lib64kdegraphics0-kview-3.5.10-0.3mdv2008.0.x86_64.rpm 0f1edd9fe8031b68b9dc0a6d15a7c950 2008.0/x86_64/lib64kdegraphics0-kview-devel-3.5.10-0.3mdv2008.0.x86_64.rpm d967904fc04008cbcd08581b082bc133 2008.0/SRPMS/kdegraphics-3.5.10-0.3mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFMj3+pmqjQ0CJFipgRAl7+AKD1uXHNySl69Dc+UhRyjpbd4rYbUwCfe/WK 6Y1ITHYZFvaWJS71VpS9n5A= =DF8i -----END PGP SIGNATURE-----