Synopsis: Critical: kdelibs security update
Issue date: 2009-11-24
CVE Names: CVE-2009-0689
CVE-2009-0689 kdelibs remote array overrun
A buffer overflow flaw was found in the kdelibs string to floating point
conversion routines. A web page containing malicious JavaScript could
crash Konqueror or, potentially, execute arbitrary code with the
privileges of the user running Konqueror. (CVE-2009-0689)
The desktop must be restarted (log out, then log back in) for this
update to take effect.
SL 4.x
SRPMS:
kdelibs-3.3.1-17.el4_8.1.src.rpm
i386:
kdelibs-3.3.1-17.el4_8.1.i386.rpm
kdelibs-devel-3.3.1-17.el4_8.1.i386.rpm
x86_64:
kdelibs-3.3.1-17.el4_8.1.i386.rpm
kdelibs-3.3.1-17.el4_8.1.x86_64.rpm
kdelibs-devel-3.3.1-17.el4_8.1.x86_64.rpm
SL 5.x
SRPMS:
kdelibs-3.5.4-25.el5_4.1.src.rpm
i386:
kdelibs-3.5.4-25.el5_4.1.i386.rpm
kdelibs-apidocs-3.5.4-25.el5_4.1.i386.rpm
kdelibs-devel-3.5.4-25.el5_4.1.i386.rpm
x86_64:
kdelibs-3.5.4-25.el5_4.1.i386.rpm
kdelibs-3.5.4-25.el5_4.1.x86_64.rpm
kdelibs-apidocs-3.5.4-25.el5_4.1.x86_64.rpm
kdelibs-devel-3.5.4-25.el5_4.1.i386.rpm
kdelibs-devel-3.5.4-25.el5_4.1.x86_64.rpm
-Connie Sieh
-Troy Dawson