Synopsis:	Critical: kdelibs security update
Issue date:	2009-11-24
CVE Names:	CVE-2009-0689

CVE-2009-0689 kdelibs remote array overrun

A buffer overflow flaw was found in the kdelibs string to floating point
conversion routines. A web page containing malicious JavaScript could 
crash Konqueror or, potentially, execute arbitrary code with the 
privileges of the user running Konqueror. (CVE-2009-0689)

The desktop must be restarted (log out, then log back in) for this 
update to take effect.

SL 4.x

      SRPMS:
kdelibs-3.3.1-17.el4_8.1.src.rpm
      i386:
kdelibs-3.3.1-17.el4_8.1.i386.rpm
kdelibs-devel-3.3.1-17.el4_8.1.i386.rpm
      x86_64:
kdelibs-3.3.1-17.el4_8.1.i386.rpm
kdelibs-3.3.1-17.el4_8.1.x86_64.rpm
kdelibs-devel-3.3.1-17.el4_8.1.x86_64.rpm

SL 5.x

      SRPMS:
kdelibs-3.5.4-25.el5_4.1.src.rpm
      i386:
kdelibs-3.5.4-25.el5_4.1.i386.rpm
kdelibs-apidocs-3.5.4-25.el5_4.1.i386.rpm
kdelibs-devel-3.5.4-25.el5_4.1.i386.rpm
      x86_64:
kdelibs-3.5.4-25.el5_4.1.i386.rpm
kdelibs-3.5.4-25.el5_4.1.x86_64.rpm
kdelibs-apidocs-3.5.4-25.el5_4.1.x86_64.rpm
kdelibs-devel-3.5.4-25.el5_4.1.i386.rpm
kdelibs-devel-3.5.4-25.el5_4.1.x86_64.rpm

-Connie Sieh
-Troy Dawson