Synopsis: Critical: kdelibs security update Issue date: 2009-11-24 CVE Names: CVE-2009-0689 CVE-2009-0689 kdelibs remote array overrun A buffer overflow flaw was found in the kdelibs string to floating point conversion routines. A web page containing malicious JavaScript could crash Konqueror or, potentially, execute arbitrary code with the privileges of the user running Konqueror. (CVE-2009-0689) The desktop must be restarted (log out, then log back in) for this update to take effect. SL 4.x SRPMS: kdelibs-3.3.1-17.el4_8.1.src.rpm i386: kdelibs-3.3.1-17.el4_8.1.i386.rpm kdelibs-devel-3.3.1-17.el4_8.1.i386.rpm x86_64: kdelibs-3.3.1-17.el4_8.1.i386.rpm kdelibs-3.3.1-17.el4_8.1.x86_64.rpm kdelibs-devel-3.3.1-17.el4_8.1.x86_64.rpm SL 5.x SRPMS: kdelibs-3.5.4-25.el5_4.1.src.rpm i386: kdelibs-3.5.4-25.el5_4.1.i386.rpm kdelibs-apidocs-3.5.4-25.el5_4.1.i386.rpm kdelibs-devel-3.5.4-25.el5_4.1.i386.rpm x86_64: kdelibs-3.5.4-25.el5_4.1.i386.rpm kdelibs-3.5.4-25.el5_4.1.x86_64.rpm kdelibs-apidocs-3.5.4-25.el5_4.1.x86_64.rpm kdelibs-devel-3.5.4-25.el5_4.1.i386.rpm kdelibs-devel-3.5.4-25.el5_4.1.x86_64.rpm -Connie Sieh -Troy Dawson