Synopsis: Critical: kdelibs security update Issue Date: 2012-10-30 CVE Numbers: CVE-2012-4513 CVE-2012-4512 -- A heap-based buffer overflow flaw was found in the way the CSS (Cascading Style Sheets) parser in kdelibs parsed the location of the source for font faces. A web page containing malicious content could cause an application using kdelibs (such as Konqueror) to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-4512) A heap-based buffer over-read flaw was found in the way kdelibs calculated canvas dimensions for large images. A web page containing malicious content could cause an application using kdelibs to crash or disclose portions of its memory. (CVE-2012-4513) The desktop must be restarted (log out, then log back in) for this update to take effect. -- SL6 x86_64 kdelibs-4.3.4-19.el6.i686.rpm kdelibs-4.3.4-19.el6.x86_64.rpm kdelibs-common-4.3.4-19.el6.x86_64.rpm kdelibs-devel-4.3.4-19.el6.i686.rpm kdelibs-devel-4.3.4-19.el6.x86_64.rpm i386 kdelibs-4.3.4-19.el6.i686.rpm kdelibs-common-4.3.4-19.el6.i686.rpm kdelibs-devel-4.3.4-19.el6.i686.rpm noarch kdelibs-apidocs-4.3.4-19.el6.noarch.rpm - Scientific Linux Development Team