Sårbarhed Detalje Syn
Legend :
critical
high
medium
low
other
| id | 43109 |
|---|
| Risiko | other |
|---|
| Familie | Ubuntu Local Security Checks |
|---|
| Kategori | infos |
|---|
| Navn | USN871-1 : kdelibs vulnerability |
|---|
| Sammenfatning | kdelibs vulnerability |
|---|
| Beskrivelse | Synopsis :
These remote packages are missing security patches :
- kdelibs
- kdelibs-data
- kdelibs-dbg
- kdelibs4-dev
- kdelibs4-doc
- kdelibs4c2a
Description :
A buffer overflow was found in the KDE libraries when converting a string
to a floating point number. If a user or application linked against kdelibs
were tricked into processing crafted input, an attacker could cause a
denial of service (via application crash) or possibly execute arbitrary
code with the privileges of the user invoking the program. (CVE-2009-0689)
It was discovered that the KDE libraries could use KHTML to process an
unknown MIME type. If a user or application linked against kdelibs were
tricked into opening a crafted file, an attacker could potentially trigger
XMLHTTPRequests to remote sites.
Solution :
Upgrade to :
- kdelibs-3.5.10.dfsg.1-2ubuntu7.2 (Ubuntu 9.10)
- kdelibs-data-3.5.10.dfsg.1-2ubuntu7.2 (Ubuntu 9.10)
- kdelibs-dbg-3.5.10.dfsg.1-2ubuntu7.2 (Ubuntu 9.10)
- kdelibs4-dev-3.5.10.dfsg.1-2ubuntu7.2 (Ubuntu 9.10)
- kdelibs4-doc-3.5.10-0ubuntu6.4 (Ubuntu 8.10)
- kdelibs4c2a-3.5.10.dfsg.1-2ubuntu7.2 (Ubuntu 9.10)
Risk factor :
Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
|
|---|
| CVE |
CVE-2009-0689 |
| Bugtraq |
NOBID |
| Copyright |
(C) 2009 Canonical, Inc. / NASL script (C) 2009 Tenable Network Security, Inc. |
|
|