Lucene search

K
centosCentOS ProjectCESA-2009:1601
HistoryNov 25, 2009 - 2:52 p.m.

kdelibs security update

2009-11-2514:52:10
CentOS Project
lists.centos.org
49

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.97 High

EPSS

Percentile

99.7%

CentOS Errata and Security Advisory CESA-2009:1601

The kdelibs packages provide libraries for the K Desktop Environment (KDE).

A buffer overflow flaw was found in the kdelibs string to floating point
conversion routines. A web page containing malicious JavaScript could crash
Konqueror or, potentially, execute arbitrary code with the privileges of the
user running Konqueror. (CVE-2009-0689)

Users should upgrade to these updated packages, which contain a backported
patch to correct this issue. The desktop must be restarted (log out, then
log back in) for this update to take effect.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2009-November/078496.html
https://lists.centos.org/pipermail/centos-announce/2009-November/078497.html
https://lists.centos.org/pipermail/centos-announce/2009-November/078498.html
https://lists.centos.org/pipermail/centos-announce/2009-November/078499.html

Affected packages:
kdelibs
kdelibs-apidocs
kdelibs-devel

Upstream details at:
https://access.redhat.com/errata/RHSA-2009:1601

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.97 High

EPSS

Percentile

99.7%