(RHSA-2012:1418) Critical: kdelibs security update

2012-10-3000:00:00

access.redhat.com

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.077 Low

EPSS

Percentile

93.5%

JSON

The kdelibs packages provide libraries for the K Desktop Environment
(KDE). Konqueror is a web browser.

A heap-based buffer overflow flaw was found in the way the CSS (Cascading
Style Sheets) parser in kdelibs parsed the location of the source for font
faces. A web page containing malicious content could cause an application
using kdelibs (such as Konqueror) to crash or, potentially, execute
arbitrary code with the privileges of the user running the application.
(CVE-2012-4512)

A heap-based buffer over-read flaw was found in the way kdelibs calculated
canvas dimensions for large images. A web page containing malicious content
could cause an application using kdelibs to crash or disclose portions of
its memory. (CVE-2012-4513)

Users should upgrade to these updated packages, which contain backported
patches to correct these issues. The desktop must be restarted (log out,
then log back in) for this update to take effect.

OSVersionArchitecturePackageVersionFilename
RedHat6s390xkdelibs-debuginfo< 4.3.4-19.el6kdelibs-debuginfo-4.3.4-19.el6.s390x.rpm
RedHat6ppc64kdelibs-devel< 4.3.4-19.el6kdelibs-devel-4.3.4-19.el6.ppc64.rpm
RedHat6i686kdelibs-debuginfo< 4.3.4-19.el6kdelibs-debuginfo-4.3.4-19.el6.i686.rpm
RedHat6x86_64kdelibs-common< 4.3.4-19.el6kdelibs-common-4.3.4-19.el6.x86_64.rpm
RedHat6ppckdelibs-debuginfo< 4.3.4-19.el6kdelibs-debuginfo-4.3.4-19.el6.ppc.rpm
RedHat6ppc64kdelibs-common< 4.3.4-19.el6kdelibs-common-4.3.4-19.el6.ppc64.rpm
RedHat6ppckdelibs< 4.3.4-19.el6kdelibs-4.3.4-19.el6.ppc.rpm
RedHat6i686kdelibs-common< 4.3.4-19.el6kdelibs-common-4.3.4-19.el6.i686.rpm
RedHat6i686kdelibs< 4.3.4-19.el6kdelibs-4.3.4-19.el6.i686.rpm
RedHat6ppckdelibs-devel< 4.3.4-19.el6kdelibs-devel-4.3.4-19.el6.ppc.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	6	s390x	kdelibs-debuginfo	< 4.3.4-19.el6	kdelibs-debuginfo-4.3.4-19.el6.s390x.rpm
RedHat	6	ppc64	kdelibs-devel	< 4.3.4-19.el6	kdelibs-devel-4.3.4-19.el6.ppc64.rpm
RedHat	6	i686	kdelibs-debuginfo	< 4.3.4-19.el6	kdelibs-debuginfo-4.3.4-19.el6.i686.rpm
RedHat	6	x86_64	kdelibs-common	< 4.3.4-19.el6	kdelibs-common-4.3.4-19.el6.x86_64.rpm
RedHat	6	ppc	kdelibs-debuginfo	< 4.3.4-19.el6	kdelibs-debuginfo-4.3.4-19.el6.ppc.rpm
RedHat	6	ppc64	kdelibs-common	< 4.3.4-19.el6	kdelibs-common-4.3.4-19.el6.ppc64.rpm
RedHat	6	ppc	kdelibs	< 4.3.4-19.el6	kdelibs-4.3.4-19.el6.ppc.rpm
RedHat	6	i686	kdelibs-common	< 4.3.4-19.el6	kdelibs-common-4.3.4-19.el6.i686.rpm
RedHat	6	i686	kdelibs	< 4.3.4-19.el6	kdelibs-4.3.4-19.el6.i686.rpm
RedHat	6	ppc	kdelibs-devel	< 4.3.4-19.el6	kdelibs-devel-4.3.4-19.el6.ppc.rpm