MDVSA-2009:331

Package name

kdegraphics

Date

2009-12-10

Advisory ID

MDVSA-2009:331

Affected versions

CS4.0 x86_64 , CS4.0 i586

Problem description

Multiple vulnerabilities has been found and corrected in kdegraphics:

Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2
and earlier allow remote attackers to cause a denial of service
(crash) via a crafted PDF file, related to (1) setBitmap and (2)
readSymbolDictSeg (CVE-2009-0146).

Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and
earlier allow remote attackers to cause a denial of service (crash)
via a crafted PDF file (CVE-2009-0147).

The JBIG2 decoder in Xpdf 3.02pl2 and earlier allows remote attackers
to cause a denial of service (crash) via a crafted PDF file that
triggers a free of uninitialized memory (CVE-2009-0166).

Multiple integer overflows in the pdftops filter in CUPS 1.1.17,
1.1.22, and 1.3.7 allow remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a crafted
PDF file that triggers a heap-based buffer overflow, possibly
related to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c, (4)
JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE: the
JBIG2Stream.cxx vector may overlap CVE-2009-1179. (CVE-2009-0791).

Use-after-free vulnerability in the garbage-collection implementation
in WebCore in WebKit in Apple Safari before 4.0 allows remote
attackers to execute arbitrary code or cause a denial of service
(heap corruption and application crash) via an SVG animation element,
related to SVG set objects, SVG marker elements, the targetElement
attribute, and unspecified caches. (CVE-2009-1709).

WebKit, as used in Safari before 3.2.3 and 4 Public Beta, on Apple
Mac OS X 10.4.11 and 10.5 before 10.5.7 and Windows allows remote
attackers to execute arbitrary code via a crafted SVGList object that
triggers memory corruption (CVE-2009-0945).

This update provides a solution to this vulnerability.

Updated packages

CS4.0 x86_64

 0fd67ad8a003f2cc7b4b5b0f295af59e  corporate/4.0/x86_64/kdegraphics-3.5.4-0.9.20060mlcs4.x86_64.rpm
 1e62299bf29230174331f43de7215366  corporate/4.0/x86_64/kdegraphics-common-3.5.4-0.9.20060mlcs4.x86_64.rpm
 a9c5b4e3f0db3db937261c8f504c44ca  corporate/4.0/x86_64/kdegraphics-kcolorchooser-3.5.4-0.9.20060mlcs4.x86_64.rpm
 0c0cfaf7fb1fe22bac1740425df135b2  corporate/4.0/x86_64/kdegraphics-kcoloredit-3.5.4-0.9.20060mlcs4.x86_64.rpm
 9e961f83cdc9734007f9d5a90f4c888c  corporate/4.0/x86_64/kdegraphics-kdvi-3.5.4-0.9.20060mlcs4.x86_64.rpm
 a7a5204dadd20443f879cc696906ed70  corporate/4.0/x86_64/kdegraphics-kfax-3.5.4-0.9.20060mlcs4.x86_64.rpm
 1bfb78ecd8e44dc61c48dad786238bad  corporate/4.0/x86_64/kdegraphics-kghostview-3.5.4-0.9.20060mlcs4.x86_64.rpm
 ddf5c19dbfcc64bb227173cb331dd661  corporate/4.0/x86_64/kdegraphics-kiconedit-3.5.4-0.9.20060mlcs4.x86_64.rpm
 3b77da395b388a38a39805244ffb45dc  corporate/4.0/x86_64/kdegraphics-kolourpaint-3.5.4-0.9.20060mlcs4.x86_64.rpm
 52a4a93e2655edafc36d2e75c4adacb0  corporate/4.0/x86_64/kdegraphics-kooka-3.5.4-0.9.20060mlcs4.x86_64.rpm
 6f4cdfee02441d22543b93252023490c  corporate/4.0/x86_64/kdegraphics-kpdf-3.5.4-0.9.20060mlcs4.x86_64.rpm
 e7351156f775cda56b9a026d6d230b66  corporate/4.0/x86_64/kdegraphics-kpovmodeler-3.5.4-0.9.20060mlcs4.x86_64.rpm
 54062812371d272f1f7115143d750d18  corporate/4.0/x86_64/kdegraphics-kruler-3.5.4-0.9.20060mlcs4.x86_64.rpm
 7967101313636798c9e67d7d6d9f7e8e  corporate/4.0/x86_64/kdegraphics-ksnapshot-3.5.4-0.9.20060mlcs4.x86_64.rpm
 db3dc6a00c46848ae9a31f8db2adb76b  corporate/4.0/x86_64/kdegraphics-ksvg-3.5.4-0.9.20060mlcs4.x86_64.rpm
 7bf017292f4ea7eb0007e30ee5f7ea06  corporate/4.0/x86_64/kdegraphics-kuickshow-3.5.4-0.9.20060mlcs4.x86_64.rpm
 ea3a9b102557f7b71e5988b11812fb9d  corporate/4.0/x86_64/kdegraphics-kview-3.5.4-0.9.20060mlcs4.x86_64.rpm
 49ce4f2918d3ca3a726f157db4e326ff  corporate/4.0/x86_64/kdegraphics-mrmlsearch-3.5.4-0.9.20060mlcs4.x86_64.rpm
 37962c005b21c9f034168193ac143686  corporate/4.0/x86_64/lib64kdegraphics0-common-3.5.4-0.9.20060mlcs4.x86_64.rpm
 78bc99fdf48570c57b8d8e04578d0b0f  corporate/4.0/x86_64/lib64kdegraphics0-common-devel-3.5.4-0.9.20060mlcs4.x86_64.rpm
 f2627650fccc5194666844f18ff6a2e9  corporate/4.0/x86_64/lib64kdegraphics0-kghostview-3.5.4-0.9.20060mlcs4.x86_64.rpm
 d6031ac8e48c554df0456a5c6ca25a6c  corporate/4.0/x86_64/lib64kdegraphics0-kghostview-devel-3.5.4-0.9.20060mlcs4.x86_64.rpm
 e485c792b85edd25c29025900c71d9a5  corporate/4.0/x86_64/lib64kdegraphics0-kooka-3.5.4-0.9.20060mlcs4.x86_64.rpm
 c9d19e68cc7d9b1c17fce9f572c063d7  corporate/4.0/x86_64/lib64kdegraphics0-kooka-devel-3.5.4-0.9.20060mlcs4.x86_64.rpm
 c984a53011f393d7cbb6f2cc0774efa3  corporate/4.0/x86_64/lib64kdegraphics0-kpovmodeler-3.5.4-0.9.20060mlcs4.x86_64.rpm
 8d1c6a2c8eaf161632f5a333bd1639d8  corporate/4.0/x86_64/lib64kdegraphics0-kpovmodeler-devel-3.5.4-0.9.20060mlcs4.x86_64.rpm
 0f066ee3e189779638a4c5d7c6d08b78  corporate/4.0/x86_64/lib64kdegraphics0-ksvg-3.5.4-0.9.20060mlcs4.x86_64.rpm
 7efa7c6905de7b624e95ea8ba16088d8  corporate/4.0/x86_64/lib64kdegraphics0-ksvg-devel-3.5.4-0.9.20060mlcs4.x86_64.rpm
 e407dc0360d9108ce56b58b0bbce8d7e  corporate/4.0/x86_64/lib64kdegraphics0-kview-3.5.4-0.9.20060mlcs4.x86_64.rpm
 a1227e9c72b228994582c91678763e1e  corporate/4.0/x86_64/lib64kdegraphics0-kview-devel-3.5.4-0.9.20060mlcs4.x86_64.rpm 
 64deef0a4a406a04f476f5263478d2e3  corporate/4.0/SRPMS/kdegraphics-3.5.4-0.9.20060mlcs4.src.rpm

CS4.0 i586

 0ec7bf7b568cd017c976b581046a4665  corporate/4.0/i586/kdegraphics-3.5.4-0.9.20060mlcs4.i586.rpm
 32bf2180033208d0d7fb98a1670f76ef  corporate/4.0/i586/kdegraphics-common-3.5.4-0.9.20060mlcs4.i586.rpm
 fc4d07f38b7c38a41924a87d1da87a7b  corporate/4.0/i586/kdegraphics-kcolorchooser-3.5.4-0.9.20060mlcs4.i586.rpm
 60ac7ec91991f24378608445602156b4  corporate/4.0/i586/kdegraphics-kcoloredit-3.5.4-0.9.20060mlcs4.i586.rpm
 e23a46f8928ff9bf43dfb85d030d66f4  corporate/4.0/i586/kdegraphics-kdvi-3.5.4-0.9.20060mlcs4.i586.rpm
 0da4d8567fd0102fa3b71e14d7e77cce  corporate/4.0/i586/kdegraphics-kfax-3.5.4-0.9.20060mlcs4.i586.rpm
 71e5fc67191644df05dc3eeaf3eea182  corporate/4.0/i586/kdegraphics-kghostview-3.5.4-0.9.20060mlcs4.i586.rpm
 5f712336e95e534ee5438bd6b601a6d5  corporate/4.0/i586/kdegraphics-kiconedit-3.5.4-0.9.20060mlcs4.i586.rpm
 b37b6097ac674ebc3296125ed1c33615  corporate/4.0/i586/kdegraphics-kolourpaint-3.5.4-0.9.20060mlcs4.i586.rpm
 d873b5de956fa6f936135a0046387bf1  corporate/4.0/i586/kdegraphics-kooka-3.5.4-0.9.20060mlcs4.i586.rpm
 2474e300ccd833db71a756b34d9fec94  corporate/4.0/i586/kdegraphics-kpdf-3.5.4-0.9.20060mlcs4.i586.rpm
 0454ff14fce7eda256890967555693bb  corporate/4.0/i586/kdegraphics-kpovmodeler-3.5.4-0.9.20060mlcs4.i586.rpm
 bd79021aab7f406657774da069cc677d  corporate/4.0/i586/kdegraphics-kruler-3.5.4-0.9.20060mlcs4.i586.rpm
 5ab29c519209bc802613729896d84c63  corporate/4.0/i586/kdegraphics-ksnapshot-3.5.4-0.9.20060mlcs4.i586.rpm
 771cf8aa682b615babcc8748cc09f4a9  corporate/4.0/i586/kdegraphics-ksvg-3.5.4-0.9.20060mlcs4.i586.rpm
 1445a204c7aa0dae1eefab7b0d5f5839  corporate/4.0/i586/kdegraphics-kuickshow-3.5.4-0.9.20060mlcs4.i586.rpm
 fbd113f1442541e0cb05b624a2e08c74  corporate/4.0/i586/kdegraphics-kview-3.5.4-0.9.20060mlcs4.i586.rpm
 94dec05663eb9499d974ba3d6b14e885  corporate/4.0/i586/kdegraphics-mrmlsearch-3.5.4-0.9.20060mlcs4.i586.rpm
 86ca6e187a798897c25d5c9a66112b96  corporate/4.0/i586/libkdegraphics0-common-3.5.4-0.9.20060mlcs4.i586.rpm
 ed07099f0f6983c87188cd7cbe6fa4f5  corporate/4.0/i586/libkdegraphics0-common-devel-3.5.4-0.9.20060mlcs4.i586.rpm
 978a543e6af07842a0facab486419848  corporate/4.0/i586/libkdegraphics0-kghostview-3.5.4-0.9.20060mlcs4.i586.rpm
 9a7f4cf394eda5f91fe2d288bf6f6248  corporate/4.0/i586/libkdegraphics0-kghostview-devel-3.5.4-0.9.20060mlcs4.i586.rpm
 c47855bb4af164237de071eca478b852  corporate/4.0/i586/libkdegraphics0-kooka-3.5.4-0.9.20060mlcs4.i586.rpm
 61361d801c9e0bfc677147a0ebed83cc  corporate/4.0/i586/libkdegraphics0-kooka-devel-3.5.4-0.9.20060mlcs4.i586.rpm
 78333238aa1949fbd32f4bbe17587819  corporate/4.0/i586/libkdegraphics0-kpovmodeler-3.5.4-0.9.20060mlcs4.i586.rpm
 cd42ba63d5df96750d5e0b65662a16c7  corporate/4.0/i586/libkdegraphics0-kpovmodeler-devel-3.5.4-0.9.20060mlcs4.i586.rpm
 45077a5366e72fd55f7ddf819ce087f9  corporate/4.0/i586/libkdegraphics0-ksvg-3.5.4-0.9.20060mlcs4.i586.rpm
 efbe90c91e2762073332c0994bdf0349  corporate/4.0/i586/libkdegraphics0-ksvg-devel-3.5.4-0.9.20060mlcs4.i586.rpm
 4acdcf255082a2bb7328a4ac805dbcaa  corporate/4.0/i586/libkdegraphics0-kview-3.5.4-0.9.20060mlcs4.i586.rpm
 fddafb351cdd4da03e33f08d4af73622  corporate/4.0/i586/libkdegraphics0-kview-devel-3.5.4-0.9.20060mlcs4.i586.rpm 
 64deef0a4a406a04f476f5263478d2e3  corporate/4.0/SRPMS/kdegraphics-3.5.4-0.9.20060mlcs4.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1709
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0945
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0791
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146