kdelibs-3.5.5-11.24AXS3
エラータID: AXSA:2009-74:01
KDE Libraries include: kdecore (KDE core library), kdeui (user interface), kfm (file manager), khtmlw (HTML widget), kio (Input/Output, networking), kspell (spelling checker), jscript (javascript), kab (addressbook), kimgio (image manipulation).
Fixed bugs:
CVE-2009-1687
The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an offset of a NULL pointer.
CVE-2009-1690
Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to recursion in certain DOM event handlers.
CVE-2009-1698
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
Update packages.
The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document that triggers write access to an "offset of a NULL pointer."
Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to "recursion in certain DOM event handlers."
WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
N/A
SRPMS
- kdelibs-3.5.5-11.24AXS3.src.rpm
MD5: 71f46b5cae0f83b1289c49035d68d1f9
SHA-256: 95f900bb81fb59ac5f46e4cab460042ac307480048a3a15f20a79734d765b55e
Size: 14.93 MB
Asianux Server 3 for x86
- kdelibs-3.5.5-11.24AXS3.i386.rpm
MD5: a2b51ee768c7b9fb8781c362fd84b2ce
SHA-256: df0e9dcc69570b8914cdf3407036e3b297b1b6b92cb82406fd272392ddfdc9ef
Size: 13.05 MB - kdelibs-devel-3.5.5-11.24AXS3.i386.rpm
MD5: ded6a64321da816a3844fd97c11b8d36
SHA-256: 146192ef002691afb9717abde396cf912003aad0ffe7747eb80211f3cfebc58b
Size: 1.34 MB
Asianux Server 3 for x86_64
- kdelibs-3.5.5-11.24AXS3.x86_64.rpm
MD5: efa571388756e2a2b37267048f46309a
SHA-256: 8b8f45f8f5b532c61ef0dca9289f2306d53c9f8a2952505dfc0fc1e057427866
Size: 13.16 MB - kdelibs-devel-3.5.5-11.24AXS3.x86_64.rpm
MD5: 7f07b87c9cf05dcc865f747d41650e81
SHA-256: 3c5a4864b237ab503f678d0115bda94c42637829772ad7522b9046f504a3ca34
Size: 1.34 MB