[ MDVSA-2009:331 ] kdegraphics




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:331
http://www.mandriva.com/security/
_______________________________________________________________________

Package : kdegraphics
Date : December 10, 2009
Affected: Corporate 4.0
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been found and corrected in kdegraphics:

Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2
and earlier allow remote attackers to cause a denial of service
(crash) via a crafted PDF file, related to (1) setBitmap and (2)
readSymbolDictSeg (CVE-2009-0146).

Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and
earlier allow remote attackers to cause a denial of service (crash)
via a crafted PDF file (CVE-2009-0147).

The JBIG2 decoder in Xpdf 3.02pl2 and earlier allows remote attackers
to cause a denial of service (crash) via a crafted PDF file that
triggers a free of uninitialized memory (CVE-2009-0166).

Multiple integer overflows in the pdftops filter in CUPS 1.1.17,
1.1.22, and 1.3.7 allow remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a crafted
PDF file that triggers a heap-based buffer overflow, possibly
related to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c, (4)
JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE: the
JBIG2Stream.cxx vector may overlap CVE-2009-1179. (CVE-2009-0791).

Use-after-free vulnerability in the garbage-collection implementation
in WebCore in WebKit in Apple Safari before 4.0 allows remote
attackers to execute arbitrary code or cause a denial of service
(heap corruption and application crash) via an SVG animation element,
related to SVG set objects, SVG marker elements, the targetElement
attribute, and unspecified caches. (CVE-2009-1709).

WebKit, as used in Safari before 3.2.3 and 4 Public Beta, on Apple
Mac OS X 10.4.11 and 10.5 before 10.5.7 and Windows allows remote
attackers to execute arbitrary code via a crafted SVGList object that
triggers memory corruption (CVE-2009-0945).

This update provides a solution to this vulnerability.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0146
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0791
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0945
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1709
_______________________________________________________________________

Updated Packages:

Corporate 4.0:
0ec7bf7b568cd017c976b581046a4665 corporate/4.0/i586/kdegraphics-3.5.4-0.9.20060mlcs4.i586.rpm
32bf2180033208d0d7fb98a1670f76ef corporate/4.0/i586/kdegraphics-common-3.5.4-0.9.20060mlcs4.i586.rpm
fc4d07f38b7c38a41924a87d1da87a7b corporate/4.0/i586/kdegraphics-kcolorchooser-3.5.4-0.9.20060mlcs4.i586.rpm
60ac7ec91991f24378608445602156b4 corporate/4.0/i586/kdegraphics-kcoloredit-3.5.4-0.9.20060mlcs4.i586.rpm
e23a46f8928ff9bf43dfb85d030d66f4 corporate/4.0/i586/kdegraphics-kdvi-3.5.4-0.9.20060mlcs4.i586.rpm
0da4d8567fd0102fa3b71e14d7e77cce corporate/4.0/i586/kdegraphics-kfax-3.5.4-0.9.20060mlcs4.i586.rpm
71e5fc67191644df05dc3eeaf3eea182 corporate/4.0/i586/kdegraphics-kghostview-3.5.4-0.9.20060mlcs4.i586.rpm
5f712336e95e534ee5438bd6b601a6d5 corporate/4.0/i586/kdegraphics-kiconedit-3.5.4-0.9.20060mlcs4.i586.rpm
b37b6097ac674ebc3296125ed1c33615 corporate/4.0/i586/kdegraphics-kolourpaint-3.5.4-0.9.20060mlcs4.i586.rpm
d873b5de956fa6f936135a0046387bf1 corporate/4.0/i586/kdegraphics-kooka-3.5.4-0.9.20060mlcs4.i586.rpm
2474e300ccd833db71a756b34d9fec94 corporate/4.0/i586/kdegraphics-kpdf-3.5.4-0.9.20060mlcs4.i586.rpm
0454ff14fce7eda256890967555693bb corporate/4.0/i586/kdegraphics-kpovmodeler-3.5.4-0.9.20060mlcs4.i586.rpm
bd79021aab7f406657774da069cc677d corporate/4.0/i586/kdegraphics-kruler-3.5.4-0.9.20060mlcs4.i586.rpm
5ab29c519209bc802613729896d84c63 corporate/4.0/i586/kdegraphics-ksnapshot-3.5.4-0.9.20060mlcs4.i586.rpm
771cf8aa682b615babcc8748cc09f4a9 corporate/4.0/i586/kdegraphics-ksvg-3.5.4-0.9.20060mlcs4.i586.rpm
1445a204c7aa0dae1eefab7b0d5f5839 corporate/4.0/i586/kdegraphics-kuickshow-3.5.4-0.9.20060mlcs4.i586.rpm
fbd113f1442541e0cb05b624a2e08c74 corporate/4.0/i586/kdegraphics-kview-3.5.4-0.9.20060mlcs4.i586.rpm
94dec05663eb9499d974ba3d6b14e885 corporate/4.0/i586/kdegraphics-mrmlsearch-3.5.4-0.9.20060mlcs4.i586.rpm
86ca6e187a798897c25d5c9a66112b96 corporate/4.0/i586/libkdegraphics0-common-3.5.4-0.9.20060mlcs4.i586.rpm
ed07099f0f6983c87188cd7cbe6fa4f5 corporate/4.0/i586/libkdegraphics0-common-devel-3.5.4-0.9.20060mlcs4.i586.rpm
978a543e6af07842a0facab486419848 corporate/4.0/i586/libkdegraphics0-kghostview-3.5.4-0.9.20060mlcs4.i586.rpm
9a7f4cf394eda5f91fe2d288bf6f6248 corporate/4.0/i586/libkdegraphics0-kghostview-devel-3.5.4-0.9.20060mlcs4.i586.rpm
c47855bb4af164237de071eca478b852 corporate/4.0/i586/libkdegraphics0-kooka-3.5.4-0.9.20060mlcs4.i586.rpm
61361d801c9e0bfc677147a0ebed83cc corporate/4.0/i586/libkdegraphics0-kooka-devel-3.5.4-0.9.20060mlcs4.i586.rpm
78333238aa1949fbd32f4bbe17587819 corporate/4.0/i586/libkdegraphics0-kpovmodeler-3.5.4-0.9.20060mlcs4.i586.rpm
cd42ba63d5df96750d5e0b65662a16c7 corporate/4.0/i586/libkdegraphics0-kpovmodeler-devel-3.5.4-0.9.20060mlcs4.i586.rpm
45077a5366e72fd55f7ddf819ce087f9 corporate/4.0/i586/libkdegraphics0-ksvg-3.5.4-0.9.20060mlcs4.i586.rpm
efbe90c91e2762073332c0994bdf0349 corporate/4.0/i586/libkdegraphics0-ksvg-devel-3.5.4-0.9.20060mlcs4.i586.rpm
4acdcf255082a2bb7328a4ac805dbcaa corporate/4.0/i586/libkdegraphics0-kview-3.5.4-0.9.20060mlcs4.i586.rpm
fddafb351cdd4da03e33f08d4af73622 corporate/4.0/i586/libkdegraphics0-kview-devel-3.5.4-0.9.20060mlcs4.i586.rpm
64deef0a4a406a04f476f5263478d2e3 corporate/4.0/SRPMS/kdegraphics-3.5.4-0.9.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
0fd67ad8a003f2cc7b4b5b0f295af59e corporate/4.0/x86_64/kdegraphics-3.5.4-0.9.20060mlcs4.x86_64.rpm
1e62299bf29230174331f43de7215366 corporate/4.0/x86_64/kdegraphics-common-3.5.4-0.9.20060mlcs4.x86_64.rpm
a9c5b4e3f0db3db937261c8f504c44ca corporate/4.0/x86_64/kdegraphics-kcolorchooser-3.5.4-0.9.20060mlcs4.x86_64.rpm
0c0cfaf7fb1fe22bac1740425df135b2 corporate/4.0/x86_64/kdegraphics-kcoloredit-3.5.4-0.9.20060mlcs4.x86_64.rpm
9e961f83cdc9734007f9d5a90f4c888c corporate/4.0/x86_64/kdegraphics-kdvi-3.5.4-0.9.20060mlcs4.x86_64.rpm
a7a5204dadd20443f879cc696906ed70 corporate/4.0/x86_64/kdegraphics-kfax-3.5.4-0.9.20060mlcs4.x86_64.rpm
1bfb78ecd8e44dc61c48dad786238bad corporate/4.0/x86_64/kdegraphics-kghostview-3.5.4-0.9.20060mlcs4.x86_64.rpm
ddf5c19dbfcc64bb227173cb331dd661 corporate/4.0/x86_64/kdegraphics-kiconedit-3.5.4-0.9.20060mlcs4.x86_64.rpm
3b77da395b388a38a39805244ffb45dc corporate/4.0/x86_64/kdegraphics-kolourpaint-3.5.4-0.9.20060mlcs4.x86_64.rpm
52a4a93e2655edafc36d2e75c4adacb0 corporate/4.0/x86_64/kdegraphics-kooka-3.5.4-0.9.20060mlcs4.x86_64.rpm
6f4cdfee02441d22543b93252023490c corporate/4.0/x86_64/kdegraphics-kpdf-3.5.4-0.9.20060mlcs4.x86_64.rpm
e7351156f775cda56b9a026d6d230b66 corporate/4.0/x86_64/kdegraphics-kpovmodeler-3.5.4-0.9.20060mlcs4.x86_64.rpm
54062812371d272f1f7115143d750d18 corporate/4.0/x86_64/kdegraphics-kruler-3.5.4-0.9.20060mlcs4.x86_64.rpm
7967101313636798c9e67d7d6d9f7e8e corporate/4.0/x86_64/kdegraphics-ksnapshot-3.5.4-0.9.20060mlcs4.x86_64.rpm
db3dc6a00c46848ae9a31f8db2adb76b corporate/4.0/x86_64/kdegraphics-ksvg-3.5.4-0.9.20060mlcs4.x86_64.rpm
7bf017292f4ea7eb0007e30ee5f7ea06 corporate/4.0/x86_64/kdegraphics-kuickshow-3.5.4-0.9.20060mlcs4.x86_64.rpm
ea3a9b102557f7b71e5988b11812fb9d corporate/4.0/x86_64/kdegraphics-kview-3.5.4-0.9.20060mlcs4.x86_64.rpm
49ce4f2918d3ca3a726f157db4e326ff corporate/4.0/x86_64/kdegraphics-mrmlsearch-3.5.4-0.9.20060mlcs4.x86_64.rpm
37962c005b21c9f034168193ac143686 corporate/4.0/x86_64/lib64kdegraphics0-common-3.5.4-0.9.20060mlcs4.x86_64.rpm
78bc99fdf48570c57b8d8e04578d0b0f corporate/4.0/x86_64/lib64kdegraphics0-common-devel-3.5.4-0.9.20060mlcs4.x86_64.rpm
f2627650fccc5194666844f18ff6a2e9 corporate/4.0/x86_64/lib64kdegraphics0-kghostview-3.5.4-0.9.20060mlcs4.x86_64.rpm
d6031ac8e48c554df0456a5c6ca25a6c corporate/4.0/x86_64/lib64kdegraphics0-kghostview-devel-3.5.4-0.9.20060mlcs4.x86_64.rpm
e485c792b85edd25c29025900c71d9a5 corporate/4.0/x86_64/lib64kdegraphics0-kooka-3.5.4-0.9.20060mlcs4.x86_64.rpm
c9d19e68cc7d9b1c17fce9f572c063d7 corporate/4.0/x86_64/lib64kdegraphics0-kooka-devel-3.5.4-0.9.20060mlcs4.x86_64.rpm
c984a53011f393d7cbb6f2cc0774efa3 corporate/4.0/x86_64/lib64kdegraphics0-kpovmodeler-3.5.4-0.9.20060mlcs4.x86_64.rpm
8d1c6a2c8eaf161632f5a333bd1639d8 corporate/4.0/x86_64/lib64kdegraphics0-kpovmodeler-devel-3.5.4-0.9.20060mlcs4.x86_64.rpm
0f066ee3e189779638a4c5d7c6d08b78 corporate/4.0/x86_64/lib64kdegraphics0-ksvg-3.5.4-0.9.20060mlcs4.x86_64.rpm
7efa7c6905de7b624e95ea8ba16088d8 corporate/4.0/x86_64/lib64kdegraphics0-ksvg-devel-3.5.4-0.9.20060mlcs4.x86_64.rpm
e407dc0360d9108ce56b58b0bbce8d7e corporate/4.0/x86_64/lib64kdegraphics0-kview-3.5.4-0.9.20060mlcs4.x86_64.rpm
a1227e9c72b228994582c91678763e1e corporate/4.0/x86_64/lib64kdegraphics0-kview-devel-3.5.4-0.9.20060mlcs4.x86_64.rpm
64deef0a4a406a04f476f5263478d2e3 corporate/4.0/SRPMS/kdegraphics-3.5.4-0.9.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLIQ2nmqjQ0CJFipgRAtveAKDD76Mn1SvVN71DMEESnFqN7Qk5+wCdGGMa
H2tf9QJ8H8rPmPybWHl8Yxs=
=DMWI
-----END PGP SIGNATURE-----



Relevant Pages

  • [Full-disclosure] [ MDVSA-2009:330 ] kdelibs
    ... Multiple vulnerabilities has been found and corrected in kdelibs: ... allows remote attackers to execute arbitrary code or cause a denial ... GPG public key of the Mandriva Security Team by executing: ...
    (Full-Disclosure)
  • [ MDVSA-2009:330 ] kdelibs
    ... Multiple vulnerabilities has been found and corrected in kdelibs: ... allows remote attackers to execute arbitrary code or cause a denial ... GPG public key of the Mandriva Security Team by executing: ...
    (Bugtraq)
  • [Full-disclosure] [ MDVSA-2009:331 ] kdegraphics
    ... Multiple vulnerabilities has been found and corrected in kdegraphics: ... earlier allow remote attackers to cause a denial of service ... GPG public key of the Mandriva Security Team by executing: ...
    (Full-Disclosure)
  • [Full-disclosure] [ MDVSA-2009:183 ] apache-mod_security
    ... Multiple vulnerabilities has been found and corrected in mod_security: ... All packages are signed by Mandriva for security. ... GPG public key of the Mandriva Security Team by executing: ...
    (Full-Disclosure)
  • [ MDVSA-2009:183 ] apache-mod_security
    ... Multiple vulnerabilities has been found and corrected in mod_security: ... All packages are signed by Mandriva for security. ... GPG public key of the Mandriva Security Team by executing: ...
    (Bugtraq)