CentOS Update For Kdelibs CESA-2009:1128 Centos3 I386 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

The kdelibs packages provide libraries for the K Desktop Environment (KDE). A flaw was found in the way the KDE CSS parser handled content for the CSS &quot style&quot attribute. A remote attacker could create a specially-crafted CSS equipped HTML page, which once visited by an unsuspecting user, could cause a denial of service (Konqueror crash) or, potentially, execute arbitrary code with the privileges of the user running Konqueror. (CVE-2009-1698) Users should upgrade to these updated packages, which contain a backported patch to correct this issue. The desktop must be restarted (log out, then log back in) for this update to take effect.

Affected

kdelibs on CentOS 3

References

http://lists.centos.org/pipermail/centos-announce/2009-June/016001.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-1698

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

CentOS Security Advisory CESA-2009:1203 (subversion)
CentOS Security Advisory CESA-2009:0257 (seamonkey)
CentOS Security Advisory CESA-2009:0479 (perl-DBD-Pg)
CentOS Security Advisory CESA-2009:0420 (ghostscript)
CentOS Security Advisory CESA-2009:0012 (netpbm)

CentOS Update for kdelibs CESA-2009:1128 centos3 i386

Take action and discover your vulnerabilities