Fedora Core 10 FEDORA-2009-8020 (kdelibs3)

  1. Network Vulnerabilities
  2. Fedora Local Security Checks
  3. Fedora Core 10 FEDORA-2009-8020 (kdelibs3)
Summary
The remote host is missing an update to kdelibs3 announced via advisory FEDORA-2009-8020.
Solution
Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update kdelibs3' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-8020
Insight
Update Information: This update fixes several security issues in the KDE 3 compatibility version of KHTML (CVE-2009-1725, CVE-2009-1690, CVE-2009-1687, CVE-2009-1698, CVE-2009-2537) which may lead to a denial of service or potentially even arbitrary code execution. In addition, the package was fixed to build with the latest version of automake, and the following fixes and improvements were merged from the Fedora 11 package: * slight speedup to /etc/profile.d/kde.sh, * fixed unowned directories, * fixed harmless (as the file contents match) file conflicts with KDE 4.2.x, * fixed build with GCC 4.4 (but this package is built with Fedora 10's GCC 4.3.2), * moved Qt Designer plugins to the runtime package as they can be needed at runtime (e.g. by PyKDE programs), * kdelibs3-apidocs is now a noarch subpackage. ChangeLog: * Sun Jul 26 2009 Kevin Kofler - 3.5.10-13 - fix CVE-2009-2537 - select length DoS - fix CVE-2009-1725 - crash, possible ACE in numeric character references - fix CVE-2009-1690 - crash, possible ACE in KHTML ( use-after-free) - fix CVE-2009-1687 - possible ACE in KJS (FIXME: still crashes?) - fix CVE-2009-1698 - crash, possible ACE in CSS style attribute handling * Fri Jul 24 2009 Fedora Release Engineering - 3.5.10-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Sat Jul 18 2009 Rex Dieter - 3.5.10-12 - FTBFS kdelibs3-3.5.10-11.fc11 (#511571) - -devel: Requires: %{name}%_isa ...
References
Updated on 2015-03-25
Severity
High Severity
Classification
Related Vulnerabilities