Mandriva Security Advisory MDVSA-2009:331 (kdegraphics)

Summary
The remote host is missing an update to kdegraphics announced via advisory MDVSA-2009:331.
Solution
To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:331
Insight
Multiple vulnerabilities has been found and corrected in kdegraphics: Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) setBitmap and (2) readSymbolDictSeg (CVE-2009-0146). Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier allow remote attackers to cause a denial of service (crash) via a crafted PDF file (CVE-2009-0147). The JBIG2 decoder in Xpdf 3.02pl2 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory (CVE-2009-0166). Multiple integer overflows in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file that triggers a heap-based buffer overflow, possibly related to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c, (4) JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE: the JBIG2Stream.cxx vector may overlap CVE-2009-1179. (CVE-2009-0791). Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via an SVG animation element, related to SVG set objects, SVG marker elements, the targetElement attribute, and unspecified caches. (CVE-2009-1709). WebKit, as used in Safari before 3.2.3 and 4 Public Beta, on Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 and Windows allows remote attackers to execute arbitrary code via a crafted SVGList object that triggers memory corruption (CVE-2009-0945). This update provides a solution to this vulnerability. Affected: Corporate 4.0