Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 279187 - <=kde-base/kdelibs-4.2.4 Remote code execution (CVE-2009-{1687,1698})
Summary: <=kde-base/kdelibs-4.2.4 Remote code execution (CVE-2009-{1687,1698})
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: ~1 [noglsa]
Keywords: InVCS
Depends on:
Blocks: CVE-2009-1687
  Show dependency tree
 
Reported: 2009-07-26 16:12 UTC by Robert Förster
Modified: 2009-09-14 22:36 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
patch from upstream svn (kdelibs-4.2.4-CVE-2009-1687.patch,750 bytes, patch)
2009-07-26 16:12 UTC, Robert Förster 		no flags Details | Diff
patch from upstream svn (kdelibs-4.2.4-CVE-2009-1698.patch,1.56 KB, patch)
2009-07-26 16:13 UTC, Robert Förster 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Förster 2009-07-26 16:12:05 UTC 
CVE-2009-1687 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1687):
  The JavaScript garbage collector in WebKit in Apple Safari before 4.0,
  iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1
  does not properly handle allocation failures, which allows remote attackers
  to execute arbitrary code or cause a denial of service (memory corruption
  and application crash) via a crafted HTML document that triggers write
  access to an "offset of a NULL pointer."

CVE-2009-1698 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1698):
  WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone
  OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during
  handling of a Cascading Style Sheets (CSS) attr function call with a large
  numerical argument, which allows remote attackers to execute arbitrary code
  or cause a denial of service (memory corruption and application crash) via
  a crafted HTML document.
Comment 1 Robert Förster 2009-07-26 16:12:40 UTC 
Created attachment 199233 [details, diff]
patch from upstream svn
Comment 2 Robert Förster 2009-07-26 16:13:08 UTC 
Created attachment 199234 [details, diff]
patch from upstream svn
Comment 3 Tomáš Chvátal (RETIRED) gentoo-dev 2009-07-30 13:30:16 UTC 
commited + revbumped.
Comment 4 Stefan Behte (RETIRED) gentoo-dev Security 2009-09-14 22:34:01 UTC 
Closing noglsa, as 4.x is unstable.
Comment 5 Stefan Behte (RETIRED) gentoo-dev Security 2009-09-14 22:35:50 UTC 
*** Bug 284116 has been marked as a duplicate of this bug. ***
Comment 6 Stefan Behte (RETIRED) gentoo-dev Security 2009-09-14 22:36:43 UTC 
*** Bug 284132 has been marked as a duplicate of this bug. ***