Debian Security Advisory DSA 1868-1 (kde4libs)

The remote host is missing an update to kde4libs announced via advisory DSA 1868-1.

Several security issues have been discovered in kde4libs, core libraries for all KDE 4 applications. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-1690 It was discovered that there is a use-after-free flaw in handling certain DOM event handlers. This could lead to the execution of arbitrary code, when visiting a malicious website. CVE-2009-1698 It was discovered that there could be an uninitialised pointer when handling a Cascading Style Sheets (CSS) attr function call. This could lead to the execution of arbitrary code, when visiting a malicious website. CVE-2009-1687 It was discovered that the JavaScript garbage collector does not handle allocation failures properly, which could lead to the execution of arbitrary code when visiting a malicious website. For the stable distribution (lenny), these problems have been fixed in version 4:4.1.0-3+lenny1. The oldstable distribution (etch) does not contain kde4libs. For the testing distribution (squeeze), these problems will be fixed soon. For the unstable distribution (sid), these problems have been fixed in version 4:4.3.0-1. We recommend that you upgrade your kde4libs packages.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201868-1