Oval Definition:oval:com.redhat.rhsa:def:20121416
Revision Date:2012-10-30Version:637
Title:RHSA-2012:1416: kdelibs security update (Critical)
Description:The kdelibs packages provide libraries for the K Desktop Environment (KDE). Konqueror is a web browser.

  • A heap-based buffer overflow flaw was found in the way the CSS (Cascading Style Sheets) parser in kdelibs parsed the location of the source for font faces. A web page containing malicious content could cause an application using kdelibs (such as Konqueror) to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-4512)

  • A heap-based buffer over-read flaw was found in the way kdelibs calculated canvas dimensions for large images. A web page containing malicious content could cause an application using kdelibs to crash or disclose portions of its memory. (CVE-2012-4513)

    Users should upgrade to these updated packages, which contain backported patches to correct these issues. The desktop must be restarted (log out, then log back in) for this update to take effect.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2012-4512
    CVE-2012-4513
    RHSA-2012:1416
    RHSA-2012:1416-01
    Platform(s):Red Hat Enterprise Linux 6
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • kdelibs is earlier than 6:4.3.4-14.el6_3.2
  • AND kdelibs is signed with Red Hat redhatrelease2 key
  • kdelibs-apidocs is earlier than 6:4.3.4-14.el6_3.2
  • AND kdelibs-apidocs is signed with Red Hat redhatrelease2 key
  • kdelibs-common is earlier than 6:4.3.4-14.el6_3.2
  • AND kdelibs-common is signed with Red Hat redhatrelease2 key
  • kdelibs-devel is earlier than 6:4.3.4-14.el6_3.2
  • AND kdelibs-devel is signed with Red Hat redhatrelease2 key
    • BACK