Description: | The kdelibs packages provide libraries for the K Desktop Environment(KDE). Konqueror is a web browser.A heap-based buffer overflow flaw was found in the way the CSS (CascadingStyle Sheets) parser in kdelibs parsed the location of the source for fontfaces. A web page containing malicious content could cause an applicationusing kdelibs (such as Konqueror) to crash or, potentially, executearbitrary code with the privileges of the user running the application.(CVE-2012-4512)A heap-based buffer over-read flaw was found in the way kdelibs calculatedcanvas dimensions for large images. A web page containing malicious contentcould cause an application using kdelibs to crash or disclose portions ofits memory. (CVE-2012-4513)Users should upgrade to these updated packages, which contain backportedpatches to correct these issues. The desktop must be restarted (log out,then log back in) for this update to take effect. |