From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1866-1
[email protected] http://www.debian.org/security/ Steffen Joeris
August 19, 2009
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : kdegraphics
Vulnerability : several vulnerabilities
Problem type : local (remote)
Debian-specific: no
CVE Ids : CVE-2009-0945 CVE-2009-1709
Debian Bugs : 534918 534951
Two security issues have been discovered in kdegraphics, the graphics
apps from the official KDE release. The Common Vulnerabilities and
Exposures project identifies the following problems:
CVE-2009-0945
It was discovered that the KSVG animation element implementation suffers
from a null pointer dereference flaw, which could lead to the execution
of arbitrary code.
CVE-2009-1709
It was discovered that the KSVG animation element implementation is
prone to a use-after-free flaw, which could lead to the execution of
arbitrary code.
For the stable distribution (lenny), these problems have been fixed in
version 4:3.5.9-3+lenny2.
For the oldstable distribution (etch), these problems have been fixed
in version 4:3.5.5-3etch4.
For the testing distribution (squeeze) and the unstable distribution
(sid), these problems have been fixed in version 4:4.0.
We recommend that you upgrade your kdegraphics packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.5.5.orig.tar.gz
Size/MD5 checksum: 9012930 944e16dde53ffdb8c25a90d951a9d223
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.5.5-3etch4.diff.gz
Size/MD5 checksum: 433818 8c1a41d4076f3a108609434fc8997d48
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.5.5-3etch4.dsc
Size/MD5 checksum: 1544 03c87aafcfd3e8cd6f84c978e646c5ee
Architecture independent packages:
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.5.5-3etch4_all.deb
Size/MD5 checksum: 20288 66dbc58cc88b11da8538c327ae6d551b
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-doc-html_3.5.5-3etch4_all.deb
Size/MD5 checksum: 157116 078c6891e40f3bf36f45f7b7ea42eee6
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dev_3.5.5-3etch4_alpha.deb
Size/MD5 checksum: 102258 7f7d82110276768e657aa15a31471308
http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_3.5.5-3etch4_alpha.deb
Size/MD5 checksum: 255084 04763a2e97c073eff124347f84bb071e
http://security.debian.org/pool/updates/main/k/kdegraphics/kolourpaint_3.5.5-3etch4_alpha.deb
Size/MD5 checksum: 1147948 8267c5d942edf0761e89937c6224fca4
http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_3.5.5-3etch4_alpha.deb
Size/MD5 checksum: 781488 1eec2fdc0820eee3096c69bd71c11363
http://security.debian.org/pool/updates/main/k/kdegraphics/kmrml_3.5.5-3etch4_alpha.deb
Size/MD5 checksum: 250644 f41d0a34c3571dc281489d2e2743e875
http://security.debian.org/pool/updates/main/k/kdegraphics/ksvg_3.5.5-3etch4_alpha.deb
Size/MD5 checksum: 1366844 6cfe9ac71b9e2407e94f723590a02cd3
http://security.debian.org/pool/updates/main/k/kdegraphics/kpovmodeler_3.5.5-3etch4_alpha.deb
Size/MD5 checksum: 2377040 acac4f230cb1c47559b6b48ea7de7e0d
http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_3.5.5-3etch4_alpha.deb
Size/MD5 checksum: 118872 04643ebce1e7e2144209241f84991504
http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_3.5.5-3etch4_alpha.deb
Size/MD5 checksum: 67884 5b7533a411283f4315ea5a2bf88dc7ae
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.5-3etch4_alpha.deb
Size/MD5 checksum: 322628 379f5e1210ef000938ce4718634a2e6c
http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_3.5.5-3etch4_alpha.deb
Size/MD5 checksum: 180500 1f9ab6ce5a105c39f7c0a4008af60209
http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_3.5.5-3etch4_alpha.deb
Size/MD5 checksum: 97726 235f5c00538f6e4b3b90e67a576351a2
http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_3.5.5-3etch4_alpha.deb
Size/MD5 checksum: 153990 eb341552059031be19b8746143480d23
http://security.debian.org/pool/updates/main/k/kdegraphics/kfaxview_3.5.5-3etch4_alpha.deb
Size/MD5 checksum: 113190 94afb67f7afd1872678a6fea0bac2910
http://security.debian.org/pool/updates/main/k/kdegraphics/kview_3.5.5-3etch4_alpha.deb
Size/MD5 checksum: 437982 253ed233886e25f0cbe77ca31c1b2c87
http://security.debian.org/pool/updates/main/k/kdegraphics/kdvi_3.5.5-3etch4_alpha.deb
Size/MD5 checksum: 548552 bf6ccb8171148d779e9beabdfeab2564
http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics-dbg_3.5.5-3etch4_alpha.deb
Size/MD5 checksum: 34299608 722939b942f5b119ea9084f2c322f7f1
http://security.debian.org/pool/updates/main/k/kdegraphics/kgamma_3.5.5-3etch4_alpha.deb
Size/MD5 checksum: 83046 c194631b70ae884f2be4d39db19bc6b9
http://security.debian.org/pool/updates/main/k/kdegraphics/kpdf_3.5.5-3etch4_alpha.deb
Size/MD5 checksum: 860498 fed5176dfafb82428ebc5d8c2bb5d661
http://security.debian.org/pool/updates/main/k/kdegraphics/kfax_3.5.5-3etch4_alpha.deb
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)