Bug 443766 (CVE-2008-1670)
Summary: | CVE-2008-1670 kdelibs: Buffer overflow in KHTML's image loader | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> | ||||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||
Status: | CLOSED ERRATA | QA Contact: | |||||||
Severity: | high | Docs Contact: | |||||||
Priority: | high | ||||||||
Version: | unspecified | CC: | kevin, ltinkl, rdieter, security-response-team, than | ||||||
Target Milestone: | --- | Keywords: | Security | ||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2008-07-25 10:16:15 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Bug Depends On: | 444398, 444399 | ||||||||
Bug Blocks: | |||||||||
Attachments: |
|
Description
Tomas Hoger
2008-04-23 08:01:35 UTC
Created attachment 303447 [details]
Upstream patch
This issue did not affect versions of kdelibs as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Affected versions of KDE are currently only shipped in Fedora 9/rawhide. Created attachment 303483 [details]
PNG image from tapioca.sourceforge.net that crashes konqueror
Upstream bug report: http://bugs.kde.org/show_bug.cgi?id=156623 The fix is present in CVS (both devel and F-9), kdelibs-4.0.3-7 Public now, lifting embargo: http://www.kde.org/info/security/advisory-20080426-1.txt As mentioned in comment #5, this was already fixed in F9 and rawhide. It's probably worth requesting freeze break for kdelibs-4.0.3-7.fc9. There are kdelibs4 packages in F7 and F8, that should be affected as well, even though I'm not sure if there's any application in F7 and F8 that may be using vulnerable code at the moment. kdelibs-4.0.3-7.fc9 tagged f9-final. kdelibs4-4.0.3-7.fc7, qt4-4.3.4-11.fc7, kdebase-runtime-4.0.3-10.fc7.1, kde-filesystem-4-14.fc7, kdebase4-4.0.3-9.fc7, kdepimlibs-4.0.3-3.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report. kde-filesystem-4-14.fc8, kdebase4-4.0.3-9.fc8, kdebase-runtime-4.0.3-10.fc8.1, kdepimlibs-4.0.3-3.fc8, kdelibs4-4.0.3-7.fc8, qt4-4.3.4-11.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. This issue was addressed in: Fedora: https://admin.fedoraproject.org/updates/F8/FEDORA-2008-3412 |