A NULL pointer dereference flaw was found in the way HTML implementation of KDE libraries performed processing of HTML pages containing frames with null parts. A remote attacker could provide a specially-crafted web page that, when opened in an application linked against KDE libraries (such as konqueror) would lead to that application crash. Relevant upstream patch: [1] https://projects.kde.org/projects/kde/kdelibs/repository/revisions/65464349951e0df9b5d80c2eb3cc7458d54923ae References: [2] http://www.openwall.com/lists/oss-security/2012/10/10/11 [3] http://www.openwall.com/lists/oss-security/2012/10/11/11
This issue did NOT affect the versions of the kdelibs package, as shipped with Red Hat Enterprise Linux 5 and 6.
Statement: Not a security flaw. Red Hat Security Response Team does not consider a user-assisted end user application crash (such a konqueror) to be a security issue.
This is now public: http://seclists.org/oss-sec/2012/q4/171
Created kdelibs tracking bugs for this issue Affects: fedora-all [bug 871541]