USN-823-1: KDE-Graphics vulnerabilities

view full story

http://www.ubuntu.com – Referenced CVEs:  CVE-2009-0945, CVE-2009-1709 Description:  =========================================================== Ubuntu Security Notice USN-823-1 August 24, 2009 kdegraphics vulnerabilities CVE-2009-0945, CVE-2009-1709 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: ksvg 4:3.5.10-0ubuntu1~hardy1.1 After a standard system upgrade you need to restart your session to effect the necessary changes. Details follow: It was discovered that KDE-Graphics did not properly handle certain malformed SVG images. If a user were tricked into opening a specially crafted SVG image, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (Distributions)