FS#15706 - KHTML/WebKit Numeric Character References Memory Corruption
Attached to Project:
Arch Linux
Opened by Roman Kyrylych (Romashka) - Tuesday, 28 July 2009, 08:12 GMT
Last edited by Andreas Radke (AndyRTR) - Tuesday, 13 October 2009, 12:27 GMT
Opened by Roman Kyrylych (Romashka) - Tuesday, 28 July 2009, 08:12 GMT
Last edited by Andreas Radke (AndyRTR) - Tuesday, 13 October 2009, 12:27 GMT
|
Details
Description:
http://secunia.com/advisories/35991/ A vulnerability has been reported in KDE, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an error in KHTML when processing numeric character references and can be exploited to corrupt memory. Successful exploitation may allow execution of arbitrary code. http://secunia.com/advisories/35758/ Two vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to conduct cross-site scripting attacks or potentially compromise a user's system. 1) An input validation error in the WebKit component when handling parent and top objects can be exploited to execute arbitrary HTML and script code in context of another site. 2) An error in the WebKit component when handling numeric character references can be exploited to corrupt memory via a specially crafted web page. Additional information: This has been fixed in KDE SVN already: http://websvn.kde.org/?view=rev&revision=1002162 http://websvn.kde.org/?view=rev&revision=1002163 http://websvn.kde.org/?view=rev&revision=1002164 but I'm not sure if this is before or after RC3, so Pierre please check. Most probably our versions of libwebkit and QtWebKit require patching. |
This task depends upon
Closed by Andreas Radke (AndyRTR)
Tuesday, 13 October 2009, 12:27 GMT
Reason for closing: Fixed
Additional comments about closing: see comments
Tuesday, 13 October 2009, 12:27 GMT
Reason for closing: Fixed
Additional comments about closing: see comments
I don't have a strong opinion on either choice.
Pacman 3.3 looks to be released really soon (strings freeze, translation waiting period now),
I don't have an idea if it's easy to backport the fix to Extra now if you already moved SVN trunk to splitted packages.
So far qt-4.5.2-5 is fixed.
qt-4.5.2-4-x86_64.pkg.tar.gz
kdelibs-4.2.4-5-i686.pkg.tar.gz
kdelibs3-3.5.10-5-x86_64.pkg.tar.gz
kdelibs3-3.5.10-5-i686.pkg.tar.gz
kdelibs-4.2.4-5-x86_64.pkg.tar.gz
qt-4.5.2-4-i686.pkg.tar.gz
So, just kde-unstable is remaining. But we release the final 4.3 next week anyway and its called "unstable" for a reason. :-)
is the gtk tree affected in the same way?
The fix is very trivial, so I think there are high chances that it will be the same for webkit-gtk.
Because I can't investigate this deeper this bug will be closed now.