Synopsis: Critical: kdelibs security update
Issue Date: 2012-10-30
CVE Numbers: CVE-2012-4513
A heap-based buffer overflow flaw was found in the way the CSS (Cascading
Style Sheets) parser in kdelibs parsed the location of the source for font
faces. A web page containing malicious content could cause an application
using kdelibs (such as Konqueror) to crash or, potentially, execute
arbitrary code with the privileges of the user running the application.
A heap-based buffer over-read flaw was found in the way kdelibs calculated
canvas dimensions for large images. A web page containing malicious content
could cause an application using kdelibs to crash or disclose portions of
its memory. (CVE-2012-4513)
The desktop must be restarted (log out, then log back in) for this update
to take effect.
– Scientific Linux Development Team