RHSA-2009:1512: Important: kdegraphics security update
The kdegraphics packages contain applications for the K DesktopEnvironment, including KPDF, a viewer for Portable Document Format (PDF)files.Multiple integer overflow flaws were found in KPDF. An attacker couldcreate a malicious PDF file that would cause KPDF to crash or, potentially,execute arbitrary code when opened. (CVE-2009-0791, CVE-2009-1188,CVE-2009-3604, CVE-2009-3608, CVE-2009-3609)Red Hat would like to thank Adam Zabrocki for reporting the CVE-2009-3604issue, and Chris Rohlf for reporting the CVE-2009-3608 issue.Users are advised to upgrade to these updated packages, which contain abackported patch to resolve these issues.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2009:1512?
The severity of RHSA-2009:1512 is classified as critical due to the integer overflow flaws that can cause KPDF to crash.
How do I fix RHSA-2009:1512?
To fix RHSA-2009:1512, update the kdegraphics and kdegraphics-devel packages to version 3.3.1-15.el4_8.2.
What applications are affected by RHSA-2009:1512?
The RHSA-2009:1512 vulnerability affects the kdegraphics package, specifically KPDF, which is a viewer for PDF files.
Can an attacker exploit RHSA-2009:1512 remotely?
Yes, an attacker can exploit RHSA-2009:1512 remotely by crafting a malicious PDF file that triggers the integer overflow in KPDF.
What version of kdegraphics is safe from RHSA-2009:1512?
The safe version of kdegraphics that addresses RHSA-2009:1512 is 3.3.1-15.el4_8.2.