USN-823-1: KDE-Graphics vulnerabilities

Ubuntu Security Notice USN-823-1

24th August, 2009

kdegraphics vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 8.04 LTS

Software description

  • kdegraphics

Details

It was discovered that KDE-Graphics did not properly handle certain
malformed SVG images. If a user were tricked into opening a specially
crafted SVG image, an attacker could cause a denial of service or possibly
execute arbitrary code with the privileges of the user invoking the
program.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 8.04 LTS:
ksvg 4:3.5.10-0ubuntu1~hardy1.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system upgrade you need to restart your session to effect
the necessary changes.

References

CVE-2009-0945, CVE-2009-1709