Pardus: Qt: Webkit: Multiple Vulnerabilities - The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

What is the most important Linux security technology?

	SELinux
	grsecurity
	CIS Benchmark
	Bastille Linux
	iptables
	LIDS

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

All About Linux

DanWalsh LiveJournal

Securitydistro

Latest Newsletters

Linux Security Week: May 14th, 2012

Linux Advisory Watch: May 10th, 2012

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

Pardus: Qt: Webkit: Multiple Vulnerabilities

User Rating:

How can I rate this item?

Posted by Benjamin D. Thomas

Description ========== * CVE-2009-3384: Multiple security flaws (integer underflow, invalid pointer dereference, buffer underflow and a denial of service) were found in the way WebKit's FTP parser used to process remote FTP directory listings. If a remote FTP server issued a specially-crafted FTP command, it could lead to disclosure of sensitive information, denial of service (application crash) or, potentially to execution of arbitrary code, once the command was parsed.


------------------------------------------------------------------------
Pardus Linux Security Advisory 2009-187           security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2009-11-19
  Severity: 3
      Type: Remote
------------------------------------------------------------------------

Summary
======
Multiple vulnerabilities were found in Webkit, which can be exploited by
malicious people to cause denial of service or potentially to execution
of arbitrary code.

Description
==========
* CVE-2009-3384:
Multiple security flaws (integer underflow, invalid pointer dereference,
buffer underflow and a denial of service) were found in the way WebKit's
FTP parser used to process remote FTP directory listings. If  a  remote
FTP server issued a specially-crafted FTP command,  it  could  lead  to
disclosure of sensitive information,  denial  of  service  (application
crash) or, potentially to execution of arbitrary code, once the command
was parsed.

* CVE-2009-2816:
Before allowing a page from one origin to access a resource in  another
origin, WebKit sends a preflight request, to determine  if  the  origin
server for the resource being accessed will allow the  resource  to  be
shared. WebKit includes custom HTTP headers specified by the requesting
page in the preflight request. This can result  in  unexpected  actions
being initiated on the cross-origin site  without  user  consent.  This
issue is addressed by  dropping  custom  HTTP  headers  from  preflight
requests.


Affected packages:

  Pardus 2009:
    qt, all before 4.5.3-72-16


Resolution
=========
There are update(s) for qt. You can update them via Package Manager  or
with a single command from console:

    pisi up qt

References
=========
  * http://bugs.pardus.org.tr/show_bug.cgi?id546
  * http://bugs.pardus.org.tr/show_bug.cgi?id545
  * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3384
  * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2816
  * https://bugs.webkit.org/show_bug.cgi?id(446
  * https://bugs.webkit.org/show_bug.cgi?id)294

< Prev		Next >

Partner

Latest Features

Password guessing with Medusa 2.0

Password guessing as an attack vector

Squid and Digest Authentication

Squid and Basic Authentication

Demystifying the Chinese Hacking Industry: Earning 6 Million a Night

Free Online security course (LearnSIA) - A Call for Help

What You Need to Know About Linux Rootkits

Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition

Using the sec-wall Security Proxy

sec-wall: Open Source Security Proxy

Yesterday's Edition

Bredolab botnet author sentenced to 4 years in prison in Armenia

Flaw Found in Common Network Security Technology

Partner Sponsor