openSUSE Security Update: kdelibs: fixing invalid character reference buffer overflow (CVE-2009-1725) ______________________________________________________________________________ Announcement ID: openSUSE-SU-2010:1036-1 Rating: important References: #512559 #600469 Cross-References: CVE-2009-1725 Affected Products: openSUSE 11.1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: An invalid character reference causing a buffer overflow in khtml has been fixed in the kdelibs package. CVE-2009-1725 has been assigned to this issue. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 11.1: zypper in -t patch kdelibs4-3451 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 11.1 (i586 ppc x86_64): kdelibs4-4.1.3-4.12.1 kdelibs4-core-4.1.3-4.12.1 kdelibs4-doc-4.1.3-4.12.1 libkde4-4.1.3-4.12.1 libkde4-devel-4.1.3-4.12.1 libkdecore4-4.1.3-4.12.1 libkdecore4-devel-4.1.3-4.12.1 - openSUSE 11.1 (x86_64): libkde4-32bit-4.1.3-4.12.1 libkdecore4-32bit-4.1.3-4.12.1 References: http://support.novell.com/security/cve/CVE-2009-1725.html https://bugzilla.novell.com/512559 https://bugzilla.novell.com/600469