kdelibs3-3.5.10-89.3 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10394 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z kdelibs3-3.5.10-89.3 on GA media These are all security issues fixed in the kdelibs3-3.5.10-89.3 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10394 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10394 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2009-0689/ SUSE CVE CVE-2009-0689 page https://www.suse.com/security/cve/CVE-2011-3365/ SUSE CVE CVE-2011-3365 page https://www.suse.com/security/cve/CVE-2013-2074/ SUSE CVE CVE-2013-2074 page openSUSE Tumbleweed kdelibs3-3.5.10-89.3 kdelibs3-32bit-3.5.10-89.3 kdelibs3-arts-3.5.10-89.3 kdelibs3-arts-32bit-3.5.10-89.3 kdelibs3-default-style-3.5.10-89.3 kdelibs3-default-style-32bit-3.5.10-89.3 kdelibs3-devel-3.5.10-89.3 kdelibs3-doc-3.5.10-89.3 kdelibs3-3.5.10-89.3 as a component of openSUSE Tumbleweed kdelibs3-32bit-3.5.10-89.3 as a component of openSUSE Tumbleweed kdelibs3-arts-3.5.10-89.3 as a component of openSUSE Tumbleweed kdelibs3-arts-32bit-3.5.10-89.3 as a component of openSUSE Tumbleweed kdelibs3-default-style-3.5.10-89.3 as a component of openSUSE Tumbleweed kdelibs3-default-style-32bit-3.5.10-89.3 as a component of openSUSE Tumbleweed kdelibs3-devel-3.5.10-89.3 as a component of openSUSE Tumbleweed kdelibs3-doc-3.5.10-89.3 as a component of openSUSE Tumbleweed Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number. CVE-2009-0689 openSUSE Tumbleweed:kdelibs3-3.5.10-89.3 openSUSE Tumbleweed:kdelibs3-32bit-3.5.10-89.3 openSUSE Tumbleweed:kdelibs3-arts-3.5.10-89.3 openSUSE Tumbleweed:kdelibs3-arts-32bit-3.5.10-89.3 openSUSE Tumbleweed:kdelibs3-default-style-3.5.10-89.3 openSUSE Tumbleweed:kdelibs3-default-style-32bit-3.5.10-89.3 openSUSE Tumbleweed:kdelibs3-devel-3.5.10-89.3 openSUSE Tumbleweed:kdelibs3-doc-3.5.10-89.3 moderate 6.4 AV:N/AC:L/Au:N/C:N/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-0689.html CVE-2009-0689 https://bugzilla.suse.com/522109 SUSE Bug 522109 https://bugzilla.suse.com/545277 SUSE Bug 545277 https://bugzilla.suse.com/546371 SUSE Bug 546371 https://bugzilla.suse.com/557126 SUSE Bug 557126 https://bugzilla.suse.com/557127 SUSE Bug 557127 https://bugzilla.suse.com/557128 SUSE Bug 557128 https://bugzilla.suse.com/557671 SUSE Bug 557671 https://bugzilla.suse.com/590499 SUSE Bug 590499 https://bugzilla.suse.com/607935 SUSE Bug 607935 https://bugzilla.suse.com/851803 SUSE Bug 851803 https://bugzilla.suse.com/958097 SUSE Bug 958097 https://bugzilla.suse.com/963818 SUSE Bug 963818 The KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0 through 4.7.1, and possibly earlier versions, does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text. CVE-2011-3365 openSUSE Tumbleweed:kdelibs3-3.5.10-89.3 openSUSE Tumbleweed:kdelibs3-32bit-3.5.10-89.3 openSUSE Tumbleweed:kdelibs3-arts-3.5.10-89.3 openSUSE Tumbleweed:kdelibs3-arts-32bit-3.5.10-89.3 openSUSE Tumbleweed:kdelibs3-default-style-3.5.10-89.3 openSUSE Tumbleweed:kdelibs3-default-style-32bit-3.5.10-89.3 openSUSE Tumbleweed:kdelibs3-devel-3.5.10-89.3 openSUSE Tumbleweed:kdelibs3-doc-3.5.10-89.3 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-3365.html CVE-2011-3365 https://bugzilla.suse.com/721974 SUSE Bug 721974 https://bugzilla.suse.com/722501 SUSE Bug 722501 kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message. CVE-2013-2074 openSUSE Tumbleweed:kdelibs3-3.5.10-89.3 openSUSE Tumbleweed:kdelibs3-32bit-3.5.10-89.3 openSUSE Tumbleweed:kdelibs3-arts-3.5.10-89.3 openSUSE Tumbleweed:kdelibs3-arts-32bit-3.5.10-89.3 openSUSE Tumbleweed:kdelibs3-default-style-3.5.10-89.3 openSUSE Tumbleweed:kdelibs3-default-style-32bit-3.5.10-89.3 openSUSE Tumbleweed:kdelibs3-devel-3.5.10-89.3 openSUSE Tumbleweed:kdelibs3-doc-3.5.10-89.3 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-2074.html CVE-2013-2074 https://bugzilla.suse.com/821833 SUSE Bug 821833