Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 11 Oct 2012 12:13:05 -0600
From: Kurt Seifried <>
CC: Tim Brown <>,
Subject: Re: Pre-advisory for Konqueror 4.7.3 (other versions
 may be affected)

Hash: SHA1

On 10/11/2012 11:10 AM, Kurt Seifried wrote:
> On 10/10/2012 07:52 PM, Kurt Seifried wrote:
>> On 10/10/2012 04:12 PM, Tim Brown wrote:
>>> Taken from NDSA20121010: --8<-------- This advisory comes in 4 
>>> related parts:

Cut and paste error, thanks to iSIGHT Partners for spotting and
alerting me!

>>> 1) The Konqueror web browser is vulnerable to type confusion 
>>> leading to memory disclosure.  The root cause of this is the 
>>> same as CVE-2010-0046 reported by Chris Rohlf which affected 
>>> WebKit.
> Please use CVE-2012-4512 for this issue.
>>> 2) The Konqueror web browser is vulnerable to an out of bounds
>>>  memory access when accessing the canvas.  In this case the 
>>> vulnerability was identified whilst playing with bug #43813
>>> from Google's Chrome repository.
> Please use CVE-2012-4513 for this issue.

Please note I accidentally put the CVE #'s one spot to low, they
should have been:

>>> 3) The Konqueror web browser is vulnerable to a NULL pointer 
>>> dereference leading to a crash.

Please use CVE-2012-4514 for this issue.

>>> 4) The Konqueror web browser is vulnerable to a
>>> "use-after-free" class flaw when the context menu is used
>>> whilst the document DOM that is being changed from within
>>> Javascript.

Please use CVE-2012-4515 for this issue.

>>> These flaws were identified during an analysis of previously 
>>> reported vulnerabilities that affected Google's Chrome web 
>>> browser. It is believed that only vulnerability 1 is/was
>>> common to the two code bases.

>>> --8<--------
>>> I'm pre-advising on these flaws since I've not heard anything 
>>> from the KDE project in about 8 months regarding 3 and 4 and
>>> we are aware that 1 and 2 have been fixed.  I'll give it 7 days
>>> and then drop technical details.  Vendors with an interest can 
>>> contact me off list.
>>> Tim

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla -


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ