Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux Pro for Mac OS X Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repository (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Thu, 11 Oct 2012 12:13:05 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Tim Brown <timb@...-dimension.org.uk>, security@....org
Subject: Re: Pre-advisory for Konqueror 4.7.3 (other versions
 may be affected)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/11/2012 11:10 AM, Kurt Seifried wrote:
> On 10/10/2012 07:52 PM, Kurt Seifried wrote:
>> On 10/10/2012 04:12 PM, Tim Brown wrote:
>>> Taken from NDSA20121010: --8<-------- This advisory comes in 4 
>>> related parts:

Cut and paste error, thanks to iSIGHT Partners for spotting and
alerting me!

>>> 1) The Konqueror web browser is vulnerable to type confusion 
>>> leading to memory disclosure.  The root cause of this is the 
>>> same as CVE-2010-0046 reported by Chris Rohlf which affected 
>>> WebKit.
> 
> Please use CVE-2012-4512 for this issue.
> 
>>> 2) The Konqueror web browser is vulnerable to an out of bounds
>>>  memory access when accessing the canvas.  In this case the 
>>> vulnerability was identified whilst playing with bug #43813
>>> from Google's Chrome repository.
> 
> Please use CVE-2012-4513 for this issue.
> 

Please note I accidentally put the CVE #'s one spot to low, they
should have been:

>>> 3) The Konqueror web browser is vulnerable to a NULL pointer 
>>> dereference leading to a crash.

Please use CVE-2012-4514 for this issue.

>>> 4) The Konqueror web browser is vulnerable to a
>>> "use-after-free" class flaw when the context menu is used
>>> whilst the document DOM that is being changed from within
>>> Javascript.

Please use CVE-2012-4515 for this issue.

>>> These flaws were identified during an analysis of previously 
>>> reported vulnerabilities that affected Google's Chrome web 
>>> browser. It is believed that only vulnerability 1 is/was
>>> common to the two code bases.
> 

> 
>>> --8<--------
> 
>>> I'm pre-advising on these flaws since I've not heard anything 
>>> from the KDE project in about 8 months regarding 3 and 4 and
>>> we are aware that 1 and 2 have been fixed.  I'll give it 7 days
>>> and then drop technical details.  Vendors with an interest can 
>>> contact me off list.
> 
>>> Tim
> 
> 
> 
> 

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQdwwxAAoJEBYNRVNeJnmTqN0P+wQgZuPH5JIDwa6EayJT8dnV
uVIe2SCtCRSUO1i+P60BoSZ9yUv+L/GYEvzw7Y0klZYnIazTuULHq4PTJYIaCEcu
TkorcgQvQo+UGOPByqDctEsjOu/SofCKXA/lJaJtnvOEmXIqakqEtuXbD3G2ngjx
pLVa8m8w/E3aBNrIvwPEPR3bhQdBXhJQHw5KJBo4+hIUctjcAxUQHukJ+b/9TATy
Y3RqnGBVds/23dGJqddCENga47w/vuIJlnYh6aXTlK83mWdOAAc3nQjpnf/YwjY3
zN8+E05pvNJYyrvOH7nvxvt4vQl+fGl21YMOSK6DwERpwIIHl0XuSyf7kqznnO8n
Rmvni33e0u4iOKb2YGc9eQ1n0CTxKYITpYSJt69rcq8I8UeXIwJw3uuLsdZKwYwd
BJKFZIpDmF2DbH7ZCW6sCcDXaYTjeX+r5zbLq92qa9p0ZvASGvj0OE+Uvv0gsD3s
UtDcTcxLGj3xYyuZqUbGvZw6ZlEq/A7u8XgmrVIPYuajXnWSCaqTcu1Y3g5niarT
bDwDMK0jKpR8OnSWlymcrTE2JwkssxehKboCG+jWEqYYKGBy1NoXRxHmoQnq7NMx
/5LXMxH2pqMd7XJjB85EB0JD4cVJDzerQGhdTUgS0c8/am7QoE7irr2y4HW3wTJ9
aIcW1ZADvwBlhMJVfFfi
=VQPm
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ