[kdelibs] CVE-2010-0046, security issue in khtml

Than Ngo than at fedoraproject.org
Mon Nov 7 18:38:58 UTC 2011 

commit d693c5a9f86b0e20cd57def1aa09b431de5dc932
Author: Than Ngo <than at redhat.com>
Date:   Mon Nov 7 19:38:47 2011 +0100

    CVE-2010-0046, security issue in khtml

 kdelibs-4.7.3-CVE-0046.patch |   12 ++++++++++++
 kdelibs.spec                 |   10 +++++++++-
 2 files changed, 21 insertions(+), 1 deletions(-)
---
diff --git a/kdelibs-4.7.3-CVE-0046.patch b/kdelibs-4.7.3-CVE-0046.patch
new file mode 100644
index 0000000..f89eb6d
--- /dev/null
+++ b/kdelibs-4.7.3-CVE-0046.patch
@@ -0,0 +1,12 @@
+diff -up kdelibs-4.7.3/khtml/css/cssparser.cpp.orig kdelibs-4.7.3/khtml/css/cssparser.cpp
+--- kdelibs-4.7.3/khtml/css/cssparser.cpp.orig	2011-11-07 19:14:53.000000000 +0100
++++ kdelibs-4.7.3/khtml/css/cssparser.cpp	2011-11-07 19:15:21.000000000 +0100
+@@ -2283,7 +2283,7 @@ bool CSSParser::parseFontFaceSrc()
+                     Value* a = args->current();
+                     uriValue = 0;
+                     parsedValue = new CSSFontFaceSrcValueImpl( domString( a->string ), true /*local src*/ );
+-                } else if (!strcasecmp(domString(val->function->name), "format(") && allowFormat && uriValue) {
++                } else if (!strcasecmp(domString(val->function->name), "format(") && allowFormat && uriValue && (args->current()->unit == CSSPrimitiveValue::CSS_STRING || args->current()->unit == CSSPrimitiveValue::CSS_IDENT)) {
+                     expectComma = true;
+                     allowFormat = false;
+                     uriValue->setFormat( domString( args->current()->string ) );
diff --git a/kdelibs.spec b/kdelibs.spec
index cb9d1a4..03e4931 100644
--- a/kdelibs.spec
+++ b/kdelibs.spec
@@ -23,7 +23,7 @@
 
 Summary: KDE Libraries
 Version: 4.7.3
-Release: 2%{?dist}
+Release: 3%{?dist}
 
 Name: kdelibs
 Epoch: 6
@@ -129,6 +129,10 @@ Patch51: kdelibs-4.6.2-uri_mimetypes.patch
 ## security fix
 # Not Upstreamed? why not ? -- Rex
 Patch200: kdelibs-4.3.1-CVE-2009-2702.patch
+# CVE-2010-0046, The Cascading Style Sheets (CSS) implementation in khtml/WebKit
+# allows remote attackers to execute arbitrary code or cause a denial of service
+# (memory corruption and application crash) via crafted format arguments.
+Patch201: kdelibs-4.7.3-CVE-0046.patch
 
 ## Fedora specific patches
 # make forcefully hal-free build
@@ -322,6 +326,7 @@ sed -i -e "s|@@VERSION_RELEASE@@|%{version}-%{release}|" kio/kio/kprotocolmanage
 
 # security fixes
 %patch200 -p1 -b .CVE-2009-2702
+%patch201 -p1 -b .CVE-2010-0046
 
 # Fedora patches
 %patch300 -p1 -b .halectomy
@@ -571,6 +576,9 @@ rm -rf %{buildroot}
 
 
 %changelog
+* Mon Nov 07 2011 Than Ngo <than at redhat.com> - 4.7.3-3
+- CVE-2010-0046, security issue in khtml
+
 * Fri Nov 04 2011 Rex Dieter <rdieter at fedoraproject.org> 4.7.3-2
 - no_libkactivities

More information about the scm-commits mailing list