Re: Pre-advisory for Konqueror 4.7.3 (other versions may be affected)

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/11/2012 11:10 AM, Kurt Seifried wrote:
> On 10/10/2012 07:52 PM, Kurt Seifried wrote:
> > On 10/10/2012 04:12 PM, Tim Brown wrote:
> > > Taken from NDSA20121010: --8<-------- This advisory comes in 4 
> > > related parts:

Cut and paste error, thanks to iSIGHT Partners for spotting and
alerting me!

> > > 1) The Konqueror web browser is vulnerable to type confusion 
> > > leading to memory disclosure.  The root cause of this is the 
> > > same as CVE-2010-0046 reported by Chris Rohlf which affected 
> > > WebKit.
>
> Please use CVE-2012-4512 for this issue.
>
> > > 2) The Konqueror web browser is vulnerable to an out of bounds
> > >  memory access when accessing the canvas.  In this case the 
> > > vulnerability was identified whilst playing with bug #43813
> > > from Google's Chrome repository.
>
> Please use CVE-2012-4513 for this issue.

Please note I accidentally put the CVE #'s one spot to low, they
should have been:

> > > 3) The Konqueror web browser is vulnerable to a NULL pointer 
> > > dereference leading to a crash.

Please use CVE-2012-4514 for this issue.

> > > 4) The Konqueror web browser is vulnerable to a
> > > "use-after-free" class flaw when the context menu is used
> > > whilst the document DOM that is being changed from within
> > > Javascript.

Please use CVE-2012-4515 for this issue.

> > > These flaws were identified during an analysis of previously 
> > > reported vulnerabilities that affected Google's Chrome web 
> > > browser. It is believed that only vulnerability 1 is/was
> > > common to the two code bases.

> > > --8<--------
>
> > > I'm pre-advising on these flaws since I've not heard anything 
> > > from the KDE project in about 8 months regarding 3 and 4 and
> > > we are aware that 1 and 2 have been fixed.  I'll give it 7 days
> > > and then drop technical details.  Vendors with an interest can 
> > > contact me off list.
>
> > > Tim

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQdwwxAAoJEBYNRVNeJnmTqN0P+wQgZuPH5JIDwa6EayJT8dnV
uVIe2SCtCRSUO1i+P60BoSZ9yUv+L/GYEvzw7Y0klZYnIazTuULHq4PTJYIaCEcu
TkorcgQvQo+UGOPByqDctEsjOu/SofCKXA/lJaJtnvOEmXIqakqEtuXbD3G2ngjx
pLVa8m8w/E3aBNrIvwPEPR3bhQdBXhJQHw5KJBo4+hIUctjcAxUQHukJ+b/9TATy
Y3RqnGBVds/23dGJqddCENga47w/vuIJlnYh6aXTlK83mWdOAAc3nQjpnf/YwjY3
zN8+E05pvNJYyrvOH7nvxvt4vQl+fGl21YMOSK6DwERpwIIHl0XuSyf7kqznnO8n
Rmvni33e0u4iOKb2YGc9eQ1n0CTxKYITpYSJt69rcq8I8UeXIwJw3uuLsdZKwYwd
BJKFZIpDmF2DbH7ZCW6sCcDXaYTjeX+r5zbLq92qa9p0ZvASGvj0OE+Uvv0gsD3s
UtDcTcxLGj3xYyuZqUbGvZw6ZlEq/A7u8XgmrVIPYuajXnWSCaqTcu1Y3g5niarT
bDwDMK0jKpR8OnSWlymcrTE2JwkssxehKboCG+jWEqYYKGBy1NoXRxHmoQnq7NMx
/5LXMxH2pqMd7XJjB85EB0JD4cVJDzerQGhdTUgS0c8/am7QoE7irr2y4HW3wTJ9
aIcW1ZADvwBlhMJVfFfi
=VQPm
-----END PGP SIGNATURE-----