CVE-2009-1709

Publication date 10 June 2009

Last updated 24 July 2024

Ubuntu priority

Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via an SVG animation element, related to SVG set objects, SVG marker elements, the targetElement attribute, and unspecified "caches."

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
kde4libs	9.04 jaunty	Not affected
	8.10 intrepid	Not affected
	8.04 LTS hardy	Not affected
	6.06 LTS dapper	Not in release
kdegraphics	9.04 jaunty	Not affected
	8.10 intrepid	Not affected
	8.04 LTS hardy	Fixed 4:3.5.10-0ubuntu1~hardy1.1
	6.06 LTS dapper	Ignored end of life
qt4-x11	9.04 jaunty	Not affected
	8.10 intrepid	Not affected
	8.04 LTS hardy	Not affected
	6.06 LTS dapper	Not affected
webkit	9.04 jaunty	Not affected
	8.10 intrepid	Not affected
	8.04 LTS hardy	Not affected
	6.06 LTS dapper	Not in release

Notes

jdstrand

webkit is a fork of khtml from kdelibs. kdelibs5 is farther from it, while qt4-x11 attempts to unify khtml and webkit

mdeslaur

PoC: http://trac.webkit.org/browser/trunk/LayoutTests/svg/W3C-SVG-1.1/animate-elem-63-t.svg?format=txt More reproducers: https://bugs.webkit.org/show_bug.cgi?id=18551 for kde4libs, code not present in hardy and intrepid and code already fixed in jaunty and karmic

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
kdegraphics	Vendor: http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.5.5-3etch4.diff.gz Vendor: http://release.debian.org/proposed-updates/stable_diffs/kdegraphics_3.5.9-3+lenny2.debdiff
webkit	Upstream: http://trac.webkit.org/changeset/32039

References

Related Ubuntu Security Notices (USN)