CVE-2009-0689

Name of the Vulnerable Software and Affected Versions kdelibs4-doc versions (affected versions not specified) kdelibs4c2a versions (affected versions not specified) kdelibs versions (affected versions not specified) kdelibs-dbg versions (affected versions not specified) kdelibs4-dev versions (affected versions not specified) kdelibs-data versions (affected versions not specified) libc versions (affected versions not specified) Mono versions prior to 4.2

Description The issue concerns multiple vulnerabilities in various packages of the Debian GNU/Linux operating system, including kdelibs4-doc, kdelibs4c2a, kdelibs, kdelibs-dbg, kdelibs4-dev, and kdelibs-data. These vulnerabilities can be exploited remotely and may lead to a violation of confidentiality, integrity, and availability of protected information. Additionally, there is an array index error in the dtoa implementation in libc, which can cause a denial of service and possibly execute arbitrary code via a large precision value in the format argument to a printf function. In Mono, the float-parsing code is derived from vulnerable code and concerns the 'freelist' array, which can lead to a crash and potentially induce arbitrary code execution.

Recommendations For kdelibs4-doc, consider disabling the package until a patch is available. For kdelibs4c2a, restrict access to the package to minimize the risk of exploitation. For kdelibs, avoid using the package in sensitive operations until the issue is resolved. For kdelibs-dbg, consider disabling the package until a patch is available. For kdelibs4-dev, restrict access to the package to minimize the risk of exploitation. For kdelibs-data, avoid using the package in sensitive operations until the issue is resolved. For libc, consider updating to a newer version that contains a fix for the array index error. For Mono, update to version 4.2 or later to resolve the float-parsing code issue. At the moment, there is no information about a newer version that contains a fix for the kdelibs4-doc, kdelibs4c2a, kdelibs, kdelibs-dbg, kdelibs4-dev, and kdelibs-data vulnerabilities.