CVE-2009-1711

Name of the Vulnerable Software and Affected Versions libqt4-sql-sqlite2 (affected versions not specified) libqt4-webkit (affected versions not specified) libqt4-designer (affected versions not specified) libqt4-opengl (affected versions not specified) libqt4-script (affected versions not specified) libqt4-assistant (affected versions not specified) libqt4-dbus (affected versions not specified) libqt4-sql-sqlite (affected versions not specified) libqt4-sql-ibase (affected versions not specified) libqt4-network (affected versions not specified) libqt4-opengl-dev (affected versions not specified) libqt4-sql-psql (affected versions not specified) libqt4-xmlpatterns (affected versions not specified) libqt4-sql (affected versions not specified) libqt4-gui (affected versions not specified) libqt4-sql-mysql (affected versions not specified) qt4-designer (affected versions not specified) libqt4-xmlpatterns-dbg (affected versions not specified) libqt4-core (affected versions not specified) libqt4-dev (affected versions not specified) qt4-demos (affected versions not specified) qt4-dev-tools (affected versions not specified) qt4-doc (affected versions not specified) libqt4-xml (affected versions not specified) libqt4-dbg (affected versions not specified) libqt4-sql-odbc (affected versions not specified) libqt4-test (affected versions not specified) libqt4-qt3support (affected versions not specified) libqt4-webkit-dbg (affected versions not specified) libqt4-svg (affected versions not specified) qt4-doc-html (affected versions not specified) Apple Safari (versions prior to 4.0)

Description The issue affects multiple packages in the Debian GNU/Linux operating system, including libqt4-sql-sqlite2, libqt4-webkit, and others, allowing remote attackers to compromise the confidentiality, integrity, and availability of protected information. Additionally, WebKit in Apple Safari before 4.0 does not properly initialize memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service. The exploitation of these vulnerabilities can be carried out remotely.

Recommendations As a temporary workaround, consider disabling the vulnerable components until a patch is available. Restrict access to the vulnerable modules to minimize the risk of exploitation. Avoid using the affected packages until the issue is resolved. For Apple Safari, update to version 4.0 or later to resolve the issue. At the moment, there is no information about a newer version that contains a fix for the Debian GNU/Linux packages.