Debian: DSA-3849-1: kde4libs security update

    Date12 May 2017
    CategoryDebian
    56
    Posted ByLinuxSecurity Advisories
    Several vulnerabilities were discovered in kde4libs, the core libraries for all KDE 4 applications. The Common Vulnerabilities and Exposures project identifies the following problems:
    
    - -------------------------------------------------------------------------
    Debian Security Advisory DSA-3849-1                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                     Salvatore Bonaccorso
    May 12, 2017                          https://www.debian.org/security/faq
    - -------------------------------------------------------------------------
    
    Package        : kde4libs
    CVE ID         : CVE-2017-6410 CVE-2017-8422
    Debian Bug     : 856890
    
    Several vulnerabilities were discovered in kde4libs, the core libraries
    for all KDE 4 applications. The Common Vulnerabilities and Exposures
    project identifies the following problems:
    
    CVE-2017-6410
    
        Itzik Kotler, Yonatan Fridburg and Amit Klein of Safebreach Labs
        reported that URLs are not sanitized before passing them to
        FindProxyForURL, potentially allowing a remote attacker to obtain
        sensitive information via a crafted PAC file.
    
    CVE-2017-8422
    
        Sebastian Krahmer from SUSE discovered that the KAuth framework
        contains a logic flaw in which the service invoking dbus is not
        properly checked. This flaw allows spoofing the identity of the
        caller and gaining root privileges from an unprivileged account.
    
    For the stable distribution (jessie), these problems have been fixed in
    version 4:4.14.2-5+deb8u2.
    
    For the unstable distribution (sid), these problems have been fixed in
    version 4:4.14.26-2.
    
    We recommend that you upgrade your kde4libs packages.
    
    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/
    
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"7","type":"x","order":"1","pct":58.33,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":25,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"2","type":"x","order":"3","pct":16.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.