Hash: SHA256
Package : kde4libs
Version : 4:4.8.4-4+deb7u3
CVE ID : CVE-2013-2074 CVE-2017-6410 CVE-2017-8422
Debian Bug : 856890
Several vulnerabilities were discovered in kde4libs, the core libraries
for all KDE 4 applications. The Common Vulnerabilities and Exposures
project identifies the following problems:
CVE-2017-6410
Itzik Kotler, Yonatan Fridburg and Amit Klein of Safebreach Labs
reported that URLs are not sanitized before passing them to
FindProxyForURL, potentially allowing a remote attacker to obtain
sensitive information via a crafted PAC file.
CVE-2017-8422
Sebastian Krahmer from SUSE discovered that the KAuth framework
contains a logic flaw in which the service invoking dbus is not
properly checked. This flaw allows spoofing the identity of the
caller and gaining root privileges from an unprivileged account.
CVE-2013-2074
It was discovered that KIO would show web authentication
credentials in some error cases.
For Debian 7 "Wheezy", these problems have been fixed in version
4:4.8.4-4+deb7u3.
We recommend that you upgrade your kde4libs packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Debian LTS: DLA-952-1: kde4libs security update
May 25, 2017
Several vulnerabilities were discovered in kde4libs, the core libraries for all KDE 4 applications
Summary
CVE-2017-6410
Itzik Kotler, Yonatan Fridburg and Amit Klein of Safebreach Labs
reported that URLs are not sanitized before passing them to
FindProxyForURL, potentially allowing a remote attacker to obtain
sensitive information via a crafted PAC file.
CVE-2017-8422
Sebastian Krahmer from SUSE discovered that the KAuth framework
contains a logic flaw in which the service invoking dbus is not
properly checked. This flaw allows spoofing the identity of the
caller and gaining root privileges from an unprivileged account.
CVE-2013-2074
It was discovered that KIO would show web authentication
credentials in some error cases.
For Debian 7 "Wheezy", these problems have been fixed in version
4:4.8.4-4+deb7u3.
We recommend that you upgrade your kde4libs packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Severity
Package : kde4libs
Version : 4:4.8.4-4+deb7u3
CVE ID : CVE-2013-2074 CVE-2017-6410 CVE-2017-8422
Debian Bug : 856890
News
HOWTOs
About Us
Powered By
Get Customized Security Advisories that Impact You Directly Create My Customized Advisories Now >>
To stay up-to-date on the latest open-source security news, feature articles and Linux distribution security advisories Subscribe to Our Newsletters!