Debian Wheezy DLA-952-1 Moderate: kde4libs Privilege Escalation
debian lts
May 25, 2017
Several vulnerabilities were discovered in kde4libs, the core libraries for all KDE 4 applications
Summary
CVE-2017-6410
Itzik Kotler, Yonatan Fridburg and Amit Klein of Safebreach Labs
reported that URLs are not sanitized before passing them to
FindProxyForURL, potentially allowing a remote attacker to obtain
sensitive information via a crafted PAC file.
CVE-2017-8422
Sebastian Krahmer from SUSE discovered that the KAuth framework
contains a logic flaw in which the service invoking dbus is not
properly checked. This flaw allows spoofing the identity of the
caller and gaining root privileges from an unprivileged account.
CVE-2013-2074
It was discovered that KIO would show web authentication
credentials in some error cases.
For Debian 7 "Wheezy", these problems have been fixed in version
4:4.8.4-4+deb7u3.
We recommend that you upgrade your kde4libs packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Package: kde4libs
Version: 4:4.8.4-4+deb7u3
CVE ID: CVE-2013-2074 CVE-2017-6410 CVE-2017-8422
Debian Bug: 856890
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!