Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 754
Alerts This Week
Warning Icon 1 754

Fedora 22 kdelibs3 Moderate Advisory CVE-2015-7543 IPC Risk

fedora
Calendar Grey December 30, 2015
Dist Fedora Esm H88
A recent security patch for kdelibs3 in Fedora 22 addresses CVE-2015-7543, which pertains to the problematic creation of insecure temporary directories.
Security fix for CVE-2015-7543 in kdelibs3 (the KDE 3 compatibility version of kdelibs): A temporary directory was being created insecurely using mktemp and mkdir, allowing an atta...

Summary

Libraries for KDE 3:

KDE Libraries included: kdecore (KDE core library), kdeui (user interface),

kfm (file manager), khtmlw (HTML widget), kio (Input/Output, networking),

kspell (spelling checker), jscript (javascript), kab (addressbook),

kimgio (image manipulation).

Update Information:

Security fix for CVE-2015-7543 in kdelibs3 (the KDE 3 compatibility version of kdelibs): A temporary directory was being created insecurely using mktemp and mkdir, allowing an attacker to hijack the temporary directory and thus the inter-process communication (IPC). This update fixes the temporary directory creation to use the safe mkdtemp function instead.

Change Log

References


[ 1 ] Bug #1280543 - CVE-2015-7543 arts,kdelibs3: Use of mktemp(3) allows attacker to hijack the IPC https://bugzilla.redhat.com/show_bug.cgi?id=1280543

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update kdelibs3' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
important
Lowest
Low
Medium
High
Critical

Name: kdelibs3
Product: Fedora 22
Version: 3.5.10
Release: 71.fc22
Summary: KDE 3 Libraries

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.