Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 554
Alerts This Week
Warning Icon 1 554

Fedora 23 Update: kdelibs3 Critical Fix for IPC Hijacking

fedora
Calendar Grey December 29, 2015
Dist Fedora Esm H88
Important update for kdelibs3 in Fedora 23 mitigates IPC hijacking vulnerabilities through the implementation of secure directory generation techniques.
Security fix for CVE-2015-7543 in kdelibs3 (the KDE 3 compatibility version of kdelibs): A temporary directory was being created insecurely using mktemp and mkdir, allowing an atta...

Summary

Libraries for KDE 3:

KDE Libraries included: kdecore (KDE core library), kdeui (user interface),

kfm (file manager), khtmlw (HTML widget), kio (Input/Output, networking),

kspell (spelling checker), jscript (javascript), kab (addressbook),

kimgio (image manipulation).

Update Information:

Security fix for CVE-2015-7543 in kdelibs3 (the KDE 3 compatibility version of kdelibs): A temporary directory was being created insecurely using mktemp and mkdir, allowing an attacker to hijack the temporary directory and thus the inter-process communication (IPC). This update fixes the temporary directory creation to use the safe mkdtemp function instead.

Change Log

References


[ 1 ] Bug #1280543 - CVE-2015-7543 arts,kdelibs3: Use of mktemp(3) allows attacker to hijack the IPC https://bugzilla.redhat.com/show_bug.cgi?id=1280543

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update kdelibs3' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: kdelibs3
Product: Fedora 23
Version: 3.5.10
Release: 71.fc23
Summary: KDE 3 Libraries

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.