Fedora 24 Advisory: Kdelibs3 Moderate Risk - Information Leak Issue

fedora

March 12, 2017

This kdelibs3 (KDE 3 compatibility libraries) update fixes the security issues: * CVE-2016-6232 (karchive): Extraction of tar files possible to arbitrary system locations * CVE-201...

Summary

Libraries for KDE 3:

KDE Libraries included: kdecore (KDE core library), kdeui (user interface),

kfm (file manager), khtmlw (HTML widget), kio (Input/Output, networking),

kspell (spelling checker), jscript (javascript), kab (addressbook),

kimgio (image manipulation).

Update Information:

This kdelibs3 (KDE 3 compatibility libraries) update fixes the security issues: * CVE-2016-6232 (karchive): Extraction of tar files possible to arbitrary system locations * CVE-2017-6410 (kio): Information Leak when accessing https when using a malicious PAC file for the KDE 3 compatibility libraries. (Security updates for KDE Frameworks 5 (kf5-karchive resp. kf5-kio) and for the KDE 4 compatibility libraries (kdelibs 4) have already been submitted.) In addition, the KDE 3 compatibility version of KCrash was modified to use the DrKonqi from Plasma 5 rather than from kde-runtime 4. (The original KDE 3 DrKonqi was already dropped years ago.) The kde-runtime 4 DrKonqi is not installed by default and will be removed entirely in future Fedora versions, the Plasma 5 version of DrKonqi can also be used for legacy applications.

Topics Covered

security advisory moderate information leak Fedora kdelibs3 extraction issue KDE 3

Change Log

References

[ 1 ] Bug #1427808 - CVE-2017-6410 kf5-kio, kdelibs: Information Leak when accessing https when using a malicious PAC file https://bugzilla.redhat.com/show_bug.cgi?id=1427808 [ 2 ] Bug #1357410 - CVE-2016-6232 kf5-karchive: Extraction of tar files possible to arbitrary system locations https://bugzilla.redhat.com/show_bug.cgi?id=1357410

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade kdelibs3' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity

important

Lowest

Low

Medium

High

Critical

Name: kdelibs3

Product: Fedora 24

Version: 3.5.10

Release: 84.fc24

URL: https://kde.org/

Summary: KDE 3 Libraries

Topics Covered

security advisory moderate information leak Fedora kdelibs3 extraction issue KDE 3

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Fedora 24 Advisory: Kdelibs3 Moderate Risk - Information Leak Issue

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Fedora 24 Advisory: Kdelibs3 Moderate Risk - Information Leak Issue

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!