MGASA-2020-0416 - Updated kdeconnect-kde packages fix a security vulnerability

Publication date: 13 Nov 2020
URL: https://advisories.mageia.org/MGASA-2020-0416.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2020-26164

An attacker on your local network could send maliciously crafted packets to
other hosts running kdeconnect on the network, causing them to use large
amounts of CPU, memory or network connections, which could be used in a Denial
of Service attack within the network.
(CVE-2020-26164)

References:
- https://bugs.mageia.org/show_bug.cgi?id=27349
- https://www.openwall.com/lists/oss-security/2020/10/13/4
- https://kde.org/info/security/advisory-20201002-1.txt
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26164

SRPMS:
- 7/core/kdeconnect-kde-1.3.4-2.1.mga7