Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 523
Alerts This Week
Warning Icon 1 523

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 6 articles for you...
197

Debian 11: DLA-4196-1 critical: kmail-account-wizard security issue

An issue has been found in kmail-account-wizard, a wizard for KDE PIM applications account setup. The issues is about a man-in-the-middle-attack when using autoconf for . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4196-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Thorsten Alteholz May 30, 2025 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : kmail-account-wizard Version : 4:20.08.3-1+deb11u1 CVE ID : CVE-2024-50624 An issue has been found in kmail-account-wizard, a wizard for KDE PIM applications account setup. The issues is about a man-in-the-middle-attack when using autoconf for retrieving configuration. Please also note that for configuration with autoconf.example.com, the config is first fetched with https and the former http is used only as fallback. For configuration via example.com/.well-known/autoconfig the config is now fetched only with https. For Debian 11 bullseye, this problem has been fixed in version 4:20.08.3-1+deb11u1. We recommend that you upgrade your kmail-account-wizard packages. For the detailed security status of kmail-account-wizard please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/kmail-account-wizard Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . KMail configuration enhancement mitigates vulnerabilities linked to interception vulnerabilities while obtaining settings. Updating is strongly recommended.. Debian Security, kmail-account-wizard, LTS Advisory, KDE PIM. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 May 30, 2025 Critical Debian LTS
89

Fedora 34: 2021-f68a5a75ba Critical: kde-settings ssh-agent Update

New upstream release (#1934336), include user ssh-agent.service (#1761817). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-f68a5a75ba 2021-03-23 00:15:16.316555 --------------------------------------------------------------------------------Name : kde-settings Product : Fedora 34 Version : 34.0 Release : 9.fc34 URL : https://pagure.io/fedora-kde/kde-settings Summary : Config files for kde Description : Config files for kde. --------------------------------------------------------------------------------Update Information: New upstream release (#1934336), include user ssh-agent.service (#1761817) --------------------------------------------------------------------------------ChangeLog: * Sat Mar 6 2021 Rex Dieter - 34.0-9 - drop ssh-agent.service, moved to openssh-clients (yay) * Tue Mar 2 2021 Rex Dieter - 34.0-8 - ssh-agent.service improvements * Mon Mar 1 2021 Rex Dieter - 34.0-7 - ssh-agent.service: drop After=plasma-core.target * Mon Mar 1 2021 Rex Dieter - 34.0-6 - ssh-agent.sh: only set SSH_AUTH_SOCK if not already * Sun Feb 28 2021 Rex Dieter - 34.0-5 - ssh-agent.service improvements --------------------------------------------------------------------------------References: [ 1 ] Bug #1935055 - CVE-2021-28041 openssh: double-free memory corruption may lead to arbitrary code execution https://bugzilla.redhat.com/show_bug.cgi?id=1935055 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-f68a5a75ba' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure . New kde-settings release for Fedora 34 boosts ssh-agent functionality with critical updates for system security.. KDE Settings Update,Fedora Advisory,SSH Agent Service Enhancement. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Mar 22, 2021 Critical Fedora
91

Gentoo: GLSA-201908-07 Normal: KDE KConfig Remote Code Execution

A vulnerablity has been found in KDE KConfig that could allow a remote attacker to execute arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201908-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: KDE KConfig: User-assisted execution of arbitrary code Date: August 15, 2019 Bugs: #691858 ID: 201908-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A vulnerablity has been found in KDE KConfig that could allow a remote attacker to execute arbitrary code. Background ========= Provides an advanced configuration system. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 kde-frameworks/kconfig < 5.60.0-r1 > = 5.60.0-r1 Description ========== A vulnerability was discovered in KDE KConfig's handling of .desktop and .directory files. Impact ===== An attacker could entice a user to execute a specially crafted .desktop or .directory file possibly resulting in execution of arbitrary code with the privileges of the process. Workaround ========= There is no known workaround at this time. Resolution ========= All KConfig users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v "> =kde-frameworks/kconfig-5.60.0-r1" References ========= [ 1 ] CVE-2019-14744 https://nvd.nist.gov/vuln/detail/CVE-2019-14744 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201908-07 Concerns? ======== Security is a primaryfocus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2019 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . A flaw in KDE KConfig could permit remote adversaries to run unauthorized commands. Update your system to reduce potential threats.. KDE KConfig, Gentoo security, remote code execution, advisory GLSA, security patch. . LinuxSecurity.com Team

Calendar%202 Aug 15, 2019 Gentoo
172

Ubuntu 8.10, 9.04, 9.10 USN-871-2 Critical: KDE Directory Traversal Issue

USN-871-1 fixed vulnerabilities in KDE. This update provides thecorresponding updates for KDE 4.. ==========================================================Ubuntu Security Notice USN-871-2 December 11, 2009 kde4libs vulnerabilities https://bugs.launchpad.net/ubuntu/+source/kde4libs/+bug/495301 ========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.10: kdelibs5 4:4.1.4-0ubuntu1~intrepid1.5 Ubuntu 9.04: kdelibs5 4:4.2.2-0ubuntu5.4 Ubuntu 9.10: kdelibs5 4:4.3.2-0ubuntu7.2 After a standard system upgrade you need to restart your session to effect the necessary changes. Details follow: USN-871-1 fixed vulnerabilities in KDE. This update provides the corresponding updates for KDE 4. This update also fixes a directory traversal flaw in KDE when processing help:// URLs. This issue only affected Ubuntu 8.10. Original advisory details: It was discovered that the KDE libraries could use KHTML to process an unknown MIME type. If a user or application linked against kdelibs were tricked into opening a crafted file, an attacker could potentially trigger XMLHTTPRequests to remote sites. Updated packages for Ubuntu 8.10: Source archives: Size/MD5: 95977 d9bc80da0287e4a27cb968420d892d4b Size/MD5: 2308 89059af41fd455cd8591eab8df0b8ce6 Size/MD5: 11190299 18264580c1d6d978a3049a13fda36f29 Architecture independent packages: Size/MD5: 3110960 e0b7e12e3bebb6619a000970ea535e97 Size/MD5: 69202 2d65a7f3af2064f0071fe7f41235c6df amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 395822 33edd1260233852ffc6c5d13de54d32c Size/MD5: 660560048bc845533fc9a3ab78b3dd17ea5c7a37 Size/MD5: 1441140 ef9268b6681c6787d2dbb17924b58a79 Size/MD5: 10103862 f388998bf382659d49a9677679d67dcc i386 architecture (x86 compatible Intel/AMD): Size/MD5: 371990 a1835282af9ddb9229117d34c1bef931 Size/MD5: 65218556 73c538baa8a8101fca781ccc66d124bf Size/MD5: 1438690 6c5878c932b90f837183c7f496412f24 Size/MD5: 9523396 d3e663ccdcc52a1dd7dda5efbc64cda7 lpia architecture (Low Power Intel Architecture): Size/MD5: 376790 97518d066616d2fbf6b89cfe75e6d117 Size/MD5: 65334088 1e2c5b4df8f5c91bbc4f92ebe7801375 Size/MD5: 1441160 bf293d1061e06e79403863f55a33b9d4 Size/MD5: 9535686 3a180768df11832e5cef0405c7ace583 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 423238 bd3e80909eda46558e4b276739973fc9 Size/MD5: 69280176 c9775805d6a90568449e5df0055c8d68 Size/MD5: 1446080 7f9a904fd5e138a90ebb24ec9762c0cf Size/MD5: 10238640 2ca68c998ef5001b56599eeead4285bf sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 381628 e4c66e47382390f9b18e7fc8a2d70fc2 Size/MD5: 64525262 3e892b50f4eee4cb61eefda24e7a9612 Size/MD5: 1438444 3b02a43b55ee9c18921cf4dd704ba8cd Size/MD5: 9653902 f9bd9be7d0c97c9fc492eb271d78a2b6 Updated packages for Ubuntu 9.04: Source archives: Size/MD5: 104020 32d0f05b8444a746a0edd41349c160c2 Size/MD5: 2305 ec9eb15c47913f5ec148ffddca904315 Size/MD5: 12335659 83d6a0d59e79873bbe0a5a90ef23f27e Architecture independent packages: Size/MD5: 1989926 dd442e1cf759169409634e0a55f7bbe8 amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 281654 85c7bf34df6d9129f5c295e05adae9a4 Size/MD5: 44154854 ee9068a0c87001d9ec9d3d90ca2ca3da Size/MD5: 1091202 c1430eb8a84e68e5034c0d97f3ec51f4 Size/MD5: 7071844 e1ca3960e074100bf58fd89654103ee5 Size/MD5: 1025242bbebb2f95726d931579aca0739a62c6 Size/MD5: 610934 8b5c132c776faf2a029f34c4b30cd656 i386 architecture (x86 compatible Intel/AMD): Size/MD5: 269104 c4612880c098d4647d13926496adefb9 Size/MD5: 43460726 c7f1491f2fcf451564a2312069dbde92 Size/MD5: 1090342 e56a2b8b8daeee653f55baa14be73284 Size/MD5: 6778280 07b3fa6ce24c085424d102eda7261969 Size/MD5: 127322 4ebcee74931d57bcb56b05fc270fde3d Size/MD5: 567162 9f72ead2cee64f5a3de3917792ab4c0f lpia architecture (Low Power Intel Architecture): Size/MD5: 275580 1d5da4de19d017fcfa79a4056c17ae01 Size/MD5: 43587848 e94aed2b623e0463ef192e3ff19d6d44 Size/MD5: 1092682 d040dc4b0718f148dfc93d81a6ef1454 Size/MD5: 6850706 8f0adbd06a0847da5a2d15cfad4c257c Size/MD5: 102486 239d38e7ee3443c3fdfaff5db8ae2eb9 Size/MD5: 600146 89db6cb42b9c9a2a43a214205173467c powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 269884 2d1ab31ad761746d55b508fdf9020b03 Size/MD5: 43126080 4e40874d089491ab0ad0a6f78dd6fd4d Size/MD5: 1089852 50f1e895cf308de02e736bbf4ade19c1 Size/MD5: 6203800 ccee8ec8a8c1da20a3fc50870d454b61 Size/MD5: 102474 69bde557a52136bbc666fc39550030b5 Size/MD5: 555434 4253e3224b0eddab9fd85357b8771756 sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 250250 7eb83ed7165eb32e59cdd191046c39df Size/MD5: 40333438 5dc7af31143fceabcbf3d49929aed2e4 Size/MD5: 1086248 3cd8c1c642149f35a6b04804664b5e1f Size/MD5: 5932388 5a59b3b9df837d93f5ae3ddd59870631 Size/MD5: 102446 2d843ca6ed093eb1641e7e2f5f421ffe Size/MD5: 530794 b0b5583c144ed90a855ac9a0b6643f74 Updated packages for Ubuntu 9.10: Source archives: Size/MD5: 160839 c594eccef7c8ceabff20a8b5bb8da6b0 Size/MD5: 2301 7e7ce51359cf82ec23188479bd81f34f Size/MD5: 12961029 076c304e8829229e1f1a5ef8eecda34d Architectureindependent packages: Size/MD5: 2501328 635e74cea648a785eaca9d5ac7b7a8bf amd64 architecture (Athlon64, Opteron, EM64T Xeon): Size/MD5: 236080 ee88e1d5afe4da918c8e362b263ca355 Size/MD5: 47641692 4502ce2a9d687622a6fe0bfef406f1c6 Size/MD5: 1162282 63050bae7403fb0ba6b7e34d686ecac7 Size/MD5: 7276964 d901a84198c938147eb97e364c8a4e7c Size/MD5: 657864 1a124d132ca09637458657de0f61a68f i386 architecture (x86 compatible Intel/AMD): Size/MD5: 227420 bb3a9991d63988035414bdb8d2d195db Size/MD5: 47142396 6950b2c99d61bfa71599020eb223aba7 Size/MD5: 1161550 829a35f9f7637176d9a4a74923d27cdb Size/MD5: 7019572 3c4af34e1fc523ace73a2aa7a53048ef Size/MD5: 608938 2b44f507a4ba29aa8d8de059d2674921 lpia architecture (Low Power Intel Architecture): Size/MD5: 234518 6edda7121cb4e64320eccfbf0ee37d79 Size/MD5: 47232510 0fedbdd6ec510ac83e9fb6cc59f5293a Size/MD5: 1163720 66d8939b2a848dd113390438996d31c5 Size/MD5: 7163048 0f84dc555132acf0d40f8310a7260c8c Size/MD5: 653692 bed649a879d2a387406f91284c27dc94 powerpc architecture (Apple Macintosh G3/G4/G5): Size/MD5: 217718 2951df67e37de8dff2380eab9e946b0d Size/MD5: 47000996 1eabf7a08da76c26a4981fdb2b039007 Size/MD5: 1158764 96a4bdf2699880369d39b8f12fefeb5c Size/MD5: 6387572 fea74e2bbe2137a7bed4938649612bca Size/MD5: 599074 193adda0adb27083c3643568bb560ea4 sparc architecture (Sun SPARC/UltraSPARC): Size/MD5: 217164 8a2cc000d2afa3daf4745cc9710c1391 Size/MD5: 43663358 d58f044f914a89c78f5388e70fdc856c Size/MD5: 1157850 acaef9c86335bedc7133860129de2579 Size/MD5: 6202126 4b1d5c0a92b9a2ab8368d4f649d80bb0 Size/MD5: 572642 48ab7fa1e805f94334adcf212f86c6f6 . Addressing vulnerabilities in KDE 4 for Ubuntu versions 8.10, 9.04, and 9.10 is essential. Key updates involve rectifying a significant directorytraversal weakness.. KDESecurityUpdate,UbuntuKDEFlaw,USN-871-2Advisory,SecurityPatch,KDELibrariesFix. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Dec 11, 2009 Critical Ubuntu
91

Gentoo GLSA 200711-22 Normal: Poppler & KDE Code Execution Risk

Poppler and various KDE components are vulnerable to multiple memory management issues possibly resulting in the execution of arbitrary code. [More...]. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200711-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Poppler, KDE: User-assisted execution of arbitrary code Date: November 18, 2007 Bugs: #196735, #198409 ID: 200711-22 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Poppler and various KDE components are vulnerable to multiple memory management issues possibly resulting in the execution of arbitrary code. Background ========= Poppler is a cross-platform PDF rendering library originally based on Xpdf. KOffice is an integrated office suite for KDE. KWord is the KOffice word processor. KPDF is a KDE-based PDF viewer included in the kdegraphics package. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-text/poppler < 0.6.1-r1 > = 0.6.1-r1 2 kde-base/kpdf < 3.5.8-r1 *> = 3.5.7-r3 > = 3.5.8-r1 3 kde-base/kdegraphics < 3.5.8-r1 *> = 3.5.7-r3 > = 3.5.8-r1 4 app-office/kword < 1.6.3-r2 > = 1.6.3-r2 5 app-office/koffice < 1.6.3-r2 > = 1.6.3-r2 ------------------------------------------------------------------- 5 affected packages on all of their supported architectures. ------------------------------------------------------------------- Description ========== Alin Rad Pop (Secunia Research) discovered several vulnerabilities in the "Stream.cc" file of Xpdf: An integer overflow in the DCTStream::reset() method and a boundary error in the CCITTFaxStream::lookChar() method, both leading to heap-based buffer overflows (CVE-2007-5392, CVE-2007-5393). He also discovered a boundary checking error in the DCTStream::readProgressiveDataUnit() method causing memory corruption (CVE-2007-4352). Note: Gentoo's version of Xpdf is patched to use the Poppler library, so the update to Poppler will also fix Xpdf. Impact ===== By enticing a user to view or process a specially crafted PDF file with KWord or KPDF or a Poppler-based program such as Gentoo's viewers Xpdf, ePDFView, and Evince or the CUPS printing system, a remote attacker could cause an overflow, potentially resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround ========= There is no known workaround at this time. Resolution ========= All Poppler users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =app-text/poppler-0.6.1-r1" All KPDF users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =kde-base/kpdf-3.5.7-r3" All KDE Graphics Libraries users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =kde-base/kdegraphics-3.5.7-r3" All KWord users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =app-office/kword-1.6.3-r2" All KOffice users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =app-office/koffice-1.6.3-r2" References ========= [ 1 ] CVE-2007-4352 https://www.cve.org/CVERecord?id=CVE-2007-4352 [ 2 ] CVE-2007-5392 https://www.cve.org/CVERecord?id=CVE-2007-5392 [ 3 ] CVE-2007-5393 https://www.cve.org/CVERecord?id=CVE-2007-5393 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200711-22 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - iD8DBQFHQKbHuhJ+ozIKI5gRAl/iAJ0XNSINVi0zD5q+JKbQ1EGRzkV6HACeNp/n a8GSb0YsoakBlS9fPsW8Tz4=qbuD -----END PGP SIGNATURE----- . An official warning for Gentoo emphasizes vulnerabilities in FontConfig and Plasma that may result in potential exploits affecting system security.. Poppler Memory Issues, Gentoo Advisory, KDE Security Risks. . LinuxSecurity.com Team

Calendar%202 Nov 18, 2007 Gentoo
91

Gentoo: 200701-06 Critical: GNOME gedit Security Flaw Exploit

The KDE kfile JPEG info plugin of kdegraphics could enter an endless loop leading to a Denial of Service.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200701-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: KDE kfile JPEG info plugin: Denial of Service Date: January 12, 2007 Bugs: #155949 ID: 200701-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= The KDE kfile JPEG info plugin of kdegraphics could enter an endless loop leading to a Denial of Service. Background ========= The KDE kfile-info JPEG plugin provides meta-information about JPEG files. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 kde-base/kdegraphics-kfile-plugins < 3.5.5-r1 > = 3.5.5-r1 Description ========== Marcus Meissner of the SUSE security team discovered a stack overflow vulnerability in the code processing EXIF information in the kfile JPEG info plugin. Impact ===== A remote attacker could entice a user to view a specially crafted JPEG image with a KDE application like Konqueror or digiKam, leading to a Denial of Service by an infinite recursion. Workaround ========= There is no known workaround at this time. Resolution ========= All KDE users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =kde-base/kdegraphics-kfile-plugins-3.5.5-r1" References ========= [ 1 ] CVE-2006-6297 https://www.cve.org/CVERecord?id=CVE-2006-6297 Availability =========== This GLSA and any updates to it are available for viewingat the Gentoo Security Website: https://security.gentoo.org/glsa/200701-05 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2007 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . KDE's kfile PNG information plugin on Gentoo can cause Denial of Service. Updating advised to reduce vulnerabilities.. KDE Plugin, Denial of Service, Gentoo Security, kgraphics, JPEG Issue. . LinuxSecurity.com Team

Calendar%202 Jan 12, 2007 Gentoo
89

Fedora Core 5 2006-360 Critical: kdewebdev 3.5.2 Update

update to KDE 3.5.2. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2006-360 2006-04-18 ---------------------------------------------------------------------Product : Fedora Core 5 Name : kdewebdev Version : 3.5.2 Release : 0.1.fc5 Summary : WEB Development package for the K Desktop Environment. Description : The kdewebdev package contains Quanta Plus and other applications, which are useful for web development. They are runtime dependencies of Quanta Plus, and it is highly recommended that you install them. ---------------------------------------------------------------------Update Information: update to KDE 3.5.2 ---------------------------------------------------------------------* Wed Apr 5 2006 Than Ngo 6:3.5.2-0.1.fc5 - update to 3.5.2 ---------------------------------------------------------------------This update can be downloaded from: 7dfc925e48d06e0eef89add807173748ef6f14c6 SRPMS/kdewebdev-3.5.2-0.1.fc5.src.rpm 9af65cde47e704cfafaa33a50672b6289c7cfb45 ppc/kdewebdev-3.5.2-0.1.fc5.ppc.rpm 4a3b9e9cf6e93c67538f229efb96661925570347 ppc/kdewebdev-devel-3.5.2-0.1.fc5.ppc.rpm e4581dfcf4b4c4f836f0c0ebd3e2b307ba1debe7 ppc/debug/kdewebdev-debuginfo-3.5.2-0.1.fc5.ppc.rpm 6ed9f855c02d405c54bf19b2de214b491d7b44c0 x86_64/kdewebdev-3.5.2-0.1.fc5.x86_64.rpm 138535e7b75db20459e1bd4e7f9693fce4238ec3 x86_64/kdewebdev-devel-3.5.2-0.1.fc5.x86_64.rpm 524601249f25220fd8a682a9f885356e045d8aab x86_64/debug/kdewebdev-debuginfo-3.5.2-0.1.fc5.x86_64.rpm 111a74008990378e10eded4c7fc58c8928daf437 i386/kdewebdev-3.5.2-0.1.fc5.i386.rpm 6b9acf095d771c6b169f75338186af92a8344227 i386/kdewebdev-devel-3.5.2-0.1.fc5.i386.rpm 1c29e44186641d06bdd9939076b2e011ad65a703 i386/debug/kdewebdev-debuginfo-3.5.2-0.1.fc5.i386.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to'Managing Software with yum,' available at . ----------------------------------------------------------------------- fedora-announce-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . The recent release of KDE Plasma 5.20 for Ubuntu 18.04 improves multimedia support, providing users with an enriched experience.. KDE Update,Fedora Core Package,Web Development Tools. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Apr 18, 2006 Critical Fedora
89

Fedora Core 5: FEDORA-2006-346 Critical KDE Addons Update

update to KDE 3.5.2. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2006-346 2006-04-18 ---------------------------------------------------------------------Product : Fedora Core 5 Name : kdeaddons Version : 3.5.2 Release : 0.1.fc5 Summary : K Desktop Environment - Plugins Description : Plugins for some KDE applications: kdeaddons extends the functionality of Konqueror (web browser and file manager), noatun (media player) and Kate (text editor), Kicker, knewsticker. ---------------------------------------------------------------------Update Information: update to KDE 3.5.2 ---------------------------------------------------------------------* Thu Apr 6 2006 Than Ngo 3.5.2-0.1.fc5 - update to 3.5.2 ---------------------------------------------------------------------This update can be downloaded from: 9374a70b68f99a5ad11da60d18b8e6d442eef8b6 SRPMS/kdeaddons-3.5.2-0.1.fc5.src.rpm d86f30c7bf1e5dd5bf3e6967ae67fa4f3a99ca9c ppc/kdeaddons-3.5.2-0.1.fc5.ppc.rpm ae0cdc9fe93dbbfb307e76ea6bd19172e1e21c94 ppc/kdeaddons-atlantikdesigner-3.5.2-0.1.fc5.ppc.rpm 617454c8c92a0bc847688c9c0d0be3622ed2a0e1 ppc/debug/kdeaddons-debuginfo-3.5.2-0.1.fc5.ppc.rpm a446ddd7c960da3bd32499745e1d7a3940cc2b3a x86_64/kdeaddons-3.5.2-0.1.fc5.x86_64.rpm bd71b016d35dbd9a00d31b8314facf9d3b03f1ce x86_64/kdeaddons-atlantikdesigner-3.5.2-0.1.fc5.x86_64.rpm 31d358e6e9ea20ce40f0ae8d8d08478847ecad96 x86_64/debug/kdeaddons-debuginfo-3.5.2-0.1.fc5.x86_64.rpm d151fe3c3ad915fa37aa726e4dd8103d42ae9396 i386/kdeaddons-3.5.2-0.1.fc5.i386.rpm fd0d6203f0f3e66fd22d6e9f4945b4754a2fb8d7 i386/kdeaddons-atlantikdesigner-3.5.2-0.1.fc5.i386.rpm 4a4c008f399a7ee85ef0420274cdba9f3ca69dbb i386/debug/kdeaddons-debuginfo-3.5.2-0.1.fc5.i386.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Softwarewith yum,' available at . ----------------------------------------------------------------------- fedora-announce-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . KDE 3.5.2 upgrade for Fedora Core 5 presents improved features alongside kdeaddons extensions for various programs.. Fedora Updates,KDE Plugins,KDE 3.5.2 Update,Open Source Updates,Software Management. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Apr 18, 2006 Critical Fedora
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200