Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in KDE-PIM
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in KDE-PIM
ID: USN-3100-1
Distribution: Ubuntu
Plattformen: Ubuntu 12.04 LTS
Datum: Mi, 12. Oktober 2016, 16:38
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7966

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============8390898491890226862==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="fHB0rs5KVCRFnXvCn0mm8EIUXwo8gjh65"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--fHB0rs5KVCRFnXvCn0mm8EIUXwo8gjh65
Content-Type: multipart/mixed;
boundary="3SPA8UbW36SEoh34jTeTIfBdwexD84qWX"
From: Marc Deslauriers <marc.deslauriers@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <518dc695-0e8d-502c-40de-413193b11407@canonical.com>
Subject: [USN-3100-1] KDE-PIM Libraries vulnerability

--3SPA8UbW36SEoh34jTeTIfBdwexD84qWX
Content-Type: text/plain; charset=utf-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-3100-1
October 12, 2016

kdepimlibs vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS

Summary:

KMail could be made to run HTML if it opened a specially crafted email.

Software Description:
- kdepimlibs: the KDE PIM libraries

Details:

Roland Tapken discovered that the KDE-PIM Libraries incorrectly filtered
URLs. A remote attacker could use this issue to perform an HTML injection
attack in the KMail plain text viewer.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
libkpimutils4 4:4.8.5-0ubuntu0.3

After a standard system update you need to restart KMail to make all the
necessary changes.

References:
http://www.ubuntu.com/usn/usn-3100-1
CVE-2016-7966

Package Information:
https://launchpad.net/ubuntu/+source/kdepimlibs/4:4.8.5-0ubuntu0.3



--3SPA8UbW36SEoh34jTeTIfBdwexD84qWX--

--fHB0rs5KVCRFnXvCn0mm8EIUXwo8gjh65
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJX/ihcAAoJEGVp2FWnRL6TXd0P/jhCVOBA9T7BKQAc22Qeakqy
6Z6B93q5gU4tXX6xcU628JGeD5uV9ikIHMTpXP6Ae97knp8Emr2wKsKD5EO3cYwX
XTQ0UX5yOuOWylgGxvLOqmuwD+i0TfqzN4tpJsgFg8ez90SpNGrPXN6kxmUN+DjL
muFOfcuqR7/o5SDe249ltYTpYDhIv6IYqd4Zx0nwXaRIh+QL2mrmH01piRNepPyy
+WkXFYeKe8/lgiVuXtmSG/R/uImEez97jYc7jqPexXiptNFcxjF3RGKR6EJyeeFM
UsmvOp5zBi1RqfbJGnHylo/1EVl8qoNAmM7Mje6xN1p2cROOv42d/kWJottWexs0
DTtpkWTVP1MK21Cal26m5HhpWyyrRQ7MXlWDgRiT9vU5X4/SaS+JY6u5rokz4bC/
u//FQhC3OpMlhQSD1iGPKqtnLj0tgRQnDh/+t/lmu9tY8VmkUIxxTOYBo8tSioKV
qsFdol7n6Zwlc1g/MACd7uhy2OpdD/gys/iL9bU+h606j9P+Tsto8Sjr8wlIPp2B
4+MolSFeiL4I4SjctfH+dkFTrX/nLgUnj6UmVpO5i/6SMXy5zfvxH0m6ESkZjF+B
BZt6lSrMBncazcbLtX8rr9HzW+8nwDSuEIfKccY/+6pgTHP3dFmZAeEjXHoeaDqo
W/Cj9LFcD6zvLZ0kmqhe
=UUmX
-----END PGP SIGNATURE-----

--fHB0rs5KVCRFnXvCn0mm8EIUXwo8gjh65--


--===============8390898491890226862==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============8390898491890226862==--
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung