Login-Name Passwort


Sicherheit: Zwei Probleme in K Desktop Environment
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in K Desktop Environment
ID: FEDORA-2017-01eed6fe8c
Distribution: Fedora
Plattformen: Fedora 24
Datum: Mo, 13. März 2017, 07:06
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6410
Applikationen: K Desktop Environment


Name        : kdelibs3
Product : Fedora 24
Version : 3.5.10
Release : 84.fc24
URL : http://www.kde.org/
Summary : KDE 3 Libraries
Description :
Libraries for KDE 3:
KDE Libraries included: kdecore (KDE core library), kdeui (user interface),
kfm (file manager), khtmlw (HTML widget), kio (Input/Output, networking),
kspell (spelling checker), jscript (javascript), kab (addressbook),
kimgio (image manipulation).

Update Information:

This kdelibs3 (KDE 3 compatibility libraries) update fixes the security issues:
* CVE-2016-6232 (karchive): Extraction of tar files possible to arbitrary
locations * CVE-2017-6410 (kio): Information Leak when accessing https when
using a malicious PAC file for the KDE 3 compatibility libraries. (Security
updates for KDE Frameworks 5 (kf5-karchive resp. kf5-kio) and for the KDE 4
compatibility libraries (kdelibs 4) have already been submitted.) In addition,
the KDE 3 compatibility version of KCrash was modified to use the DrKonqi from
Plasma 5 rather than from kde-runtime 4. (The original KDE 3 DrKonqi was
dropped years ago.) The kde-runtime 4 DrKonqi is not installed by default and
will be removed entirely in future Fedora versions, the Plasma 5 version of
DrKonqi can also be used for legacy applications.

[ 1 ] Bug #1427808 - CVE-2017-6410 kf5-kio, kdelibs: Information Leak when
accessing https when using a malicious PAC file
[ 2 ] Bug #1357410 - CVE-2016-6232 kf5-karchive: Extraction of tar files
possible to arbitrary system locations

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade kdelibs3' at the command line.
For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Unterstützer werden
Neue Nachrichten