Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Zwei Probleme in K Desktop Environment
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in K Desktop Environment
ID: FEDORA-2017-01eed6fe8c
Distribution: Fedora
Plattformen: Fedora 24
Datum: Mo, 13. März 2017, 07:06
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6232

Originalnachricht

Name        : kdelibs3
Product : Fedora 24
Version : 3.5.10
Release : 84.fc24
URL : http://www.kde.org/
Summary : KDE 3 Libraries
Description :
Libraries for KDE 3:
KDE Libraries included: kdecore (KDE core library), kdeui (user interface),
kfm (file manager), khtmlw (HTML widget), kio (Input/Output, networking),
kspell (spelling checker), jscript (javascript), kab (addressbook),
kimgio (image manipulation).

-------------------------------------------------------------------------------
-
Update Information:

This kdelibs3 (KDE 3 compatibility libraries) update fixes the security issues:
* CVE-2016-6232 (karchive): Extraction of tar files possible to arbitrary
system
locations * CVE-2017-6410 (kio): Information Leak when accessing https when
using a malicious PAC file for the KDE 3 compatibility libraries. (Security
updates for KDE Frameworks 5 (kf5-karchive resp. kf5-kio) and for the KDE 4
compatibility libraries (kdelibs 4) have already been submitted.) In addition,
the KDE 3 compatibility version of KCrash was modified to use the DrKonqi from
Plasma 5 rather than from kde-runtime 4. (The original KDE 3 DrKonqi was
already
dropped years ago.) The kde-runtime 4 DrKonqi is not installed by default and
will be removed entirely in future Fedora versions, the Plasma 5 version of
DrKonqi can also be used for legacy applications.
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1427808 - CVE-2017-6410 kf5-kio, kdelibs: Information Leak when
accessing https when using a malicious PAC file
https://bugzilla.redhat.com/show_bug.cgi?id=1427808
[ 2 ] Bug #1357410 - CVE-2016-6232 kf5-karchive: Extraction of tar files
possible to arbitrary system locations
https://bugzilla.redhat.com/show_bug.cgi?id=1357410
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade kdelibs3' at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung