drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in K Desktop Environment
Name: |
Zwei Probleme in K Desktop Environment |
|
ID: |
FEDORA-2017-01eed6fe8c |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 24 |
|
Datum: |
Mo, 13. März 2017, 07:06 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6232 |
|
Applikationen: |
KDE Software Compilation |
|
Originalnachricht |
Name : kdelibs3 Product : Fedora 24 Version : 3.5.10 Release : 84.fc24 URL : http://www.kde.org/ Summary : KDE 3 Libraries Description : Libraries for KDE 3: KDE Libraries included: kdecore (KDE core library), kdeui (user interface), kfm (file manager), khtmlw (HTML widget), kio (Input/Output, networking), kspell (spelling checker), jscript (javascript), kab (addressbook), kimgio (image manipulation).
------------------------------------------------------------------------------- - Update Information:
This kdelibs3 (KDE 3 compatibility libraries) update fixes the security issues: * CVE-2016-6232 (karchive): Extraction of tar files possible to arbitrary system locations * CVE-2017-6410 (kio): Information Leak when accessing https when using a malicious PAC file for the KDE 3 compatibility libraries. (Security updates for KDE Frameworks 5 (kf5-karchive resp. kf5-kio) and for the KDE 4 compatibility libraries (kdelibs 4) have already been submitted.) In addition, the KDE 3 compatibility version of KCrash was modified to use the DrKonqi from Plasma 5 rather than from kde-runtime 4. (The original KDE 3 DrKonqi was already dropped years ago.) The kde-runtime 4 DrKonqi is not installed by default and will be removed entirely in future Fedora versions, the Plasma 5 version of DrKonqi can also be used for legacy applications. ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #1427808 - CVE-2017-6410 kf5-kio, kdelibs: Information Leak when accessing https when using a malicious PAC file https://bugzilla.redhat.com/show_bug.cgi?id=1427808 [ 2 ] Bug #1357410 - CVE-2016-6232 kf5-karchive: Extraction of tar files possible to arbitrary system locations https://bugzilla.redhat.com/show_bug.cgi?id=1357410 ------------------------------------------------------------------------------- -
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade kdelibs3' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
|
|
|
|