drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in kde4libs
Name: |
Zwei Probleme in kde4libs |
|
ID: |
DSA-3849-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian sid, Debian jessie |
|
Datum: |
Fr, 12. Mai 2017, 14:07 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8422 |
|
Applikationen: |
KDE Software Compilation |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-3849-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 12, 2017 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : kde4libs CVE ID : CVE-2017-6410 CVE-2017-8422 Debian Bug : 856890
Several vulnerabilities were discovered in kde4libs, the core libraries for all KDE 4 applications. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2017-6410
Itzik Kotler, Yonatan Fridburg and Amit Klein of Safebreach Labs reported that URLs are not sanitized before passing them to FindProxyForURL, potentially allowing a remote attacker to obtain sensitive information via a crafted PAC file.
CVE-2017-8422
Sebastian Krahmer from SUSE discovered that the KAuth framework contains a logic flaw in which the service invoking dbus is not properly checked. This flaw allows spoofing the identity of the caller and gaining root privileges from an unprivileged account.
For the stable distribution (jessie), these problems have been fixed in version 4:4.14.2-5+deb8u2.
For the unstable distribution (sid), these problems have been fixed in version 4:4.14.26-2.
We recommend that you upgrade your kde4libs packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlkVddFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TlEw/+JuTVdCTCj7fF+w0FDHTTkMwE/229QkQq/yJskrHPHtETQQ/k61M+YQ08 lIH0YoQBF8NhhqlB+GD3eGV+HJSH4Decw7BwTL/XZdlx5awsKP4ekLd6fZVOuwsT CYNzcRtYhkrhoEjQmq7eJ9lVa2aS7DZnm3EmhmbuFAVonEy+q0+KAnQUcDANymiG CukZZ1gyYoVFkT/9HofsvgSXmUJ7ITjOI3z88pTBLgDLfIeUYH1e9E4Gc05rwBlT d+OLyWzLC5irMI/etLROakwVn885M7U8qkgwFAdJxy3D3tfOjzQZ/eUrExGkEG+p XIn9OXUzF0M3p0npA8pVUyf+x+ZjgZlr/TU+ghNalnFmKu6JAWpL6JhGaeHb98Zj d0kDI3QKGahUe/b4V3scoMWAkTeNkRsYki0YPgtbCRO68vpchWON4CMg5d3Vwb1f 2klytOVncq8IIiit//Fc+npOC3OLF7hHovS/wjyQhtoIgiE8E5LN+yNugwgZpYQK h+Vo5QDvoLY42i0tTjK7371Suh+ztF8LTN/Zd5Krat03z+WfMbAzHi4f0apy8vkT Q0kfz3VgOtC11g7bDV7x/fL4MB4oH9vD7OfPsRtxWpIfleecGUQrxctPLABlYu0r oVfQLToflWlI/BXvot/Lm0QqOobQyz/10dmKMVJ8BPKuPW9DqhU= =KxJ0 -----END PGP SIGNATURE-----
|
|
|
|