Bug#913595: CVE-2018-19120: kio-extras: HTML Thumbnailer automatic remote file access
Package: kio-extras
Version: 4:18.08.1-1
Severity: important
Tags: security
Dear Maintainer,
"KDE Project Security Advisory: kio-extras: HTML Thumbnailer automatic
remote file access" (Message-ID: <5460566.RsyoOK3lV2@xps>, for some reason
the mailing list archives are for subscribers only) mentions that
'htmlthumbnail.so' accesses content from remote files in HTML files to
thumbnail. It has been assigned CVE number CVE-2018-19120.
KDE developers removed the HTML thumbnailer for KDE Applications 18.12.
Work-around is to remove
/usr/lib/x86_64-linux-gnu/qt5/plugins/htmlthumbnail.so
The announcement should be accessible to the public on
https://www.kde.org/announcements/
soon.
Thanks,
Martin
-- System Information:
Debian Release: buster/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable'), (200, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.19.0-tp520 (SMP w/4 CPU cores; PREEMPT)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages kio-extras depends on:
ii kio 5.51.0-1
ii kio-extras-data 4:18.08.1-1
ii libc6 2.27-8
ii libgcc1 1:8.2.0-9
ii libkf5activities5 5.51.0-1
ii libkf5archive5 5.51.0-1
ii libkf5bookmarks5 5.51.0-1
ii libkf5codecs5 5.51.0-1
ii libkf5configcore5 5.51.0-1
ii libkf5configgui5 5.51.0-1
ii libkf5configwidgets5 5.51.0-1
ii libkf5coreaddons5 5.51.0-1
ii libkf5dbusaddons5 5.51.0-1
ii libkf5dnssd5 5.51.0-1
ii libkf5guiaddons5 5.51.0-1
ii libkf5i18n5 5.51.0-1
ii libkf5iconthemes5 5.51.0-1
ii libkf5khtml5 5.51.0-1
ii libkf5kiocore5 5.51.0-1
ii libkf5kiofilewidgets5 5.51.0-1
ii libkf5kiowidgets5 5.51.0-1
ii libkf5parts5 5.51.0-1
ii libkf5pty5 5.51.0-1
ii libkf5service-bin 5.51.0-1
ii libkf5service5 5.51.0-1
ii libkf5solid5 5.51.0-1
ii libkf5xmlgui5 5.51.0-1
ii libmtp9 1.1.13-1
ii libopenexr23 2.2.1-4
ii libphonon4qt5-4 4:4.10.1-1
ii libqt5core5a 5.11.2+dfsg-4
ii libqt5dbus5 5.11.2+dfsg-4
ii libqt5gui5 5.11.2+dfsg-4
ii libqt5network5 5.11.2+dfsg-4
ii libqt5sql5 5.11.2+dfsg-4
ii libqt5svg5 5.11.2-2
ii libqt5webenginewidgets5 5.11.2+dfsg-2
ii libqt5widgets5 5.11.2+dfsg-4
ii libqt5xml5 5.11.2+dfsg-4
ii libsmbclient 2:4.9.1+dfsg-2
ii libssh-4 0.8.4-3
ii libstdc++6 8.2.0-9
ii libtag1v5 1.11.1+dfsg.1-0.2+b1
ii phonon4qt5 4:4.10.1-1
kio-extras recommends no packages.
kio-extras suggests no packages.
-- no debconf information
-- debsums errors found:
debsums: missing file /usr/lib/x86_64-linux-gnu/qt5/plugins/htmlthumbnail.so (from kio-extras package)
Reply to: