[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1890-1] kde4libs security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : kde4libs
Version        : 4:4.14.2-5+deb8u3
CVE ID         : CVE-2019-14744
Debian Bug     : 934268

Dominik Penner discovered a flaw in how KConfig interpreted shell
commands in desktop files and other configuration files. An attacker may
trick users into installing specially crafted files which could then be
used to execute arbitrary code, e.g. a file manager trying to find out
the icon for a file or any application using KConfig. Thus the entire
feature of supporting shell commands in KConfig entries has been
removed.

For Debian 8 "Jessie", this problem has been fixed in version
4:4.14.2-5+deb8u3.

We recommend that you upgrade your kde4libs packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl1Z02VfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeT7bQ/+Jeg1ClUlPXrBLwmeexTeoJPf5sLFxJv2nLSv/xyqyaVodVkOK9ul061g
JT54HVapfDzwD4C6u5paeeeBKnMPzYi9ttRDkNJwaIrP+L4uhFX8usQc7TXV5UNx
Ehq0nCl5bx1qiF95Ccm0N5yCNzelIDBM+I15Fh4Fwq8rN3MyaUwpqo7qBaqt3Qe6
jIdEc3EIS8iR4tiOSbzTGX5JgqMrLhzxZYmpF+VnGdWrzVZ5QGwwT0eJ6Llti6y7
6PQ7CTfQsJbY5P1KiVo4AR9unua0yiRPzOLwFwmz67GAS//o9D7UPCH/urgobkhZ
Lq6GTOYUxR5ob7OwD8N147SLo0mgNmNx94ctroUij+BY7JtW79EYDkU/mFfXjBu/
7WXgCPnzUsoHvfRxDAnsHocPhz+873sQgq/TnecTVIwTQIktI+lesArDYrhfQthg
a6+H0RRKfj+AW+3BAJWpUvc3A6GwFh1o2AXKh/Os7sfXQIaDIEMTqlt4d+cSNAXn
3N2zP97u/DaQb8+6AOPoyKf+o+ECXadkMsnYm5Yz6JehfhOZJGTOqeQQ59kVvFSx
uD2iHHn/qOcZnPF4rA6DtafH02Zb/TQ3IOUHKNoAKHyu5dyrhjAEkAxblQE4gxKa
fOq2IdcvE7PrP8WQ5VrCvchrM/E8muNOUf4Ujt0YLJzp0FzOrlw=
=0A8C
-----END PGP SIGNATURE-----


Reply to: