[SECURITY] [DLA 952-1] kde4libs security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : kde4libs
Version : 4:4.8.4-4+deb7u3
CVE ID : CVE-2013-2074 CVE-2017-6410 CVE-2017-8422
Debian Bug : 856890
Several vulnerabilities were discovered in kde4libs, the core libraries
for all KDE 4 applications. The Common Vulnerabilities and Exposures
project identifies the following problems:
CVE-2017-6410
Itzik Kotler, Yonatan Fridburg and Amit Klein of Safebreach Labs
reported that URLs are not sanitized before passing them to
FindProxyForURL, potentially allowing a remote attacker to obtain
sensitive information via a crafted PAC file.
CVE-2017-8422
Sebastian Krahmer from SUSE discovered that the KAuth framework
contains a logic flaw in which the service invoking dbus is not
properly checked. This flaw allows spoofing the identity of the
caller and gaining root privileges from an unprivileged account.
CVE-2013-2074
It was discovered that KIO would show web authentication
credentials in some error cases.
For Debian 7 "Wheezy", these problems have been fixed in version
4:4.8.4-4+deb7u3.
We recommend that you upgrade your kde4libs packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlknBWcACgkQnUbEiOQ2
gwKyIQ/+JPU478kM5PoPZwPsRf2zhsY8iWwzHWYB26vfHkQ3GGx74uqCT5To75Z3
rrgcOMEujdzopuQsv/fTbDk0Gp5CadjaQ3Nj0SqvyR+I/peVdVR5e5v12A4jpvD/
ri+D/Ze3EY809Nsglcg0S1WSZx/fbnXApaxDDU3hoYzvZHG2U3lTeRut7Sb2MKjf
as64wuO/4X3GxvPo9t0fiODLb/fIRbc0iD3ZUUzt9RweyG56Tj6tS9FFsMK4MhRx
J7UXskh8Ky4qjxyhb69LKR9v3e5L60wFvI4B4QYjVlEXfhBBAR8EYOVXJD3qt0cZ
KVn1Ew50DSjkAC/P6fKajSc0ZKfjZw+QyjgZIB2FgvxHEA+ZC1m1aNMiZ042VJuc
gVAaYxnZKysmdzRVZ3HAJ4WAbUnF88ZzjPus86JJ+IdHtVitahgpXG6CJkBmqQTB
7QMOYE9VvesFw8rGzqjLjm+bWlxQw8cDv0fdXw0CMbteuHz3mbTYsn9zdG4WSMmt
chalXy/s2XAnHXiKdVpJlA1G/vfNtIGzpdRPLUh55DSAen695973zR/KZKGLA/xl
qBhRGKYOye3aI0HtzwFa650UXzysx1oi+UWoZm5uXcHC42to5QX2z9nl/g/G94JB
NCAZdTt8b2zsbeRL6ftcHukf+TiA+RpZWmSTirhR+6H0uxGnaqs=
=tYwX
-----END PGP SIGNATURE-----
Reply to: