Lucene search

K
gentooGentoo FoundationGLSA-201406-34
HistoryJun 29, 2014 - 12:00 a.m.

KDE Libraries: Multiple vulnerabilities

2014-06-2900:00:00
Gentoo Foundation
security.gentoo.org
24

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.007

Percentile

81.0%

Background

KDE is a feature-rich graphical desktop environment for Linux and Unix-like operating systems. KDE Libraries contains libraries needed by all KDE applications.

Description

Multiple vulnerabilities have been discovered in KDE Libraries. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could cause a man-in-the-middle attack via any certificate issued by a legitimate certification authority. Furthermore, a local attacker may gain knowledge of user passwords through an information leak.

Workaround

There is no known workaround at this time.

Resolution

All KDE users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=kde-base/kdelibs-4.12.5-r1"
OSVersionArchitecturePackageVersionFilename
Gentooanyallkde-base/kdelibs< 4.12.5-r1UNKNOWN

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

EPSS

0.007

Percentile

81.0%