8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.905 High
EPSS
Percentile
98.8%
This KDE 4 update provides an upgrade to the last stable version of KDE Applications and Development Platform for the 4.12 series, and updates Plasma Workspaces to 4.11.12. This update fixes several security vulnerabilities - KMail/KIO POP3 SSL MITM Flaw (CVE-2014-3494 - mga#13545) - KAuth PID Reuse Flaw (CVE-2014-5033 - mga#13792) - krfb: possible denial of service or code execution via integer overflow (CVE-2014-4607 - mga#13933) - krfb: multiple security issues in libvncserver (mga#14205) (CVE-2014-6053, CVE-2014-6054, CVE-2014-6055) and additional issues - poxml is compiled without antlr (mga#12612) - crashes in bluedevil (mga#12751, mga#13618, mga#13728) - kdelibs file dialog isn’t properly translated in pure Qt apps (mga#12982) - kate: self-closing xml tag breaks indentation (mga#13275, bko#330174) - krdc missing dependency on freerdp (mga#13292) - lock screen: can’t start a new session after playing around with buttons (mga#13300, bko#331761) - kbreakout missing dependency on libkdegames-corebindings (mga#13531) - meinproc4 doesn’t substitute entity with fixed libxml2 (mga#13555, mga#13559, bko#335001) - calligra-words missing dependency on soprano-plugin-redland (mga#12008) - digikam can’t export to flickr (mga#13778, bko#336835) See the referenced buglists in KDE announcements for the complete list of fixes.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 4 | noarch | akonadi | < 1.11.0-1 | akonadi-1.11.0-1.mga4 |
Mageia | 4 | noarch | amor | < 4.12.5-1 | amor-4.12.5-1.mga4 |
Mageia | 4 | noarch | analitza | < 4.12.5-1 | analitza-4.12.5-1.mga4 |
Mageia | 4 | noarch | ark | < 4.12.5-1.1 | ark-4.12.5-1.1.mga4 |
Mageia | 4 | noarch | blinken | < 4.12.5-1 | blinken-4.12.5-1.mga4 |
Mageia | 4 | noarch | bluedevil | < 2.0.0-0.git20140216.1.1 | bluedevil-2.0.0-0.git20140216.1.1.mga4 |
Mageia | 4 | noarch | bomber | < 4.12.5-1 | bomber-4.12.5-1.mga4 |
Mageia | 4 | noarch | bovo | < 4.12.5-1 | bovo-4.12.5-1.mga4 |
Mageia | 4 | noarch | calligra | < 2.7.5-1.1 | calligra-2.7.5-1.1.mga4 |
Mageia | 4 | noarch | cantor | < 4.12.5-1 | cantor-4.12.5-1.mga4 |
www.kde.org/info/security/advisory-20140618-1.txt
www.kde.org/info/security/advisory-20140730-1.txt
www.kde.org/info/security/advisory-20140803-1.txt
www.ocert.org/advisories/ocert-2014-007.html
bugs.kde.org/show_bug.cgi?id=330174
bugs.kde.org/show_bug.cgi?id=331761
bugs.kde.org/show_bug.cgi?id=335001
bugs.kde.org/show_bug.cgi?id=336835
bugs.mageia.org/show_bug.cgi?id=12008
bugs.mageia.org/show_bug.cgi?id=12612
bugs.mageia.org/show_bug.cgi?id=12751
bugs.mageia.org/show_bug.cgi?id=12982
bugs.mageia.org/show_bug.cgi?id=13221
bugs.mageia.org/show_bug.cgi?id=13275
bugs.mageia.org/show_bug.cgi?id=13292
bugs.mageia.org/show_bug.cgi?id=13300
bugs.mageia.org/show_bug.cgi?id=13531
bugs.mageia.org/show_bug.cgi?id=13545
bugs.mageia.org/show_bug.cgi?id=13555
bugs.mageia.org/show_bug.cgi?id=13559
bugs.mageia.org/show_bug.cgi?id=13618
bugs.mageia.org/show_bug.cgi?id=13728
bugs.mageia.org/show_bug.cgi?id=13778
bugs.mageia.org/show_bug.cgi?id=13792
bugs.mageia.org/show_bug.cgi?id=13933
bugs.mageia.org/show_bug.cgi?id=14205
lists.fedoraproject.org/pipermail/package-announce/2014-August/136758.html
lists.fedoraproject.org/pipermail/package-announce/2014-July/134961.html
lists.fedoraproject.org/pipermail/package-announce/2014-October/140293.html
lists.fedoraproject.org/pipermail/package-announce/2014-September/137844.html
lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html
www.kde.org/announcements/4.12
www.kde.org/announcements/announce-4.12.1.php
www.kde.org/announcements/announce-4.12.2.php
www.kde.org/announcements/announce-4.12.3.php
www.kde.org/announcements/announce-4.12.4.php
www.kde.org/announcements/announce-4.12.5.php
www.kde.org/info/security/advisory-20140923-1.txt
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.905 High
EPSS
Percentile
98.8%