Gentoo FoundationMGASA-2014-0432

HistoryOct 29, 2014 - 2:30 p.m.

Updated KDE 4 and related packages move to KDE 4.12.5

2014-10-2914:30:40

Gentoo Foundation

advisories.mageia.org

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.905 High

EPSS

Percentile

98.8%

JSON

This KDE 4 update provides an upgrade to the last stable version of KDE Applications and Development Platform for the 4.12 series, and updates Plasma Workspaces to 4.11.12. This update fixes several security vulnerabilities - KMail/KIO POP3 SSL MITM Flaw (CVE-2014-3494 - mga#13545) - KAuth PID Reuse Flaw (CVE-2014-5033 - mga#13792) - krfb: possible denial of service or code execution via integer overflow (CVE-2014-4607 - mga#13933) - krfb: multiple security issues in libvncserver (mga#14205) (CVE-2014-6053, CVE-2014-6054, CVE-2014-6055) and additional issues - poxml is compiled without antlr (mga#12612) - crashes in bluedevil (mga#12751, mga#13618, mga#13728) - kdelibs file dialog isn’t properly translated in pure Qt apps (mga#12982) - kate: self-closing xml tag breaks indentation (mga#13275, bko#330174) - krdc missing dependency on freerdp (mga#13292) - lock screen: can’t start a new session after playing around with buttons (mga#13300, bko#331761) - kbreakout missing dependency on libkdegames-corebindings (mga#13531) - meinproc4 doesn’t substitute entity with fixed libxml2 (mga#13555, mga#13559, bko#335001) - calligra-words missing dependency on soprano-plugin-redland (mga#12008) - digikam can’t export to flickr (mga#13778, bko#336835) See the referenced buglists in KDE announcements for the complete list of fixes.

OSVersionArchitecturePackageVersionFilename
Mageia4noarchakonadi< 1.11.0-1akonadi-1.11.0-1.mga4
Mageia4noarchamor< 4.12.5-1amor-4.12.5-1.mga4
Mageia4noarchanalitza< 4.12.5-1analitza-4.12.5-1.mga4
Mageia4noarchark< 4.12.5-1.1ark-4.12.5-1.1.mga4
Mageia4noarchblinken< 4.12.5-1blinken-4.12.5-1.mga4
Mageia4noarchbluedevil< 2.0.0-0.git20140216.1.1bluedevil-2.0.0-0.git20140216.1.1.mga4
Mageia4noarchbomber< 4.12.5-1bomber-4.12.5-1.mga4
Mageia4noarchbovo< 4.12.5-1bovo-4.12.5-1.mga4
Mageia4noarchcalligra< 2.7.5-1.1calligra-2.7.5-1.1.mga4
Mageia4noarchcantor< 4.12.5-1cantor-4.12.5-1.mga4

OS	Version	Architecture	Package	Version	Filename
Mageia	4	noarch	akonadi	< 1.11.0-1	akonadi-1.11.0-1.mga4
Mageia	4	noarch	amor	< 4.12.5-1	amor-4.12.5-1.mga4
Mageia	4	noarch	analitza	< 4.12.5-1	analitza-4.12.5-1.mga4
Mageia	4	noarch	ark	< 4.12.5-1.1	ark-4.12.5-1.1.mga4
Mageia	4	noarch	blinken	< 4.12.5-1	blinken-4.12.5-1.mga4
Mageia	4	noarch	bluedevil	< 2.0.0-0.git20140216.1.1	bluedevil-2.0.0-0.git20140216.1.1.mga4
Mageia	4	noarch	bomber	< 4.12.5-1	bomber-4.12.5-1.mga4
Mageia	4	noarch	bovo	< 4.12.5-1	bovo-4.12.5-1.mga4
Mageia	4	noarch	calligra	< 2.7.5-1.1	calligra-2.7.5-1.1.mga4
Mageia	4	noarch	cantor	< 4.12.5-1	cantor-4.12.5-1.mga4

Rows per page:

1-10 of 1761

References

www.kde.org/info/security/advisory-20140618-1.txt

www.kde.org/info/security/advisory-20140730-1.txt

www.kde.org/info/security/advisory-20140803-1.txt

www.ocert.org/advisories/ocert-2014-007.html

bugs.kde.org/show_bug.cgi?id=330174

bugs.kde.org/show_bug.cgi?id=331761

bugs.kde.org/show_bug.cgi?id=335001

bugs.kde.org/show_bug.cgi?id=336835

bugs.mageia.org/show_bug.cgi?id=12008

bugs.mageia.org/show_bug.cgi?id=12612

bugs.mageia.org/show_bug.cgi?id=12751

bugs.mageia.org/show_bug.cgi?id=12982

bugs.mageia.org/show_bug.cgi?id=13221

bugs.mageia.org/show_bug.cgi?id=13275

bugs.mageia.org/show_bug.cgi?id=13292

bugs.mageia.org/show_bug.cgi?id=13300

bugs.mageia.org/show_bug.cgi?id=13531

bugs.mageia.org/show_bug.cgi?id=13545

bugs.mageia.org/show_bug.cgi?id=13555

bugs.mageia.org/show_bug.cgi?id=13559

bugs.mageia.org/show_bug.cgi?id=13618

bugs.mageia.org/show_bug.cgi?id=13728

bugs.mageia.org/show_bug.cgi?id=13778

bugs.mageia.org/show_bug.cgi?id=13792

bugs.mageia.org/show_bug.cgi?id=13933

bugs.mageia.org/show_bug.cgi?id=14205

lists.fedoraproject.org/pipermail/package-announce/2014-August/136758.html

lists.fedoraproject.org/pipermail/package-announce/2014-July/134961.html

lists.fedoraproject.org/pipermail/package-announce/2014-October/140293.html

lists.fedoraproject.org/pipermail/package-announce/2014-September/137844.html

lists.fedoraproject.org/pipermail/package-announce/2014-September/139445.html

www.kde.org/announcements/4.12

www.kde.org/announcements/announce-4.12.1.php

www.kde.org/announcements/announce-4.12.2.php

www.kde.org/announcements/announce-4.12.3.php

www.kde.org/announcements/announce-4.12.4.php

www.kde.org/announcements/announce-4.12.5.php

www.kde.org/info/security/advisory-20140923-1.txt

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.905 High

EPSS

Percentile

98.8%

JSON

Related for MGASA-2014-0432