SUSE CVE-2013-7252

kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack...

openSUSE Security Update : kdebase4-runtime / kdelibs4 / konversation / etc (openSUSE-2015-251)

KDE and QT were updated to fix security issues and bugs. The following vulerabilities were fixed : - CVE-2014-0190: Malformed GIF files could have crashed QT based applications - CVE-2015-0295: Malformed BMP files could have crashed QT based applications - CVE-2014-8600: Multiple cross-site...

MGASA-2015-0044 Updated kdebase4-runtime packages fix CVE-2013-7252 and several bugs

Updated kdebase4-runtime packages fix security vulnerability: kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a codebook attack CVE-2013-7252. This...

[USN-2401-1] Konversation vulnerability

========================================================================== Ubuntu Security Notice USN-2401-1 November 10, 2014 konversation vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivative...

Fedora 20 : konversation-1.5.1-1.fc20 (2014-13791)

Konversation 1.5.1 is a maintenance release containing only bug fixes. The included changes address several minor behavioral defects and a low-risk DoS security defect in the Blowfish ECB support. See also: https://konversation.kde.org/ Note that Tenable Network Security has extracted the precedi...

Fedora 19 : konversation-1.5.1-1.fc19 (2014-13702)

Konversation 1.5.1 is a maintenance release containing only bug fixes. The included changes address several minor behavioral defects and a low-risk DoS security defect in the Blowfish ECB support. See also: https://konversation.kde.org/ Note that Tenable Network Security has extracted the precedi...

openSUSE Security Update : konversation (openSUSE-SU-2014:1406-1)

konversation was updated to version 1.5.1, fixing bugs and one security issue. Changes : - Konversation 1.5.1 is a maintenance release containing only bug fixes. The included changes address several minor behavioral defects and a low-risk DoS security defect in the Blowfish ECB support. The KDE...

Fedora 21 : konversation-1.5.1-1.fc21 (2014-13837)

Konversation 1.5.1 is a maintenance release containing only bug fixes. The included changes address several minor behavioral defects and a low-risk DoS security defect in the Blowfish ECB support. See also: https://konversation.kde.org/ Note that Tenable Network Security has extracted the precedi...

Ubuntu 12.04 LTS : konversation vulnerability (USN-2401-1)

Manuel Nickschas discovered that Konversation did not properly perform input sanitization when using Blowfish ECB encryption. A remote attacker could exploit this to cause a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubunt...

Ubuntu: Security Advisory (USN-2401-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-2401-1: Konversation vulnerability

Manuel Nickschas discovered that Konversation did not properly perform input sanitization when using Blowfish ECB encryption. A remote attacker could exploit this to cause a denial of service...

konversation: denial of service

Konversation's Blowfish ECB encryption support assumes incoming blocks to be the expected 12 bytes. The lack of a sanity-check for the actual size can cause a denial of service and an information leak to the local user...

FreeBSD : Konversation -- out-of-bounds read on a heap-allocated array (0167f5ad-64ea-11e4-98c1-00269ee29e57)

Konversation developers report : Konversation's Blowfish ECB encryption support assumes incoming blocks to be the expected 12 bytes. The lack of a sanity-check for the actual size can cause a denial of service and an information leak to the local user. %NASLMINLEVEL 70300 C Tenable Network...

Konversation -- out-of-bounds read on a heap-allocated array

Konversation developers report: Konversation's Blowfish ECB encryption support assumes incoming blocks to be the expected 12 bytes. The lack of a sanity-check for the actual size can cause a denial of service and an information leak to the local user...