5 matches found
MGASA-2022-0238 Updated exo packages fix security vulnerability
Changed to prevent executing possibly malicious .desktop files from online sources ftp://, http:// etc...
kdelibs: malicious desktop files and configuration files lead to code execution with minimal user interaction
A flaw was found in the KDE Frameworks KConfig prior to version 5.61.0. Certain syntax commands were allowed in .desktop, .directory, and configuration files to allow flexible configurations with the desktop environment. An attacker could add malicious code to a file that a user would...
Fedora 29 : 6:kdelibs / kde-settings (2019-39d23c7a94)
This update fixes CVE-2019-14744 kconfig arbitrary shell code execution in the compatibility library kdelibs 4 used by legacy applications not yet ported to KDE Frameworks 5. The included kde-settings update removes obsolete settings that conflict with the security fix and are no longer needed se...
Fedora 30 : 6:kdelibs / kde-settings (2019-a746ac9c89)
This update fixes CVE-2019-14744 kconfig arbitrary shell code execution in the compatibility library kdelibs 4 used by legacy applications not yet ported to KDE Frameworks 5. The included kde-settings update removes obsolete settings that conflict with the security fix and are no longer needed se...
CVE-2019-14744
In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .deskto...