DSA-3849-1 kde4libs -- kde4libsID: oval:org.secpod.oval:def:602878 | Date: (C)2017-05-17 (M)2023-04-17 |
Class: PATCH | Family: unix |
Several vulnerabilities were discovered in kde4libs, the core libraries for all KDE 4 applications. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2017-6410 Itzik Kotler, Yonatan Fridburg and Amit Klein of Safebreach Labs reported that URLs are not sanitized before passing them to FindProxyForURL, potentially allowing a remote attacker to obtain sensitive information via a crafted PAC file. CVE-2017-8422 Sebastian Krahmer from SUSE discovered that the KAuth framework contains a logic flaw in which the service invoking dbus is not properly checked. This flaw allows spoofing the identity of the caller and gaining root privileges from an unprivileged account.
Product: |
kdelibs-bin |
kdelibs5-dev |