GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Sun Jun 29, 2014 9:26 pm Post subject: [ GLSA 201406-34 ] KDE Libraries: Multiple vulnerabilities |
 |
|
Gentoo Linux Security Advisory
Title: KDE Libraries: Multiple vulnerabilities (GLSA 201406-34)
Severity: normal
Exploitable: local, remote
Date: June 29, 2014
Bug(s): #358025, #384227, #469140, #513726
ID: 201406-34
Synopsis
Multiple vulnerabilities have been discovered in KDE Libraries, the
worst of which could lead to man-in-the-middle attacks.
Background
KDE is a feature-rich graphical desktop environment for Linux and
Unix-like operating systems. KDE Libraries contains libraries needed by
all KDE applications.
Affected Packages
Package: kde-base/kdelibs
Vulnerable: < 4.12.5-r1
Unaffected: >= 4.12.5-r1
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in KDE Libraries. Please
review the CVE identifiers referenced below for details.
Impact
A remote attacker could cause a man-in-the-middle attack via any
certificate issued by a legitimate certification authority. Furthermore,
a local attacker may gain knowledge of user passwords through an
information leak.
Workaround
There is no known workaround at this time.
Resolution
All KDE users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=kde-base/kdelibs-4.12.5-r1"
|
References
CVE-2011-1094
CVE-2011-3365
CVE-2013-2074
CVE-2014-3494 |
|
News & Announcements
