FEDORA-2017-01eed6fe8c — security update for kdelibs3

stable

kdelibs3-3.5.10-84.fc24

FEDORA-2017-01eed6fe8c created by kkofler 5 years ago for Fedora 24

This kdelibs3 (KDE 3 compatibility libraries) update fixes the security issues:

CVE-2016-6232 (karchive): Extraction of tar files possible to arbitrary system locations
CVE-2017-6410 (kio): Information Leak when accessing https when using a malicious PAC file

for the KDE 3 compatibility libraries. (Security updates for KDE Frameworks 5 (kf5-karchive resp. kf5-kio) and for the KDE 4 compatibility libraries (kdelibs 4) have already been submitted.)

In addition, the KDE 3 compatibility version of KCrash was modified to use the DrKonqi from Plasma 5 rather than from kde-runtime 4. (The original KDE 3 DrKonqi was already dropped years ago.) The kde-runtime 4 DrKonqi is not installed by default and will be removed entirely in future Fedora versions, the Plasma 5 version of DrKonqi can also be used for legacy applications.

How to install

sudo dnf upgrade --refresh --advisory=FEDORA-2017-01eed6fe8c

This update has been submitted for testing by kkofler.

5 years ago

kkofler edited this update.

5 years ago

This update has been pushed to testing.

5 years ago

This update has been submitted for stable by kkofler.

5 years ago

This update has been pushed to stable.

5 years ago

Please login to add feedback.

Metadata

Type

security

Severity

medium

Karma

Signed

Content Type

RPM

Test Gating

Builds

kdelibs3-3.5.10-84.fc24

Settings

Unstable by Karma

-3

Stable by Karma

disabled

Stable by Time

disabled

Dates

submitted

5 years ago

in testing

5 years ago

in stable

5 years ago

modified

5 years ago

BZ#1357410 CVE-2016-6232 kf5-karchive: Extraction of tar files possible to arbitrary system locations

BZ#1427808 CVE-2017-6410 kf5-kio, kdelibs: Information Leak when accessing https when using a malicious PAC file

kdelibs3-3.5.10-84.fc24

How to install

Automated Test Results