stable
FEDORA-2017-01eed6fe8c created by kkofler 5 years ago for Fedora 24

This kdelibs3 (KDE 3 compatibility libraries) update fixes the security issues:

  • CVE-2016-6232 (karchive): Extraction of tar files possible to arbitrary system locations
  • CVE-2017-6410 (kio): Information Leak when accessing https when using a malicious PAC file

for the KDE 3 compatibility libraries. (Security updates for KDE Frameworks 5 (kf5-karchive resp. kf5-kio) and for the KDE 4 compatibility libraries (kdelibs 4) have already been submitted.)

In addition, the KDE 3 compatibility version of KCrash was modified to use the DrKonqi from Plasma 5 rather than from kde-runtime 4. (The original KDE 3 DrKonqi was already dropped years ago.) The kde-runtime 4 DrKonqi is not installed by default and will be removed entirely in future Fedora versions, the Plasma 5 version of DrKonqi can also be used for legacy applications.

How to install

sudo dnf upgrade --refresh --advisory=FEDORA-2017-01eed6fe8c

This update has been submitted for testing by kkofler.

5 years ago

kkofler edited this update.

5 years ago

This update has been pushed to testing.

5 years ago

This update has been submitted for stable by kkofler.

5 years ago

This update has been pushed to stable.

5 years ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
5 years ago
in testing
5 years ago
in stable
5 years ago
modified
5 years ago
BZ#1357410 CVE-2016-6232 kf5-karchive: Extraction of tar files possible to arbitrary system locations
0
0
BZ#1427808 CVE-2017-6410 kf5-kio, kdelibs: Information Leak when accessing https when using a malicious PAC file
0
0

Automated Test Results