Debian Local Security Checks : Debian Security Advisory DSA 3849-1 (kde4libs

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.703849

Kategorie: Debian Local Security Checks

Titel: Debian Security Advisory DSA 3849-1 (kde4libs - security update)

Zusammenfassung: Several vulnerabilities were discovered in kde4libs, the core libraries;for all KDE 4 applications. The Common Vulnerabilities and Exposures;project identifies the following problems:;;CVE-2017-6410;Itzik Kotler, Yonatan Fridburg and Amit Klein of Safebreach Labs;reported that URLs are not sanitized before passing them to;FindProxyForURL, potentially allowing a remote attacker to obtain;sensitive information via a crafted PAC file.;;CVE-2017-8422;Sebastian Krahmer from SUSE discovered that the KAuth framework;contains a logic flaw in which the service invoking dbus is not;properly checked. This flaw allows spoofing the identity of the;caller and gaining root privileges from an unprivileged account.

Beschreibung: Summary:
Several vulnerabilities were discovered in kde4libs, the core libraries
for all KDE 4 applications. The Common Vulnerabilities and Exposures
project identifies the following problems:

CVE-2017-6410
Itzik Kotler, Yonatan Fridburg and Amit Klein of Safebreach Labs
reported that URLs are not sanitized before passing them to
FindProxyForURL, potentially allowing a remote attacker to obtain
sensitive information via a crafted PAC file.

CVE-2017-8422
Sebastian Krahmer from SUSE discovered that the KAuth framework
contains a logic flaw in which the service invoking dbus is not
properly checked. This flaw allows spoofing the identity of the
caller and gaining root privileges from an unprivileged account.

Affected Software/OS:
kde4libs on Debian Linux

Solution:
For the stable distribution (jessie), these problems have been fixed in
version 4:4.14.2-5+deb8u2.

For the unstable distribution (sid), these problems have been fixed in
version 4:4.14.26-2.

We recommend that you upgrade your kde4libs packages.

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2017-6410
BugTraq ID: 96515
http://www.securityfocus.com/bid/96515
Debian Security Information: DSA-3849 (Google Search)
http://www.debian.org/security/2017/dsa-3849
Common Vulnerability Exposure (CVE) ID: CVE-2017-8422
BugTraq ID: 98412
http://www.securityfocus.com/bid/98412
https://www.exploit-db.com/exploits/42053/
https://security.gentoo.org/glsa/201706-29
http://www.openwall.com/lists/oss-security/2017/05/10/3
RedHat Security Advisories: RHSA-2017:1264
https://access.redhat.com/errata/RHSA-2017:1264
http://www.securitytracker.com/id/1038480

Copyright Copyright (C) 2017 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.703849
Kategorie:	Debian Local Security Checks
Titel:	Debian Security Advisory DSA 3849-1 (kde4libs - security update)
Zusammenfassung:	Several vulnerabilities were discovered in kde4libs, the core libraries;for all KDE 4 applications. The Common Vulnerabilities and Exposures;project identifies the following problems:;;CVE-2017-6410;Itzik Kotler, Yonatan Fridburg and Amit Klein of Safebreach Labs;reported that URLs are not sanitized before passing them to;FindProxyForURL, potentially allowing a remote attacker to obtain;sensitive information via a crafted PAC file.;;CVE-2017-8422;Sebastian Krahmer from SUSE discovered that the KAuth framework;contains a logic flaw in which the service invoking dbus is not;properly checked. This flaw allows spoofing the identity of the;caller and gaining root privileges from an unprivileged account.
Beschreibung:	Summary: Several vulnerabilities were discovered in kde4libs, the core libraries for all KDE 4 applications. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2017-6410 Itzik Kotler, Yonatan Fridburg and Amit Klein of Safebreach Labs reported that URLs are not sanitized before passing them to FindProxyForURL, potentially allowing a remote attacker to obtain sensitive information via a crafted PAC file. CVE-2017-8422 Sebastian Krahmer from SUSE discovered that the KAuth framework contains a logic flaw in which the service invoking dbus is not properly checked. This flaw allows spoofing the identity of the caller and gaining root privileges from an unprivileged account. Affected Software/OS: kde4libs on Debian Linux Solution: For the stable distribution (jessie), these problems have been fixed in version 4:4.14.2-5+deb8u2. For the unstable distribution (sid), these problems have been fixed in version 4:4.14.26-2. We recommend that you upgrade your kde4libs packages. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2017-6410 BugTraq ID: 96515 http://www.securityfocus.com/bid/96515 Debian Security Information: DSA-3849 (Google Search) http://www.debian.org/security/2017/dsa-3849 Common Vulnerability Exposure (CVE) ID: CVE-2017-8422 BugTraq ID: 98412 http://www.securityfocus.com/bid/98412 https://www.exploit-db.com/exploits/42053/ https://security.gentoo.org/glsa/201706-29 http://www.openwall.com/lists/oss-security/2017/05/10/3 RedHat Security Advisories: RHSA-2017:1264 https://access.redhat.com/errata/RHSA-2017:1264 http://www.securitytracker.com/id/1038480
Copyright	Copyright (C) 2017 Greenbone Networks GmbH