Sigurnosni nedostatak programskog paketa kdelibs

Preporuke

by ncert - 1. srpnja 2014.7. srpnja 2014.0

Detalji os-a: WN7
Važnost: IMP
Operativni sustavi: L
Kategorije: LFE

——————————————————————————–
Fedora Update Notification
FEDORA-2014-7579
2014-06-21 02:06:00
——————————————————————————–

Name : kdelibs
Product : Fedora 20
Version : 4.12.5
Release : 4.fc20
URL : http://www.kde.org/
Summary : KDE Libraries
Description :
Libraries for KDE 4.

——————————————————————————–
Update Information:

Fix security issue where POP3 kioslave silently accepted invalid SSL certificates.
——————————————————————————–
ChangeLog:

* Thu Jun 19 2014 Rex Dieter <rdieter@fedoraproject.org> 4.12.5-4
– Provides: kdelibs4-webkit …
* Thu Jun 19 2014 Rex Dieter <rdieter@fedoraproject.org> 4.12.5-3
– POP3 kiosloave silently accepted invalid SSL certificates (#1111022, #1111023, CVE-2014-3494)
* Tue Apr 29 2014 Rex Dieter <rdieter@fedoraproject.org> 4.12.5-2
– respin
* Fri Apr 25 2014 Rex Dieter <rdieter@fedoraproject.org> 4.12.5-1
– 4.12.5
* Wed Apr 2 2014 Than Ngo <than@redhat.com> – 6:4.12.4-1
– 4.12.4
* Sat Mar 1 2014 Rex Dieter <rdieter@fedoraproject.org> – 6:4.12.3-1
– 4.12.3
* Sat Feb 15 2014 Kevin Kofler <Kevin@tigcc.ticalc.org> – 6:4.12.2-3
– Plasma PackageKit integration: fix plasmapkg to not query Plasma for available
script engines if component is not Plasma/*, but e.g. KWin/Script (#1065688)
* Sun Feb 2 2014 Rex Dieter <rdieter@fedoraproject.org> – 6:4.12.2-2
– drop autostart-debug.patch
* Fri Jan 31 2014 Rex Dieter <rdieter@fedoraproject.org> – 6:4.12.2-1
– 4.12.2
* Fri Jan 10 2014 Rex Dieter <rdieter@fedoraproject.org> – 6:4.12.1-1
– 4.12.1
* Thu Dec 19 2013 Rex Dieter <rdieter@fedoraproject.org> 6:4.12.0-2
– disable tests
* Wed Dec 18 2013 Rex Dieter <rdieter@fedoraproject.org> – 6:4.12.0-1
– 4.12.0
——————————————————————————–
References:

[ 1 ] Bug #1111022 – CVE-2014-3494 kdelibs: POP3 kioslave silently accepted invalid SSL certificates
https://bugzilla.redhat.com/show_bug.cgi?id=1111022
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update kdelibs’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-7572
2014-06-21 02:05:43
--------------------------------------------------------------------------------

Name        : kdelibs
Product     : Fedora 19
Version     : 4.11.5
Release     : 4.fc19
URL         : http://www.kde.org/
Summary     : KDE Libraries
Description :
Libraries for KDE 4.

--------------------------------------------------------------------------------
Update Information:

Fix security issue where POP3 kioslave silently accepted invalid SSL certificates.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jun 19 2014 Rex Dieter  - 6:4.11.5-4
- Provides: kdelibs4-webkit ...
* Thu Jun 19 2014 Rex Dieter  - 6:4.11.5-3
- POP3 kiosloave silently accepted invalid SSL certificates (#1111022, #1111023, CVE-2014-3494)
* Sun Feb 16 2014 Kevin Kofler  - 6:4.11.5-2
- Plasma PackageKit integration: fix plasmapkg to not query Plasma for available
  script engines if component is not Plasma/*, but e.g. KWin/Script (#1065688)
* Fri Jan  3 2014 Rex Dieter  - 6:4.11.5-1
- 4.11.5
* Thu Dec 12 2013 Rex Dieter  - 6:4.11.4-1
- 4.11.4
* Mon Dec  9 2013 Kevin Kofler  - 6:4.11.3-9
- drop autostart-debug patch
* Mon Dec  9 2013 Kevin Kofler  - 6:4.11.3-8
- drop klauncher-timeout patch that did not help
- set QT_NO_GLIB in klauncher_main.cpp as a possible fix/workaround for #983110
* Sat Dec  7 2013 Rex Dieter  - 6:4.11.3-7
- avoid possible crasher in autostart-debug.patch
* Sat Dec  7 2013 Kevin Kofler  - 6:4.11.3-6
- increase KLauncher timeout as a possible fix/workaround for #983110
* Fri Dec  6 2013 Rex Dieter  - 6:4.11.3-5
- respin autostart debuging patch
- %check: support regression tests (default off)
* Fri Dec  6 2013 Rex Dieter  6:4.11.3-4
- add some autostart debugging
* Mon Dec  2 2013 Than Ngo  - 6:4.11.3-3
- add the arm's check in kdelibs
* Mon Dec  2 2013 Than Ngo  - 6:4.11.3-2
- add workaround for bz#969524
* Fri Nov  1 2013 Rex Dieter  - 6:4.11.3-1
- 4.11.3
* Sat Oct 19 2013 Rex Dieter  - 6:4.11.2-3
- followup upstream mimetypes fix
* Fri Oct 18 2013 Rex Dieter  - 6:4.11.2-2
- backport a few upstream fixes
* Sat Sep 28 2013 Rex Dieter  - 6:4.11.2-1
- 4.11.2
* Mon Sep 23 2013 Rex Dieter  - 6:4.11.1-4
- kded4 leak sockets when wifi connections fail (kde#324954)
- use upstreamed Samba patch
- Wrong timestamp on files copied (kde#55804)
* Sun Sep  8 2013 Rex Dieter  6:4.11.1-3
- rebuild (ilmbase/openexr)
* Tue Sep  3 2013 Rex Dieter  6:4.11.1-2
- backport kwallet synchronous mode fix (kde#254198)
* Tue Sep  3 2013 Rex Dieter  - 6:4.11.1-1
- 4.11.1
- include SOLID_HAL_LEGACY hack (el6)
* Wed Aug 14 2013 Rex Dieter  6:4.11.0-2
- upstream patches, including plasma crasher fix (kde#320855)
* Thu Aug  8 2013 Than Ngo  - 6:4.11.0-1
- 4.11.0
* Thu Jul 25 2013 Rex Dieter  - 6:4.10.97-1
- 4.10.97
* Tue Jul 23 2013 Rex Dieter  - 6:4.10.95-1
- 4.10.95
* Thu Jun 27 2013 Rex Dieter  4.10.90-1
- 4.10.90
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1111022 - CVE-2014-3494 kdelibs: POP3 kioslave silently accepted invalid SSL certificates
        https://bugzilla.redhat.com/show_bug.cgi?id=1111022
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update kdelibs' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Autor	Marko Stanec
Cert id	NCERT-REF-2014-07-0009-ADV
Cve	CERT-CVE-DUMMY
ID izvornika	CERT-ORIGID-DUMMY
Proizvod	CERT-DUMMY-PRODUCT
Izvor	http://www.adobe.com/

Sigurnosni nedostatak programskog paketa kdelibs

Archives

More in Preporuke

Sigurnosni nedostaci operacijskog sustava OS X