You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa kdepimlibs

Sigurnosni nedostatak programskog paketa kdepimlibs

by ncert - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-3100-1
October 12, 2016

kdepimlibs vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 LTS

Summary:

KMail could be made to run HTML if it opened a specially crafted email.

Software Description:
– kdepimlibs: the KDE PIM libraries

Details:

Roland Tapken discovered that the KDE-PIM Libraries incorrectly filtered
URLs. A remote attacker could use this issue to perform an HTML injection
attack in the KMail plain text viewer.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
libkpimutils4 4:4.8.5-0ubuntu0.3

After a standard system update you need to restart KMail to make all the
necessary changes.

References:
http://www.ubuntu.com/usn/usn-3100-1
CVE-2016-7966

Package Information:
https://launchpad.net/ubuntu/+source/kdepimlibs/4:4.8.5-0ubuntu0.3

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAEBCgAGBQJX/ihcAAoJEGVp2FWnRL6TXd0P/jhCVOBA9T7BKQAc22Qeakqy
6Z6B93q5gU4tXX6xcU628JGeD5uV9ikIHMTpXP6Ae97knp8Emr2wKsKD5EO3cYwX
XTQ0UX5yOuOWylgGxvLOqmuwD+i0TfqzN4tpJsgFg8ez90SpNGrPXN6kxmUN+DjL
muFOfcuqR7/o5SDe249ltYTpYDhIv6IYqd4Zx0nwXaRIh+QL2mrmH01piRNepPyy
+WkXFYeKe8/lgiVuXtmSG/R/uImEez97jYc7jqPexXiptNFcxjF3RGKR6EJyeeFM
UsmvOp5zBi1RqfbJGnHylo/1EVl8qoNAmM7Mje6xN1p2cROOv42d/kWJottWexs0
DTtpkWTVP1MK21Cal26m5HhpWyyrRQ7MXlWDgRiT9vU5X4/SaS+JY6u5rokz4bC/
u//FQhC3OpMlhQSD1iGPKqtnLj0tgRQnDh/+t/lmu9tY8VmkUIxxTOYBo8tSioKV
qsFdol7n6Zwlc1g/MACd7uhy2OpdD/gys/iL9bU+h606j9P+Tsto8Sjr8wlIPp2B
4+MolSFeiL4I4SjctfH+dkFTrX/nLgUnj6UmVpO5i/6SMXy5zfvxH0m6ESkZjF+B
BZt6lSrMBncazcbLtX8rr9HzW+8nwDSuEIfKccY/+6pgTHP3dFmZAeEjXHoeaDqo
W/Cj9LFcD6zvLZ0kmqhe
=UUmX
—–END PGP SIGNATURE—–

AutorTomislav Protega
Cert idNCERT-REF-2016-10-0090-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
ncert
Top
More in Preporuke
Sigurnosni nedostaci programskog paketa BIND

Otkriveni su sigurnosni nedostaci u programskom paketu BIND za operacijski sustav Gentoo. Otkriveni nedostaci potencijalnim napadačima omogućuju izvođenje napada uskraćivanja...

Close