UbuntuUpdates.org

Package "libkrosscore4"

Name: libkrosscore4

Description:

Kross Core Library

Latest version: 4:4.13.3-0ubuntu0.5
Release: trusty (14.04)
Level: security
Repository: main
Head package: kde4libs
Homepage: http://kross.dipe.org

Links


Download "libkrosscore4"


Other versions of "libkrosscore4" in Trusty

Repository Area Version
base main 4:4.13.0-0ubuntu1
updates main 4:4.13.3-0ubuntu0.5
PPA: Kubuntu-ppa Backports 4:4.14.13a-4~ubuntu1~ubuntu14.04~ppa3

Changelog

Version: 4:4.13.3-0ubuntu0.5 2017-05-15 14:06:19 UTC

  kde4libs (4:4.13.3-0ubuntu0.5) trusty-security; urgency=medium

  * SECURITY UPDATE: privilege escalation in DBus auth backend
    - debian/patches/CVE-2017-8422.patch: verify caller in
      kdecore/auth/AuthBackend.cpp, kdecore/auth/AuthBackend.h,
      kdecore/auth/backends/dbus/DBusHelperProxy.cpp,
      kdecore/auth/backends/dbus/DBusHelperProxy.h,
      kdecore/auth/backends/policykit/PolicyKitBackend.cpp,
      kdecore/auth/backends/policykit/PolicyKitBackend.h,
      kdecore/auth/backends/polkit-1/Polkit1Backend.cpp,
      kdecore/auth/backends/polkit-1/Polkit1Backend.h.
    - CVE-2017-8422

 -- Marc Deslauriers <email address hidden> Thu, 11 May 2017 09:10:03 -0400

Source diff to previous version

Version: 4:4.13.3-0ubuntu0.4 2017-03-09 15:07:04 UTC

  kde4libs (4:4.13.3-0ubuntu0.4) trusty-security; urgency=medium

  * SECURITY UPDATE: information leak via crafted PAC file (LP: #1668871)
    - debian/patches/CVE-2017-6410.patch: sanitize URLs in
      kio/misc/kpac/script.cpp.
    - CVE-2017-6410

 -- Marc Deslauriers <email address hidden> Wed, 08 Mar 2017 10:25:45 -0500

Source diff to previous version
1668871 kio: Information Leak when accessing https when using a malicious PAC file
CVE-2017-6410 kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the PAC FindProxyForURL function with a full https URL (potentially including

Version: 4:4.13.3-0ubuntu0.3 2016-07-26 19:06:56 UTC

  kde4libs (4:4.13.3-0ubuntu0.3) trusty-security; urgency=medium

  * SECURITY UPDATE: file extraction out of the expected directory
    - debian/patches/CVE-2016-6232.patch: limit files to extraction folder
      in kdecore/io/karchive.cpp.
    - CVE-2016-6232

 -- Marc Deslauriers <email address hidden> Mon, 25 Jul 2016 15:05:37 -0400

Source diff to previous version

Version: 4:4.13.3-0ubuntu0.2 2014-11-24 18:06:35 UTC

  kde4libs (4:4.13.3-0ubuntu0.2) trusty-security; urgency=medium

  * No change rebuild in the -security pocket.
 -- Marc Deslauriers <email address hidden> Fri, 21 Nov 2014 08:06:47 -0500

Source diff to previous version

Version: 4:4.13.2a-0ubuntu0.3 2014-07-31 15:06:41 UTC

  kde4libs (4:4.13.2a-0ubuntu0.3) trusty-security; urgency=medium

  * SECURITY UPDATE: kauth authentication bypass (LP: #1350019)
    - debian/patches/CVE-2014-5033.patch: use dbus system bus name instead
      of PID for authentication. Cherry-picked from upstream.
    - CVE-2014-5033
 -- Felix Geyer <email address hidden> Tue, 29 Jul 2014 22:35:14 +0200

1350019 CVE-2014-5033: kauth authentication bypass
CVE-2014-5033 kauth authentication bypass



About   -   Send Feedback to @ubuntu_updates