UbuntuUpdates.org

Package "libkfile4"

Name: libkfile4

Description:

File Selection Dialog Library for KDE Platform

Latest version: 4:4.14.16-0ubuntu3.3
Release: xenial (16.04)
Level: security
Repository: universe
Head package: kde4libs
Homepage: http://www.kde.org/

Links


Download "libkfile4"


Other versions of "libkfile4" in Xenial

Repository Area Version
base universe 4:4.14.16-0ubuntu3
updates universe 4:4.14.16-0ubuntu3.3
PPA: Kubuntu-ppa Backports 4:4.14.22-0ubuntu2.2~ubuntu16.04~ppa1

Changelog

Version: 4:4.14.16-0ubuntu3.3 2019-08-16 02:06:29 UTC

  kde4libs (4:4.14.16-0ubuntu3.3) xenial-security; urgency=medium

  * SECURITY UPDATE: Directory traversal vulnerability.
    - debian/patches/CVE-2016-6232.patch: extraction location to be in
      subfolder.
    - CVE-2016-6232
  * SECURITY UPDATE: malicious .desktop files (and others) would execute
    code (LP: #1839432).
    - debian/patches/CVE-2019-14744.patch: remove support for $(...) in
      config keys with [$e] marker.
    - CVE-2019-14744

 -- Paulo Flabiano Smorigo <email address hidden> Mon, 12 Aug 2019 15:09:56 -0300

Source diff to previous version
1839432 [CVE] malicious .desktop files (and others) would execute code
CVE-2016-6232 Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (
CVE-2019-14744 In KDE Frameworks KConfig before 5.61.0, malicious desktop files and c ...

Version: 4:4.14.16-0ubuntu3.2 2017-05-15 14:06:23 UTC

  kde4libs (4:4.14.16-0ubuntu3.2) xenial-security; urgency=medium

  * SECURITY UPDATE: Local privilege escalation (LP: #1689759)
    - debian/patches/kauth-local-privilege-esc-CVE-2017-8422.patch
    - Thanks to Sebastian Krahmer for reporting this issue,
      Albert Astals Cid for fixing this issue.
    - CVE-2017-8422

 -- Rik Mills <email address hidden> Sat, 13 May 2017 09:37:09 +0100

Source diff to previous version

Version: 4:4.14.16-0ubuntu3.1 2017-03-02 21:06:50 UTC

  kde4libs (4:4.14.16-0ubuntu3.1) xenial-security; urgency=medium

  * SECURITY UPDATE:Information Leak when accessing https when using a
    malicious PAC file
    - debian/patches/kio-sanitize-url-to-FindProxyForURL.patch
    - Thanks to Safebreach Labs researchers Itzik Kotler, Yonatan Fridburg
      and Amit Klein for reporting this issue, Albert Astals Cid for fixing
      this issue.
    - No CVE number.
    - fixes (LP: #1668871)

 -- <email address hidden> (v.naini) Thu, 02 Mar 2017 21:43:06 +0530

1668871 kio: Information Leak when accessing https when using a malicious PAC file



About   -   Send Feedback to @ubuntu_updates