UbuntuUpdates.org

Package "kde4libs"

Name: kde4libs

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • core executables for KDE Applications
  • core shared data for all KDE Applications
  • debugging symbols for the KDE Development Platform libraries
  • development files for the KDE Development Platform libraries

Latest version: 4:4.14.16-0ubuntu3.3
Release: xenial (16.04)
Level: updates
Repository: universe

Links

Save this URL for the latest version of "kde4libs": https://www.ubuntuupdates.org/kde4libs



Other versions of "kde4libs" in Xenial

Repository Area Version
base universe 4:4.14.16-0ubuntu3
security universe 4:4.14.16-0ubuntu3.3
PPA: Mint Import 4:4.14.2-0ubuntu1~ubuntu14.04~ppa1
PPA: Mint Import 4:4.14.2-0ubuntu1~ubuntu14.04~ppa1
PPA: Mint Import 4:4.14.2-0ubuntu1~ubuntu14.04~ppa1
PPA: Kubuntu-ppa Backports 4:4.14.22-0ubuntu2.2~ubuntu16.04~ppa1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 4:4.14.16-0ubuntu3.3 2019-08-16 02:06:31 UTC

  kde4libs (4:4.14.16-0ubuntu3.3) xenial-security; urgency=medium

  * SECURITY UPDATE: Directory traversal vulnerability.
    - debian/patches/CVE-2016-6232.patch: extraction location to be in
      subfolder.
    - CVE-2016-6232
  * SECURITY UPDATE: malicious .desktop files (and others) would execute
    code (LP: #1839432).
    - debian/patches/CVE-2019-14744.patch: remove support for $(...) in
      config keys with [$e] marker.
    - CVE-2019-14744

 -- Paulo Flabiano Smorigo <email address hidden> Mon, 12 Aug 2019 15:09:56 -0300

Source diff to previous version
CVE-2019-14744 In KDE Frameworks KConfig before 5.61.0, malicious desktop files and c ...
CVE-2016-6232 Directory traversal vulnerability in KArchive before 5.24, as used in KDE Frameworks, allows remote attackers to write to arbitrary files via a ../ (
1839432 [CVE] malicious .desktop files (and others) would execute code

Version: 4:4.14.16-0ubuntu3.2 2017-05-15 15:06:55 UTC

  kde4libs (4:4.14.16-0ubuntu3.2) xenial-security; urgency=medium

  * SECURITY UPDATE: Local privilege escalation (LP: #1689759)
    - debian/patches/kauth-local-privilege-esc-CVE-2017-8422.patch
    - Thanks to Sebastian Krahmer for reporting this issue,
      Albert Astals Cid for fixing this issue.
    - CVE-2017-8422

 -- Rik Mills <email address hidden> Sat, 13 May 2017 09:37:09 +0100

Source diff to previous version

Version: 4:4.14.16-0ubuntu3.1 2017-03-02 21:06:54 UTC

  kde4libs (4:4.14.16-0ubuntu3.1) xenial-security; urgency=medium

  * SECURITY UPDATE:Information Leak when accessing https when using a
    malicious PAC file
    - debian/patches/kio-sanitize-url-to-FindProxyForURL.patch
    - Thanks to Safebreach Labs researchers Itzik Kotler, Yonatan Fridburg
      and Amit Klein for reporting this issue, Albert Astals Cid for fixing
      this issue.
    - No CVE number.
    - fixes (LP: #1668871)

 -- <email address hidden> (v.naini) Thu, 02 Mar 2017 21:43:06 +0530

1668871 kio: Information Leak when accessing https when using a malicious PAC file



About   -   Send Feedback to @ubuntu_updates