| Summary: | kio-extras new security issue CVE-2020-12755 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | geiger.david68210, herman.viaene, ouaurelien, sysadmin-bugs |
| Version: | 7 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7-64-OK | ||
| Source RPM: | kio-extras-19.04.0-1.mga7.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2020-09-20 18:29:36 CEST
Advisory: ======================== Updated kio-extras packages fix security vulnerability: fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option. This may lead to unintended KWallet storage of the password (CVE-2020-12755). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12755 https://kde.org/info/security/advisory-20200510-1.txt ======================== Updated packages in core/updates_testing: ======================== kio-extras-19.04.0-1.1.mga7 libmolletnetwork19-19.04.0-1.1.mga7 libkioarchive5-19.04.0-1.1.mga7 libkioarchive-devel-19.04.0-1.1.mga7 kio-extras-handbook-19.04.0-1.1.mga7 from kio-extras-19.04.0-1.1.mga7.src.rpm Assignee:
kde =>
qa-bugs MGA7-64 Plasma on Lenovo B50 No installation issues. Ref bug 23868 refers to thumbnails in Plasma- dolphin. Checked a lot of different file types in dolphin and found no diffferences with situation as before the update. So far, so good. Whiteboard:
(none) =>
MGA7-64-OK Validated update, Advisory and packages in Comment 2. CC:
(none) =>
ouaurelien, sysadmin-bugs An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0371.html Status:
NEW =>
RESOLVED |