| Summary: | kdelibs4 new security issues CVE-2012-4514 and CVE-2012-4515 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | critical | ||
| Priority: | Normal | CC: | balcaen.john, cmrisolde, dglent, mageia, oe, sysadmin-bugs, tmb |
| Version: | 2 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/525443/ | ||
| Whiteboard: | has_procedure mga2-64-OK mga2-32-ok | ||
| Source RPM: | kdelibs4 | CVE: | |
| Status comment: | |||
|
Description
David Walser
2012-11-06 19:14:54 CET
David Walser
2012-11-06 19:15:03 CET
CC:
(none) =>
nicolas.lecureuil
David Walser
2012-11-06 19:15:08 CET
CC:
(none) =>
balcaen.john Fedora has issued an advisory on November 1: http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092451.html This adds CVE-2012-4514 and CVE-2012-4515. Summary:
kdelibs4 new security issues CVE-2012-4512 and CVE-2012-4513 =>
kdelibs4 new security issues CVE-2012-451[2-5] (In reply to comment #1) > Fedora has issued an advisory on November 1: > http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092451.html > > This adds CVE-2012-4514 and CVE-2012-4515. from http://lwn.net/Vulnerabilities/525443/ OpenSuSE has issued an advisory for these on November 28: http://lists.opensuse.org/opensuse-updates/2012-11/msg00088.html
David Walser
2012-12-21 14:26:04 CET
CC:
(none) =>
oe I'm assuming these issues no longer affect the version in Cauldron. Mageia 1 is EOL. Version:
Cauldron =>
2 Nicolas has fixed CVE-2012-4514 in Mageia 2 SVN. Severity:
normal =>
critical Nicolas said CVE-2012-4512 was fixed in the 4.8.5 update. He's investigating the status of CVE-2012-4513 now. The code in 4.8 is completely different, but the PoC in the attachment: http://seclists.org/oss-sec/2012/q4/171 does not crash Konqueror, so we're not vulnerable to CVE-2012-4513. Changing the bug URL since we're not vulnerable to the ones from the original report (although Mageia 1 is): http://lwn.net/Vulnerabilities/522155/ Seeing as we have a patched package built that fixes CVE-2012-451[45], this is ready for QA. Advisory: ======================== Updated kdelibs4 packages fix security vulnerabilities: rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted web page, related to "trying to reuse a frame with a null part" (CVE-2012-4514). Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in Konqueror in KDE 4.7.3, when the context menu is shown, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by accessing an iframe when it is being updated (CVE-2012-4515). http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4514 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4515 http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092451.html ======================== Updated packages in core/updates_testing: ======================== kdelibs4-core-4.8.5-1.6.mga2 kdelibs4-devel-4.8.5-1.6.mga2 kdelibs4-handbooks-4.8.5-1.6.mga2 libkcmutils4-4.8.5-1.6.mga2 libkde3support4-4.8.5-1.6.mga2 libkdeclarative5-4.8.5-1.6.mga2 libkdecore5-4.8.5-1.6.mga2 libkdefakes5-4.8.5-1.6.mga2 libkdesu5-4.8.5-1.6.mga2 libkdeui5-4.8.5-1.6.mga2 libkdewebkit5-4.8.5-1.6.mga2 libkdnssd4-4.8.5-1.6.mga2 libkemoticons4-4.8.5-1.6.mga2 libkfile4-4.8.5-1.6.mga2 libkhtml5-4.8.5-1.6.mga2 libkidletime4-4.8.5-1.6.mga2 libkimproxy4-4.8.5-1.6.mga2 libkio5-4.8.5-1.6.mga2 libkjs4-4.8.5-1.6.mga2 libkjsapi4-4.8.5-1.6.mga2 libkjsembed4-4.8.5-1.6.mga2 libkmediaplayer4-4.8.5-1.6.mga2 libknewstuff2_4-4.8.5-1.6.mga2 libknewstuff3_4-4.8.5-1.6.mga2 libknotifyconfig4-4.8.5-1.6.mga2 libkntlm4-4.8.5-1.6.mga2 libkparts4-4.8.5-1.6.mga2 libkprintutils4-4.8.5-1.6.mga2 libkpty4-4.8.5-1.6.mga2 libkrosscore4-4.8.5-1.6.mga2 libkrossui4-4.8.5-1.6.mga2 libktexteditor4-4.8.5-1.6.mga2 libkunitconversion4-4.8.5-1.6.mga2 libkunittest4-4.8.5-1.6.mga2 libkutils4-4.8.5-1.6.mga2 libnepomuk4-4.8.5-1.6.mga2 libnepomukquery4-4.8.5-1.6.mga2 libnepomukutils4-4.8.5-1.6.mga2 libplasma3-4.8.5-1.6.mga2 libsolid4-4.8.5-1.6.mga2 libthreadweaver4-4.8.5-1.6.mga2 from kdelibs4-4.8.5-1.6.mga2.src.rpm URL:
http://lwn.net/Vulnerabilities/522155/ =>
http://lwn.net/Vulnerabilities/525443/ For Mageia 1, strangely enough, the patch to fix CVE-2012-4512 upstream is exactly the same as the patch to fix CVE-2010-0046 already in the package. Patches for CVE-2012-451[3-5] checked into Mageia 1 SVN. Adding dglent in CC as he reported cve-2012-4514 upstream Dimitrios do you still get the crash? If so could you please test with these new rpms in core/updates_testing and see if it cures it. Thanks! CC:
(none) =>
dglent Possible PoC's for CVE-2012-4514 listed here: https://bugs.kde.org/show_bug.cgi?id=271528 Tried with samba-swat and the nas login page. I've been unable to reproduce x86_64 DGlent your bug was this one: https://bugs.kde.org/show_bug.cgi?id=280912 which is the first duplicate. No PoC's for CVE-2012-4515 Testing mga2 64 Just checking kde apps like konqueror work ok with the update. konqueror, quassel, konversation, digikam, kruler, dragon player, gwenview all ok Testing complete mga2 64 Whiteboard:
(none) =>
has_procedure mga2-64-OK Checked some KDE apps work in 32-bit with the update: Konversation, Konsole, KCalc, KTimer, Gwenview, Okular, KWrite seem fine. Carolyn CC:
(none) =>
isolde Thanks Carolyn Validating SRPM & advisory in comment 7 Could sysadmin please push from core/updates_testing to core/updates Thanks! Keywords:
(none) =>
validated_update (In reply to comment #9) > Adding dglent in CC as he reported cve-2012-4514 upstream > > Dimitrios do you still get the crash? If so could you please test with these > new rpms in core/updates_testing and see if it cures it. > > Thanks! No, i don't have the crash any more Thanks Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0054 Status:
NEW =>
RESOLVED |