KDE has issued an advisory today (June 18): http://openwall.com/lists/oss-security/2014/06/18/16 The issue is fixed upstream in 4.13.3, and the commit is linked in the message above. Mageia 4 is also affected; Mageia 3 is not. Reproducible: Steps to Reproduce:
CC: (none) => balcaen.john, lmenutWhiteboard: (none) => MGA4TOO
upstream patch applied in kdelibs4-4.13.2-2 for cauldron.
Hardware: i586 => AllBlocks: (none) => 13221
Thanks Luc! Setting version to 4 now that kdelibs4-4.13.2-2.mga5 is built. We can use Bug 13221 for submitting the update to QA (along with the rest of KDE), so I'll switch that one to be the blocker.
Depends on: (none) => 13221Blocks: 13221 => (none)
Version: Cauldron => 4Whiteboard: MGA4TOO => (none)
Fedora has issued an advisory for this on June 21: https://lists.fedoraproject.org/pipermail/package-announce/2014-July/134961.html For reference, here's the upstream URL for their advisory: http://www.kde.org/info/security/advisory-20140618-1.txt
URL: (none) => http://lwn.net/Vulnerabilities/604032/
Fixed in KDE 4.12.5
Status: NEW => RESOLVEDResolution: (none) => FIXED