Suggested advisory: This update fix a security vulnerability in the polkit authentication backend of kdelibs (CVE-2014-5033), and fixes some additional issues: - duplicate targets in PythonMacros.cmake (reviewboard kde 111371), - kded4 leak sockets in NetworkInterface::isWireless() (bko#324954), - media type application/x-konsole is unsupported (bko#292378), - pure Qt applications (like VLC) that get the kdelibs file dialog are not properly translated (mga#12982), - meinproc4 doesn't substitute entity with libxml2 fixed for CVE-2014-0191 (bko#335001, mga#13555, mga#13559), - security vulnerability in the polkit authentication backend (CVE-2014-5033, mga#13792). References for CVE-2014-5033: http://www.kde.org/info/security/advisory-20140730-1.txt https://bugzilla.novell.com/show_bug.cgi?id=864716 src.rpm: kdelibs4-4.10.5-1.2.mga3.src.rpm packages for i586: kdelibs4-core-4.10.5-1.2.mga3.i586.rpm kdelibs4-devel-4.10.5-1.2.mga3.i586.rpm kdelibs4-handbooks-4.10.5-1.2.mga3.noarch.rpm libkcmutils4-4.10.5-1.2.mga3.i586.rpm libkde3support4-4.10.5-1.2.mga3.i586.rpm libkdeclarative5-4.10.5-1.2.mga3.i586.rpm libkdecore5-4.10.5-1.2.mga3.i586.rpm libkdefakes5-4.10.5-1.2.mga3.i586.rpm libkdesu5-4.10.5-1.2.mga3.i586.rpm libkdeui5-4.10.5-1.2.mga3.i586.rpm libkdewebkit5-4.10.5-1.2.mga3.i586.rpm libkdnssd4-4.10.5-1.2.mga3.i586.rpm libkemoticons4-4.10.5-1.2.mga3.i586.rpm libkfile4-4.10.5-1.2.mga3.i586.rpm libkhtml5-4.10.5-1.2.mga3.i586.rpm libkidletime4-4.10.5-1.2.mga3.i586.rpm libkimproxy4-4.10.5-1.2.mga3.i586.rpm libkio5-4.10.5-1.2.mga3.i586.rpm libkjs4-4.10.5-1.2.mga3.i586.rpm libkjsapi4-4.10.5-1.2.mga3.i586.rpm libkjsembed4-4.10.5-1.2.mga3.i586.rpm libkmediaplayer4-4.10.5-1.2.mga3.i586.rpm libknewstuff2_4-4.10.5-1.2.mga3.i586.rpm libknewstuff3_4-4.10.5-1.2.mga3.i586.rpm libknotifyconfig4-4.10.5-1.2.mga3.i586.rpm libkntlm4-4.10.5-1.2.mga3.i586.rpm libkparts4-4.10.5-1.2.mga3.i586.rpm libkprintutils4-4.10.5-1.2.mga3.i586.rpm libkpty4-4.10.5-1.2.mga3.i586.rpm libkrosscore4-4.10.5-1.2.mga3.i586.rpm libkrossui4-4.10.5-1.2.mga3.i586.rpm libktexteditor4-4.10.5-1.2.mga3.i586.rpm libkunitconversion4-4.10.5-1.2.mga3.i586.rpm libkunittest4-4.10.5-1.2.mga3.i586.rpm libkutils4-4.10.5-1.2.mga3.i586.rpm libnepomuk4-4.10.5-1.2.mga3.i586.rpm libnepomukquery4-4.10.5-1.2.mga3.i586.rpm libnepomukutils4-4.10.5-1.2.mga3.i586.rpm libplasma3-4.10.5-1.2.mga3.i586.rpm libsolid4-4.10.5-1.2.mga3.i586.rpm libthreadweaver4-4.10.5-1.2.mga3.i586.rpm packages for x86_64: kdelibs4-core-4.10.5-1.2.mga3.x86_64.rpm kdelibs4-devel-4.10.5-1.2.mga3.x86_64.rpm kdelibs4-handbooks-4.10.5-1.2.mga3.noarch.rpm lib64kcmutils4-4.10.5-1.2.mga3.x86_64.rpm lib64kde3support4-4.10.5-1.2.mga3.x86_64.rpm lib64kdeclarative5-4.10.5-1.2.mga3.x86_64.rpm lib64kdecore5-4.10.5-1.2.mga3.x86_64.rpm lib64kdefakes5-4.10.5-1.2.mga3.x86_64.rpm lib64kdesu5-4.10.5-1.2.mga3.x86_64.rpm lib64kdeui5-4.10.5-1.2.mga3.x86_64.rpm lib64kdewebkit5-4.10.5-1.2.mga3.x86_64.rpm lib64kdnssd4-4.10.5-1.2.mga3.x86_64.rpm lib64kemoticons4-4.10.5-1.2.mga3.x86_64.rpm lib64kfile4-4.10.5-1.2.mga3.x86_64.rpm lib64khtml5-4.10.5-1.2.mga3.x86_64.rpm lib64kidletime4-4.10.5-1.2.mga3.x86_64.rpm lib64kimproxy4-4.10.5-1.2.mga3.x86_64.rpm lib64kio5-4.10.5-1.2.mga3.x86_64.rpm lib64kjs4-4.10.5-1.2.mga3.x86_64.rpm lib64kjsapi4-4.10.5-1.2.mga3.x86_64.rpm lib64kjsembed4-4.10.5-1.2.mga3.x86_64.rpm lib64kmediaplayer4-4.10.5-1.2.mga3.x86_64.rpm lib64knewstuff2_4-4.10.5-1.2.mga3.x86_64.rpm lib64knewstuff3_4-4.10.5-1.2.mga3.x86_64.rpm lib64knotifyconfig4-4.10.5-1.2.mga3.x86_64.rpm lib64kntlm4-4.10.5-1.2.mga3.x86_64.rpm lib64kparts4-4.10.5-1.2.mga3.x86_64.rpm lib64kprintutils4-4.10.5-1.2.mga3.x86_64.rpm lib64kpty4-4.10.5-1.2.mga3.x86_64.rpm lib64krosscore4-4.10.5-1.2.mga3.x86_64.rpm lib64krossui4-4.10.5-1.2.mga3.x86_64.rpm lib64ktexteditor4-4.10.5-1.2.mga3.x86_64.rpm lib64kunitconversion4-4.10.5-1.2.mga3.x86_64.rpm lib64kunittest4-4.10.5-1.2.mga3.x86_64.rpm lib64kutils4-4.10.5-1.2.mga3.x86_64.rpm lib64nepomuk4-4.10.5-1.2.mga3.x86_64.rpm lib64nepomukquery4-4.10.5-1.2.mga3.x86_64.rpm lib64nepomukutils4-4.10.5-1.2.mga3.x86_64.rpm lib64plasma3-4.10.5-1.2.mga3.x86_64.rpm lib64solid4-4.10.5-1.2.mga3.x86_64.rpm lib64threadweaver4-4.10.5-1.2.mga3.x86_64.rpm Reproducible: Steps to Reproduce:
CC: (none) => balcaen.john, mageia, securityBlocks: (none) => 12982, 13555, 13559, 13792
Component: RPM Packages => Security
CC: security => (none)QA Contact: (none) => security
I just installed these on my Mageia 3 i586 machine at work. I'll be logging out and back in shortly. Are there any specific tests that should be run?
Nothing has blown up. Marking as OK.
Whiteboard: (none) => MGA3-32-OK
Installed all x86_64 packages in a VM, I'll report back if something strange happens, if not I'll consider the testing done.
CC: (none) => remi
Still looks fine after a reboot, marking as OK.
Whiteboard: MGA3-32-OK => MGA3-32-OK MGA3-64-OK
Validating. Advisory uploaded. Please push kdelib4 packages to Mageia 3 core/updates.
Keywords: (none) => validated_updateWhiteboard: MGA3-32-OK MGA3-64-OK => MGA3-32-OK MGA3-64-OK advisoryCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2014-0327.html
Status: NEW => RESOLVEDResolution: (none) => FIXED