A CVE has been assigned for a security issue fixed upstream on October 26: http://openwall.com/lists/oss-security/2014/10/26/1 Patched packages uploaded for Mageia 3, Mageia 4, and Cauldron. Advisory: ======================== Updated konversation package fixes security vulnerability: Due to and out-of-bounds read issue in Konversation in The ECB Blowfish decryption function, a malicious client can cause either denial of service or disclosure of information from process memory by using an improperly formed message (CVE-2014-8483). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8483 https://bugs.kde.org/show_bug.cgi?id=210792 http://openwall.com/lists/oss-security/2014/10/26/1 ======================== Updated packages in core/updates_testing: ======================== konversation-1.5-0.rc1.2.mga3 konversation-1.5-0.rc1.3.mga4 from SRPMS: konversation-1.5-0.rc1.2.mga3.src.rpm konversation-1.5-0.rc1.3.mga4.src.rpm Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA3TOO
Testing complete Mageia 3 x86_64.
CC: (none) => remiWhiteboard: MGA3TOO => MGA3TOO MGA3-64-OK
Advisory uploaded.
Whiteboard: MGA3TOO MGA3-64-OK => MGA3TOO MGA3-64-OK advisory
Updated konversation working fine on Mageia 4 i586.
Whiteboard: MGA3TOO MGA3-64-OK advisory => MGA3TOO MGA3-64-OK MGA4-32-OK advisory
Tested mga4_64, Testing complete for the new konversation-1.5-0.rc1.3.mga4, ok for me, all seems to work properly. I use Konversation daily.
CC: (none) => geiger.david68210Whiteboard: MGA3TOO MGA3-64-OK MGA4-32-OK advisory => MGA3TOO MGA3-64-OK MGA4-32-OK MGA4-64-OK advisory
Validating.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2014-0437.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/618455/