Description of problem: KDE has issued an advisory for a security issue (CVE-2014-8651): https://www.kde.org/info/security/advisory-20141106-1.txt http://openwall.com/lists/oss-security/2014/11/04/9 The issue is fixed upstream in the KDE/4.11 branch http://quickgit.kde.org/?p=kde-workspace.git&a=commit&h=eebcb17746d9fa86ea8c5a7344709ef6750781cf Version-Release number of selected component (if applicable): kdebase4-workspace 4.10.5-1.1.mga3 Mageia 4 and Cauldron are also affected, and will be fixed next week by updating to kde-workspace-4.11.14. Reproducible: Steps to Reproduce:
Blocks: (none) => 3310, 9086, 11050
Packages for Mageia 3 update: kdebase4-workspace-4.10.5-1.2.mga3 kdebase4-workspace-devel-4.10.5-1.2.mga3 kdebase4-workspace-handbooks-4.10.5-1.2.mga3 kdebase4-workspace-plasma-config-4.10.5-1.2.mga3 kded_randrmonitor-4.10.5-1.2.mga3 kdm-4.10.5-1.2.mga3 kdm-handbook-4.10.5-1.2.mga3 kinfocenter-4.10.5-1.2.mga3 kinfocenter-handbook-4.10.5-1.2.mga3 libkdecorations4-4.10.5-1.2.mga3 libkephal4-4.10.5-1.2.mga3 libkfontinst4-4.10.5-1.2.mga3 libkfontinstui4-4.10.5-1.2.mga3 libkhotkeysprivate4-4.10.5-1.2.mga3 libkscreensaver5-4.10.5-1.2.mga3 libksgrd4-4.10.5-1.2.mga3 libksignalplotter4-4.10.5-1.2.mga3 libkwineffects1-4.10.5-1.2.mga3 libkwinglesutils1-4.10.5-1.2.mga3 libkwinglutils1-4.10.5-1.2.mga3 libkwinnvidiahack4-4.10.5-1.2.mga3 libkworkspace4-4.10.5-1.2.mga3 liblsofui4-4.10.5-1.2.mga3 liboxygenstyle4-4.10.5-1.2.mga3 liboxygenstyleconfig4-4.10.5-1.2.mga3 libplasma_applet_system_monitor4-4.10.5-1.2.mga3 libplasmaclock4-4.10.5-1.2.mga3 libplasmagenericshell4-4.10.5-1.2.mga3 libplasma-geolocation-interface4-4.10.5-1.2.mga3 libpowerdevilconfigcommonprivate4-4.10.5-1.2.mga3 libpowerdevilcore0-4.10.5-1.2.mga3 libpowerdevilui4-4.10.5-1.2.mga3 libprocesscore4-4.10.5-1.2.mga3 libprocessui4-4.10.5-1.2.mga3 libsolidcontrol4-4.10.5-1.2.mga3 libsolidcontrolifaces4-4.10.5-1.2.mga3 libsystemsettingsview2-4.10.5-1.2.mga3 libtaskmanager4-4.10.5-1.2.mga3 libweather_ion6-4.10.5-1.2.mga3 plasma-applet-battery-4.10.5-1.2.mga3 plasma-applet-calendar-4.10.5-1.2.mga3 plasma-applet-quicklaunch-4.10.5-1.2.mga3 plasma-applet-system-monitor-cpu-4.10.5-1.2.mga3 plasma-applet-system-monitor-hdd-4.10.5-1.2.mga3 plasma-applet-system-monitor-hwinfo-4.10.5-1.2.mga3 plasma-applet-system-monitor-net-4.10.5-1.2.mga3 plasma-applet-system-monitor-temperature-4.10.5-1.2.mga3 plasma-applet-webbrowser-4.10.5-1.2.mga3 plasma-krunner-nepomuk-4.10.5-1.2.mga3 plasma-krunner-powerdevil-4.10.5-1.2.mga3 plasma-runner-places-4.10.5-1.2.mga3 plasma-scriptengine-python-4.10.5-1.2.mga3 plasma-scriptengine-ruby-4.10.5-1.2.mga3 from kdebase4-workspace 4.10.5-1.2.mga3
Assignee: bugsquad => qa-bugsSeverity: normal => major
Luc, do you know how to test this issue? I see that kcmshell4 has an --args option, and I see in the code that it uses ntpUtility, ntpServers, and ntpEnabled args, but I can't figure out exactly how to pass them such that it has any noticeable effect. Things like kcmshell4 clock --args "ntpEnabled=true", or kcmshell4 clock --args "--ntpEnabled=true" don't seem to work.
CC: (none) => luigiwalser
Bug 11050 is fixed by this update.
In VirtualBox, M3, KDE, 32-bit Package(s) under test: kdebase4-workspace kdebase4-workspace-plasma-config default install of kdebase4-workspace & kdebase4-workspace-plasma-config [root@localhost wilcal]# urpmi kdebase4-workspace Package kdebase4-workspace-4.10.5-1.1.mga3.i586 is already installed [root@localhost wilcal]# urpmi kdebase4-workspace-plasma-config Package kdebase4-workspace-plasma-config-4.10.5-1.1.mga3.noarch is already installed KDE apps work just fine install kdebase4-workspace & kdebase4-workspace-plasma-config from updates_testing [root@localhost wilcal]# urpmi kdebase4-workspace Package kdebase4-workspace-4.10.5-1.2.mga3.i586 is already installed [root@localhost wilcal]# urpmi kdebase4-workspace-plasma-config Package kdebase4-workspace-plasma-config-4.10.5-1.2.mga3.noarch is already installed System reboot and KDE apps work just fine. Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64
CC: (none) => wilcal.int
In VirtualBox, M3, KDE, 64-bit Package(s) under test: kdebase4-workspace kdebase4-workspace-plasma-config default install of kdebase4-workspace & kdebase4-workspace-plasma-config [root@localhost wilcal]# urpmi kdebase4-workspace Package kdebase4-workspace-4.10.5-1.1.mga3.x86_64 is already installed [root@localhost wilcal]# urpmi kdebase4-workspace-plasma-config Package kdebase4-workspace-plasma-config-4.10.5-1.1.mga3.noarch is already installed KDE apps work just fine install kdebase4-workspace & kdebase4-workspace-plasma-config from updates_testing [root@localhost wilcal]# urpmi kdebase4-workspace Package kdebase4-workspace-4.10.5-1.2.mga3.i586 is already installed [root@localhost wilcal]# urpmi kdebase4-workspace-plasma-config Package kdebase4-workspace-plasma-config-4.10.5-1.2.mga3.noarch is already installed System reboot and KDE apps work just fine. Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64
Seems ok to me David. If it's ok with you I'll validate it.
Go ahead. Thanks William.
Suggested advisory: Updated kdebase4-workspace packages fix security vulnerability and various bugs This update fixes a security vulnerability in the KDE workspace configuration module for setting the date and time - CVE-2014-8651 - (mga#14487), and fixes some additional issues: - fix kcm botching unrelated user settings (mga#3310, bko#254430), - do not popup during initialization 0 B Removable media (mga#11050, bko#318061), - fix new graphical session numbers (mga#9086). References: https://bugs.mageia.org/show_bug.cgi?id=14487 https://www.kde.org/info/security/advisory-20141106-1.txt https://bugs.mageia.org/show_bug.cgi?id=3310 https://bugs.mageia.org/show_bug.cgi?id=9086 https://bugs.mageia.org/show_bug.cgi?id=11050 =========================================================== src.rpm: kdebase4-workspace-4.10.5-1.2.mga3.src.rpm packages for i586: kdebase4-workspace-4.10.5-1.2.mga3.i586.rpm kdebase4-workspace-devel-4.10.5-1.2.mga3.i586.rpm kdebase4-workspace-handbooks-4.10.5-1.2.mga3.noarch.rpm kdebase4-workspace-plasma-config-4.10.5-1.2.mga3.noarch.rpm kded_randrmonitor-4.10.5-1.2.mga3.i586.rpm kdm-4.10.5-1.2.mga3.i586.rpm kdm-handbook-4.10.5-1.2.mga3.noarch.rpm kinfocenter-4.10.5-1.2.mga3.i586.rpm kinfocenter-handbook-4.10.5-1.2.mga3.noarch.rpm libkdecorations4-4.10.5-1.2.mga3.i586.rpm libkephal4-4.10.5-1.2.mga3.i586.rpm libkfontinst4-4.10.5-1.2.mga3.i586.rpm libkfontinstui4-4.10.5-1.2.mga3.i586.rpm libkhotkeysprivate4-4.10.5-1.2.mga3.i586.rpm libkscreensaver5-4.10.5-1.2.mga3.i586.rpm libksgrd4-4.10.5-1.2.mga3.i586.rpm libksignalplotter4-4.10.5-1.2.mga3.i586.rpm libkwineffects1-4.10.5-1.2.mga3.i586.rpm libkwinglesutils1-4.10.5-1.2.mga3.i586.rpm libkwinglutils1-4.10.5-1.2.mga3.i586.rpm libkwinnvidiahack4-4.10.5-1.2.mga3.i586.rpm libkworkspace4-4.10.5-1.2.mga3.i586.rpm liblsofui4-4.10.5-1.2.mga3.i586.rpm liboxygenstyle4-4.10.5-1.2.mga3.i586.rpm liboxygenstyleconfig4-4.10.5-1.2.mga3.i586.rpm libplasma_applet_system_monitor4-4.10.5-1.2.mga3.i586.rpm libplasmaclock4-4.10.5-1.2.mga3.i586.rpm libplasmagenericshell4-4.10.5-1.2.mga3.i586.rpm libplasma-geolocation-interface4-4.10.5-1.2.mga3.i586.rpm libpowerdevilconfigcommonprivate4-4.10.5-1.2.mga3.i586.rpm libpowerdevilcore0-4.10.5-1.2.mga3.i586.rpm libpowerdevilui4-4.10.5-1.2.mga3.i586.rpm libprocesscore4-4.10.5-1.2.mga3.i586.rpm libprocessui4-4.10.5-1.2.mga3.i586.rpm libsolidcontrol4-4.10.5-1.2.mga3.i586.rpm libsolidcontrolifaces4-4.10.5-1.2.mga3.i586.rpm libsystemsettingsview2-4.10.5-1.2.mga3.i586.rpm libtaskmanager4-4.10.5-1.2.mga3.i586.rpm libweather_ion6-4.10.5-1.2.mga3.i586.rpm plasma-applet-battery-4.10.5-1.2.mga3.i586.rpm plasma-applet-calendar-4.10.5-1.2.mga3.i586.rpm plasma-applet-quicklaunch-4.10.5-1.2.mga3.i586.rpm plasma-applet-system-monitor-cpu-4.10.5-1.2.mga3.i586.rpm plasma-applet-system-monitor-hdd-4.10.5-1.2.mga3.i586.rpm plasma-applet-system-monitor-hwinfo-4.10.5-1.2.mga3.i586.rpm plasma-applet-system-monitor-net-4.10.5-1.2.mga3.i586.rpm plasma-applet-system-monitor-temperature-4.10.5-1.2.mga3.i586.rpm plasma-applet-webbrowser-4.10.5-1.2.mga3.i586.rpm plasma-krunner-nepomuk-4.10.5-1.2.mga3.i586.rpm plasma-krunner-powerdevil-4.10.5-1.2.mga3.i586.rpm plasma-runner-places-4.10.5-1.2.mga3.i586.rpm plasma-scriptengine-python-4.10.5-1.2.mga3.i586.rpm plasma-scriptengine-ruby-4.10.5-1.2.mga3.noarch.rpm packages for x86_64: kdebase4-workspace-4.10.5-1.2.mga3.x86_64.rpm kdebase4-workspace-devel-4.10.5-1.2.mga3.x86_64.rpm kdebase4-workspace-handbooks-4.10.5-1.2.mga3.noarch.rpm kdebase4-workspace-plasma-config-4.10.5-1.2.mga3.noarch.rpm kded_randrmonitor-4.10.5-1.2.mga3.x86_64.rpm kdm-4.10.5-1.2.mga3.x86_64.rpm kdm-handbook-4.10.5-1.2.mga3.noarch.rpm kinfocenter-4.10.5-1.2.mga3.x86_64.rpm kinfocenter-handbook-4.10.5-1.2.mga3.noarch.rpm lib64kdecorations4-4.10.5-1.2.mga3.x86_64.rpm lib64kephal4-4.10.5-1.2.mga3.x86_64.rpm lib64kfontinst4-4.10.5-1.2.mga3.x86_64.rpm lib64kfontinstui4-4.10.5-1.2.mga3.x86_64.rpm lib64khotkeysprivate4-4.10.5-1.2.mga3.x86_64.rpm lib64kscreensaver5-4.10.5-1.2.mga3.x86_64.rpm lib64ksgrd4-4.10.5-1.2.mga3.x86_64.rpm lib64ksignalplotter4-4.10.5-1.2.mga3.x86_64.rpm lib64kwineffects1-4.10.5-1.2.mga3.x86_64.rpm lib64kwinglesutils1-4.10.5-1.2.mga3.x86_64.rpm lib64kwinglutils1-4.10.5-1.2.mga3.x86_64.rpm lib64kwinnvidiahack4-4.10.5-1.2.mga3.x86_64.rpm lib64kworkspace4-4.10.5-1.2.mga3.x86_64.rpm lib64lsofui4-4.10.5-1.2.mga3.x86_64.rpm lib64oxygenstyle4-4.10.5-1.2.mga3.x86_64.rpm lib64oxygenstyleconfig4-4.10.5-1.2.mga3.x86_64.rpm lib64plasma_applet_system_monitor4-4.10.5-1.2.mga3.x86_64.rpm lib64plasmaclock4-4.10.5-1.2.mga3.x86_64.rpm lib64plasmagenericshell4-4.10.5-1.2.mga3.x86_64.rpm lib64plasma-geolocation-interface4-4.10.5-1.2.mga3.x86_64.rpm lib64powerdevilconfigcommonprivate4-4.10.5-1.2.mga3.x86_64.rpm lib64powerdevilcore0-4.10.5-1.2.mga3.x86_64.rpm lib64powerdevilui4-4.10.5-1.2.mga3.x86_64.rpm lib64processcore4-4.10.5-1.2.mga3.x86_64.rpm lib64processui4-4.10.5-1.2.mga3.x86_64.rpm lib64solidcontrol4-4.10.5-1.2.mga3.x86_64.rpm lib64solidcontrolifaces4-4.10.5-1.2.mga3.x86_64.rpm lib64systemsettingsview2-4.10.5-1.2.mga3.x86_64.rpm lib64taskmanager4-4.10.5-1.2.mga3.x86_64.rpm lib64weather_ion6-4.10.5-1.2.mga3.x86_64.rpm plasma-applet-battery-4.10.5-1.2.mga3.x86_64.rpm plasma-applet-calendar-4.10.5-1.2.mga3.x86_64.rpm plasma-applet-quicklaunch-4.10.5-1.2.mga3.x86_64.rpm plasma-applet-system-monitor-cpu-4.10.5-1.2.mga3.x86_64.rpm plasma-applet-system-monitor-hdd-4.10.5-1.2.mga3.x86_64.rpm plasma-applet-system-monitor-hwinfo-4.10.5-1.2.mga3.x86_64.rpm plasma-applet-system-monitor-net-4.10.5-1.2.mga3.x86_64.rpm plasma-applet-system-monitor-temperature-4.10.5-1.2.mga3.x86_64.rpm plasma-applet-webbrowser-4.10.5-1.2.mga3.x86_64.rpm plasma-krunner-nepomuk-4.10.5-1.2.mga3.x86_64.rpm plasma-krunner-powerdevil-4.10.5-1.2.mga3.x86_64.rpm plasma-runner-places-4.10.5-1.2.mga3.x86_64.rpm plasma-scriptengine-python-4.10.5-1.2.mga3.x86_64.rpm plasma-scriptengine-ruby-4.10.5-1.2.mga3.noarch.rpm
For me this update works fine. Testing complete for mga3 32-bit & 64-bit Validating the update. Could someone from the sysadmin team push this to updates. Thanks
Keywords: (none) => validated_updateWhiteboard: (none) => MGA3-32-OK MGA3-64-OKCC: (none) => sysadmin-bugs
Advisory uploaded.
Whiteboard: MGA3-32-OK MGA3-64-OK => MGA3-32-OK MGA3-64-OK advisory
URL: https://www.kde.org/info/security/advisory-20141106-1.txt => http://lwn.net/Vulnerabilities/619817/
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2014-0445.html
Status: NEW => RESOLVEDResolution: (none) => FIXED