Upstream has issued an advisory on November 13: https://www.kde.org/info/security/advisory-20141113-1.txt The RedHat bug is here: https://bugzilla.redhat.com/show_bug.cgi?id=1164293 kdebase4-runtime in Cauldron is also still affected (as far as I know). Mageia 3 is also affected. I don't know if we'll have time to get an update out for it (we can if we move fast), but it sounds like a very minor issue. I've committed and built updates for kwebkitpart already, but kdebase4-runtime still needs to be addressed. The "kde-runtime" commit linked in the advisory would be the one needed to fix the issue in kdebase4-runtime. Packages built so far: kwebkitpart-1.3.2-1.1.mga3 kwebkitpart-1.3.2-3.1.mga4 Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA3TOO
Patched packages uploaded for Mageia 3, Mageia 4, and Cauldron. From the KDE advisory, the PoC is to enter this URL into Konqueror and see that it pops up a messagebox: bookmarks://hhdhdhhdhdhdh.google.com/'><script>alert('bookmarks'+document.domain);</script> Advisory: ======================== Updated kdebase4-runtime and kwebkitpart packages fix security vulnerability: kwebkitpart and the bookmarks:// io slave were not sanitizing input correctly allowing to some javascript being executed on the context of the referenced hostname (CVE-2014-8600). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8600 https://www.kde.org/info/security/advisory-20141113-1.txt https://bugzilla.redhat.com/show_bug.cgi?id=1164293 ======================== Updated packages in core/updates_testing: ======================== kdebase4-runtime-4.10.5-1.2.mga3 kdebase4-runtime-handbook-4.10.5-1.2.mga3 nepomuk-4.10.5-1.2.mga3 kwallet-daemon-4.10.5-1.2.mga3 libkwalletbackend4-4.10.5-1.2.mga3 libmolletnetwork4-4.10.5-1.2.mga3 kdebase4-runtime-devel-4.10.5-1.2.mga3 kwebkitpart-1.3.2-1.1.mga3 kdebase4-runtime-4.12.5-1.2.mga4 kdebase4-runtime-handbook-4.12.5-1.2.mga4 nepomuk-4.12.5-1.2.mga4 kwallet-daemon-4.12.5-1.2.mga4 libkwalletbackend4-4.12.5-1.2.mga4 libmolletnetwork4-4.12.5-1.2.mga4 kdebase4-runtime-devel-4.12.5-1.2.mga4 kwebkitpart-1.3.2-3.1.mga4 from SRPMS: kdebase4-runtime-4.10.5-1.2.mga3.src.rpm kwebkitpart-1.3.2-1.1.mga3.src.rpm kdebase4-runtime-4.12.5-1.2.mga4.src.rpm kwebkitpart-1.3.2-3.1.mga4.src.rpm
CC: (none) => lmenutAssignee: lmenut => qa-bugsWhiteboard: MGA3TOO => MGA3TOO has_procedure
Verified that the PoC is fixed and Konqueror still works fine, Mageia 3 i586 and Mageia 4 i586.
Whiteboard: MGA3TOO has_procedure => MGA3TOO has_procedure MGA3-32-OK MGA4-32-OK
Tested mga4_64, real hardware Testing complete for the new kdebase4-runtime-4.12.5-1.2.mga4 and kwebkitpart-1.3.2-3.1.mga4 update, Ok for me. All seems to work properly here and nothing to report. I confirm that the PoC is fixed too here.
CC: (none) => geiger.david68210Whiteboard: MGA3TOO has_procedure MGA3-32-OK MGA4-32-OK => MGA3TOO has_procedure MGA3-32-OK MGA4-32-OK MGA4-64-OK
Testing on Mageia 3-64 real HW Current packages : ---------------- $ rpm -q kdebase4-runtime kwebkitpart kdebase4-runtime-4.10.5-1.1.mga3 kwebkitpart-1.3.2-1.mga3 Could reproduce PoC. Updated to testing packages : --------------------------- - kdebase4-runtime-4.10.5-1.2.mga3.x86_64 - kdebase4-runtime-handbook-4.10.5-1.2.mga3.noarch - kwallet-daemon-4.10.5-1.2.mga3.x86_64 - kwebkitpart-1.3.2-1.1.mga3.x86_64 - lib64kwalletbackend4-4.10.5-1.2.mga3.x86_64 - lib64molletnetwork4-4.10.5-1.2.mga3.x86_64 - nepomuk-4.10.5-1.2.mga3.x86_64 PoC fixed, KDE + Konqueror OK
CC: (none) => olchalWhiteboard: MGA3TOO has_procedure MGA3-32-OK MGA4-32-OK MGA4-64-OK => MGA3TOO has_procedure MGA3-32-OK MGA4-32-OK MGA4-64-OK MGA3-64-OK
Validating. Advisory uploaded.
Keywords: (none) => validated_updateWhiteboard: MGA3TOO has_procedure MGA3-32-OK MGA4-32-OK MGA4-64-OK MGA3-64-OK => MGA3TOO has_procedure MGA3-32-OK MGA4-32-OK MGA4-64-OK MGA3-64-OK advisoryCC: (none) => remi, sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2014-0478.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/622609/