RedHat has issued an advisory on October 30: https://rhn.redhat.com/errata/RHSA-2012-1416.html It is unclear which versions are affected. Nicolas has also checked in a patch to Mageia 2 SVN for CVE-2012-4515.
CC: (none) => nicolas.lecureuilWhiteboard: (none) => MGA2TOO, MGA1TOO
CC: (none) => balcaen.john
Fedora has issued an advisory on November 1: http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092451.html This adds CVE-2012-4514 and CVE-2012-4515.
Summary: kdelibs4 new security issues CVE-2012-4512 and CVE-2012-4513 => kdelibs4 new security issues CVE-2012-451[2-5]
(In reply to comment #1) > Fedora has issued an advisory on November 1: > http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092451.html > > This adds CVE-2012-4514 and CVE-2012-4515. from http://lwn.net/Vulnerabilities/525443/
OpenSuSE has issued an advisory for these on November 28: http://lists.opensuse.org/opensuse-updates/2012-11/msg00088.html
CC: (none) => oe
I'm assuming these issues no longer affect the version in Cauldron. Mageia 1 is EOL.
Version: Cauldron => 2Whiteboard: MGA2TOO, MGA1TOO => (none)
Nicolas has fixed CVE-2012-4514 in Mageia 2 SVN.
Severity: normal => critical
Nicolas said CVE-2012-4512 was fixed in the 4.8.5 update. He's investigating the status of CVE-2012-4513 now.
The code in 4.8 is completely different, but the PoC in the attachment: http://seclists.org/oss-sec/2012/q4/171 does not crash Konqueror, so we're not vulnerable to CVE-2012-4513. Changing the bug URL since we're not vulnerable to the ones from the original report (although Mageia 1 is): http://lwn.net/Vulnerabilities/522155/ Seeing as we have a patched package built that fixes CVE-2012-451[45], this is ready for QA. Advisory: ======================== Updated kdelibs4 packages fix security vulnerabilities: rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted web page, related to "trying to reuse a frame with a null part" (CVE-2012-4514). Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in Konqueror in KDE 4.7.3, when the context menu is shown, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by accessing an iframe when it is being updated (CVE-2012-4515). http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4514 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4515 http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092451.html ======================== Updated packages in core/updates_testing: ======================== kdelibs4-core-4.8.5-1.6.mga2 kdelibs4-devel-4.8.5-1.6.mga2 kdelibs4-handbooks-4.8.5-1.6.mga2 libkcmutils4-4.8.5-1.6.mga2 libkde3support4-4.8.5-1.6.mga2 libkdeclarative5-4.8.5-1.6.mga2 libkdecore5-4.8.5-1.6.mga2 libkdefakes5-4.8.5-1.6.mga2 libkdesu5-4.8.5-1.6.mga2 libkdeui5-4.8.5-1.6.mga2 libkdewebkit5-4.8.5-1.6.mga2 libkdnssd4-4.8.5-1.6.mga2 libkemoticons4-4.8.5-1.6.mga2 libkfile4-4.8.5-1.6.mga2 libkhtml5-4.8.5-1.6.mga2 libkidletime4-4.8.5-1.6.mga2 libkimproxy4-4.8.5-1.6.mga2 libkio5-4.8.5-1.6.mga2 libkjs4-4.8.5-1.6.mga2 libkjsapi4-4.8.5-1.6.mga2 libkjsembed4-4.8.5-1.6.mga2 libkmediaplayer4-4.8.5-1.6.mga2 libknewstuff2_4-4.8.5-1.6.mga2 libknewstuff3_4-4.8.5-1.6.mga2 libknotifyconfig4-4.8.5-1.6.mga2 libkntlm4-4.8.5-1.6.mga2 libkparts4-4.8.5-1.6.mga2 libkprintutils4-4.8.5-1.6.mga2 libkpty4-4.8.5-1.6.mga2 libkrosscore4-4.8.5-1.6.mga2 libkrossui4-4.8.5-1.6.mga2 libktexteditor4-4.8.5-1.6.mga2 libkunitconversion4-4.8.5-1.6.mga2 libkunittest4-4.8.5-1.6.mga2 libkutils4-4.8.5-1.6.mga2 libnepomuk4-4.8.5-1.6.mga2 libnepomukquery4-4.8.5-1.6.mga2 libnepomukutils4-4.8.5-1.6.mga2 libplasma3-4.8.5-1.6.mga2 libsolid4-4.8.5-1.6.mga2 libthreadweaver4-4.8.5-1.6.mga2 from kdelibs4-4.8.5-1.6.mga2.src.rpm
URL: http://lwn.net/Vulnerabilities/522155/ => http://lwn.net/Vulnerabilities/525443/Assignee: bugsquad => qa-bugsSummary: kdelibs4 new security issues CVE-2012-451[2-5] => kdelibs4 new security issues CVE-2012-4514 and CVE-2012-4515
For Mageia 1, strangely enough, the patch to fix CVE-2012-4512 upstream is exactly the same as the patch to fix CVE-2010-0046 already in the package. Patches for CVE-2012-451[3-5] checked into Mageia 1 SVN.
Adding dglent in CC as he reported cve-2012-4514 upstream Dimitrios do you still get the crash? If so could you please test with these new rpms in core/updates_testing and see if it cures it. Thanks!
CC: (none) => dglent
Possible PoC's for CVE-2012-4514 listed here: https://bugs.kde.org/show_bug.cgi?id=271528 Tried with samba-swat and the nas login page. I've been unable to reproduce x86_64 DGlent your bug was this one: https://bugs.kde.org/show_bug.cgi?id=280912 which is the first duplicate.
No PoC's for CVE-2012-4515 Testing mga2 64 Just checking kde apps like konqueror work ok with the update.
konqueror, quassel, konversation, digikam, kruler, dragon player, gwenview all ok Testing complete mga2 64
Whiteboard: (none) => has_procedure mga2-64-OK
Checked some KDE apps work in 32-bit with the update: Konversation, Konsole, KCalc, KTimer, Gwenview, Okular, KWrite seem fine. Carolyn
CC: (none) => isolde
Thanks Carolyn Validating SRPM & advisory in comment 7 Could sysadmin please push from core/updates_testing to core/updates Thanks!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: has_procedure mga2-64-OK => has_procedure mga2-64-OK mga2-32-ok
(In reply to comment #9) > Adding dglent in CC as he reported cve-2012-4514 upstream > > Dimitrios do you still get the crash? If so could you please test with these > new rpms in core/updates_testing and see if it cures it. > > Thanks! No, i don't have the crash any more Thanks
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0054
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED