Mageia Bugzilla – Bug 7999
kdelibs4 new security issues CVE-2012-4514 and CVE-2012-4515
Last modified: 2013-02-16 20:29:22 CET
RedHat has issued an advisory on October 30:
It is unclear which versions are affected.
Nicolas has also checked in a patch to Mageia 2 SVN for CVE-2012-4515.
Fedora has issued an advisory on November 1:
This adds CVE-2012-4514 and CVE-2012-4515.
(In reply to comment #1)
> Fedora has issued an advisory on November 1:
> This adds CVE-2012-4514 and CVE-2012-4515.
OpenSuSE has issued an advisory for these on November 28:
I'm assuming these issues no longer affect the version in Cauldron.
Mageia 1 is EOL.
Nicolas has fixed CVE-2012-4514 in Mageia 2 SVN.
Nicolas said CVE-2012-4512 was fixed in the 4.8.5 update.
He's investigating the status of CVE-2012-4513 now.
The code in 4.8 is completely different, but the PoC in the attachment:
does not crash Konqueror, so we're not vulnerable to CVE-2012-4513.
Changing the bug URL since we're not vulnerable to the ones from the original report (although Mageia 1 is):
Seeing as we have a patched package built that fixes CVE-2012-451, this is ready for QA.
Updated kdelibs4 packages fix security vulnerabilities:
rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows remote
attackers to cause a denial of service (NULL pointer dereference) via a
crafted web page, related to "trying to reuse a frame with a null part"
Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in
Konqueror in KDE 4.7.3, when the context menu is shown, allows remote
attackers to cause a denial of service (crash) and possibly execute
arbitrary code by accessing an iframe when it is being updated
Updated packages in core/updates_testing:
For Mageia 1, strangely enough, the patch to fix CVE-2012-4512 upstream is exactly the same as the patch to fix CVE-2010-0046 already in the package.
Patches for CVE-2012-451[3-5] checked into Mageia 1 SVN.
Adding dglent in CC as he reported cve-2012-4514 upstream
Dimitrios do you still get the crash? If so could you please test with these new rpms in core/updates_testing and see if it cures it.
Possible PoC's for CVE-2012-4514 listed here:
Tried with samba-swat and the nas login page. I've been unable to reproduce x86_64
DGlent your bug was this one: https://bugs.kde.org/show_bug.cgi?id=280912 which is the first duplicate.
No PoC's for CVE-2012-4515
Testing mga2 64
Just checking kde apps like konqueror work ok with the update.
konqueror, quassel, konversation, digikam, kruler, dragon player, gwenview all ok
Testing complete mga2 64
Checked some KDE apps work in 32-bit with the update:
Konversation, Konsole, KCalc, KTimer, Gwenview, Okular, KWrite seem fine.
SRPM & advisory in comment 7
Could sysadmin please push from core/updates_testing to core/updates
(In reply to comment #9)
> Adding dglent in CC as he reported cve-2012-4514 upstream
> Dimitrios do you still get the crash? If so could you please test with these
> new rpms in core/updates_testing and see if it cures it.
No, i don't have the crash any more