KDE Libraries: Multiple vulnerabilities — GLSA 201406-34

Multiple vulnerabilities have been discovered in KDE Libraries, the worst of which could lead to man-in-the-middle attacks.

Affected Packages

kde-base/kdelibs on all architectures
Affected versions < 4.12.5-r1
Unaffected versions >= 4.12.5-r1

Background

KDE is a feature-rich graphical desktop environment for Linux and Unix-like operating systems. KDE Libraries contains libraries needed by all KDE applications.

Description

Multiple vulnerabilities have been discovered in KDE Libraries. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could cause a man-in-the-middle attack via any certificate issued by a legitimate certification authority. Furthermore, a local attacker may gain knowledge of user passwords through an information leak.

Workaround

There is no known workaround at this time.

Resolution

All KDE users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=kde-base/kdelibs-4.12.5-r1"
 

References

Release Date
June 29, 2014

Latest Revision
June 29, 2014: 1

Severity
normal

Exploitable
local, remote

Bugzilla entries