openSUSE Security Update : konversation (openSUSE-2017-1306)

high Nessus Plugin ID 104769

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for konversation fixes the following issues :

Security issue fixed :

- CVE-2017-15923: Fixed a crash in parsing IRC color formatting codes (boo#1068097).

Bug fixes :

- Update to version 1.7.4 :

- Fixed a bug causing the size of a custom chat text view font set via the configuration dialog to be ignored. A font size modification done via the Enlarge/Decrease Font Size actions is now applied on top of the configured size (or the system default font size, respectively).

- Update to 1.7.3 :

- Added a copy action to the context menu of nicknames in the chat text view.

- Re-enabled channel mode buttons.

- Reduced emission of Unicode directional control characters in the chat text view. Unnecessary control characters could sometimes cause problems with copying text from Konversation and pasting it into terminal applications, confusing them.

- Fixed handling of nick and channel prefix characters potentially using the same set of symbols.

- Removed redundant escaping of angle brackets in GECOS ('realname') field.

- The nickname combobox will no longer change the nickname to the current value whenvever it loses focus.

- Fixed color scheme handling in the treelist version on the tab bar, fixing an issue where the background and text color of the selected item would sometimes be the same, rendering the item unreadable.

- Fixed handling of IRC URLs for channels starting with more than one #, addressing a percent-encoding problem with bookmarks of them.

- Fixed custom chat text view font family reverting to system default font family upon using the increase/decrease font size actions.

- Fixed chat text view font size adjusted via the increase/decrease font size actions reverting to configuration default when OK'ing the config dialog.

- Fixed incorrect checkbox states in the Channel Invite dialog.

- Fixed a crash in IRC v3 extended-join parsing.

- Fixed a crash in parsing IRC color formatting codes.

- Fixed a minor memory leak in the Join Channel dialog code.

- Removed unnecessary nickname list debug message sent as warning.

- Trim description from redundant phrasing, and ensure neutrality.

Solution

Update the affected konversation packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1068097

Plugin Details

Severity: High

ID: 104769

File Name: openSUSE-2017-1306.nasl

Version: 3.5

Type: local

Agent: unix

Published: 11/27/2017

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS v3

Risk Factor: High

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:konversation, p-cpe:/a:novell:opensuse:konversation-debuginfo, p-cpe:/a:novell:opensuse:konversation-debugsource, p-cpe:/a:novell:opensuse:konversation-lang, cpe:/o:novell:opensuse:42.3

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 11/25/2017

Reference Information

CVE: CVE-2017-15923