openSUSE Security Update : konversation (openSUSE-SU-2014:1406-1)

medium Nessus Plugin ID 79226

Synopsis

The remote openSUSE host is missing a security update.

Description

konversation was updated to version 1.5.1, fixing bugs and one security issue.

Changes :

- Konversation 1.5.1 is a maintenance release containing only bug fixes. The included changes address several minor behavioral defects and a low-risk DoS security defect in the Blowfish ECB support. The KDE Platform version dependency has increased to v4.9.0 to gain access to newer Qt socket transport security flags.

- Fixed a bug causing wildcards in command alias replacement patterns not to be expanded.

- Fixed a bug causing auto-joining of channels not starting in # or & to sometimes fail because the auto-join command was generated before we got the CHANTYPES pronouncement by the server.

- Added a size sanity check for incoming Blowfish ECB blocks. The blind assumption of incoming blocks being the expected 12 bytes could lead to a crash or up to 11 byte information leak due to an out-of-bounds read.
CVE-2014-8483.

- Enabling SSL/TLS support for connections will now advertise the protocols Qt considers secure by default, instead of being hardcoded to TLSv1.

- Fixed the bundled 'sysinfo' script not coping with empty lines in /etc/os-release.

- Made disk space info in the bundled 'sysinfo' script more robust by forcing the C locale for 'df'.

- Added an audio player type hint for Cantata to the bundled 'media' script.

- Fixed some minor comparison logic errors turned up by static analysis.

- Konversation now depends on KDE Platform v4.9.0 or higher.

Solution

Update the affected konversation packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=902670

https://lists.opensuse.org/opensuse-updates/2014-11/msg00046.html

Plugin Details

Severity: Medium

ID: 79226

File Name: openSUSE-2014-659.nasl

Version: 1.4

Type: local

Agent: unix

Published: 11/13/2014

Updated: 1/19/2021

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/o:novell:opensuse:13.2, p-cpe:/a:novell:opensuse:konversation, p-cpe:/a:novell:opensuse:konversation-debugsource, p-cpe:/a:novell:opensuse:konversation-debuginfo, p-cpe:/a:novell:opensuse:konversation-lang

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 11/5/2014

Reference Information

CVE: CVE-2014-8483