Advisories ยป MGASA-2014-0432

Updated KDE 4 and related packages move to KDE 4.12.5

Publication date: 29 Oct 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-3494 , CVE-2014-4607 , CVE-2014-5033 , CVE-2014-6053 , CVE-2014-6054 , CVE-2014-6055


This KDE 4 update provides an upgrade to the last stable version of KDE
Applications and Development Platform for the 4.12 series, and updates
Plasma Workspaces to 4.11.12.

This update fixes several security vulnerabilities
  - KMail/KIO POP3 SSL MITM Flaw (CVE-2014-3494 - mga#13545)
  - KAuth PID Reuse Flaw (CVE-2014-5033 - mga#13792)
  - krfb: possible denial of service or code execution via integer
    overflow (CVE-2014-4607 - mga#13933)
  - krfb: multiple security issues in libvncserver (mga#14205)
    (CVE-2014-6053, CVE-2014-6054, CVE-2014-6055)

and additional issues
  - poxml is compiled without antlr (mga#12612)
  - crashes in bluedevil (mga#12751, mga#13618, mga#13728)
  - kdelibs file dialog isn't properly translated in pure Qt apps
  - kate: self-closing xml tag breaks indentation (mga#13275,
  - krdc missing dependency on freerdp (mga#13292)
  - lock screen: can't start a new session after playing around
    with buttons (mga#13300, bko#331761)
  - kbreakout missing dependency on libkdegames-corebindings
  - meinproc4 doesn't substitute entity with fixed libxml2
    (mga#13555, mga#13559, bko#335001)
  - calligra-words missing dependency on soprano-plugin-redland
  - digikam can't export to flickr (mga#13778, bko#336835)

See the referenced buglists in KDE announcements for the complete list
of fixes.