Advisories » MGASA-2017-0473

Updated kdebase4-runtime packages fix security vulnerability

Publication date: 31 Dec 2017
Modification date: 30 Dec 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-7787

Description

A user could sneak an unicode string terminator in the kdesu invocation,
which could hide the fact that more commands could be executed
(CVE-2016-7787).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=19488
• http://openwall.com/lists/oss-security/2016/09/29/7
• https://lists.opensuse.org/opensuse-updates/2016-10/msg00034.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7787

SRPMS

5/core

• kdebase4-runtime-4.14.3-5.1.mga5