Updated kdelibs4 packages fix security vulnerability and various bugs
Publication date: 12 Aug 2014Modification date: 12 Aug 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2014-5033
Description
This update fixes a security vulnerability in the polkit authentication
backend of kdelibs (CVE-2014-5033) (mga#13792), and fixes some
additional issues:
- duplicate targets in PythonMacros.cmake (reviewboard kde 111371),
- kded4 leak sockets in NetworkInterface::isWireless() (bko#324954),
- media type application/x-konsole is unsupported (bko#292378),
- pure Qt applications (like VLC) that get the kdelibs file dialog
are not properly translated (mga#12982),
- meinproc4 doesn't substitute entity with libxml2 fixed for
CVE-2014-0191 (bko#335001, mga#13555, mga#13559),
References
- https://bugs.mageia.org/show_bug.cgi?id=13826
- https://bugs.mageia.org/show_bug.cgi?id=13792
- http://www.kde.org/info/security/advisory-20140730-1.txt
- https://bugzilla.novell.com/show_bug.cgi?id=864716
- https://git.reviewboard.kde.org/r/111371/
- https://bugs.kde.org/show_bug.cgi?id=324954
- https://bugs.kde.org/show_bug.cgi?id=292378
- https://bugs.mageia.org/show_bug.cgi?id=12982
- https://bugs.kde.org/show_bug.cgi?id=335001
- https://bugs.mageia.org/show_bug.cgi?id=13555
- https://bugs.mageia.org/show_bug.cgi?id=13559
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5033
SRPMS
3/core
- kdelibs4-4.10.5-1.2.mga3