Advisories » MGASA-2014-0478

Updated kdebase4-runtime and kwebkitpart packages fix security vulnerability

Publication date: 21 Nov 2014
Modification date: 21 Nov 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-8600

Description

kwebkitpart and the bookmarks:// io slave were not sanitizing input correctly
allowing to some javascript being executed on the context of the referenced
hostname (CVE-2014-8600).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=14582
• https://www.kde.org/info/security/advisory-20141113-1.txt
• https://bugzilla.redhat.com/show_bug.cgi?id=1164293
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8600

SRPMS

3/core

• kdebase4-runtime-4.10.5-1.2.mga3
• kwebkitpart-1.3.2-1.1.mga3

4/core

• kdebase4-runtime-4.12.5-1.2.mga4
• kwebkitpart-1.3.2-3.1.mga4