Updated kdebase4-runtime and kwebkitpart packages fix security vulnerability
Publication date: 21 Nov 2014Modification date: 21 Nov 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-8600
Description
kwebkitpart and the bookmarks:// io slave were not sanitizing input correctly allowing to some javascript being executed on the context of the referenced hostname (CVE-2014-8600).
References
SRPMS
4/core
- kdebase4-runtime-4.12.5-1.2.mga4
- kwebkitpart-1.3.2-3.1.mga4
3/core
- kdebase4-runtime-4.10.5-1.2.mga3
- kwebkitpart-1.3.2-1.1.mga3