Advisories » MGASA-2018-0477

Updated kio-extras packages fix security vulnerability

Publication date: 06 Dec 2018
Modification date: 06 Dec 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-19120

Description

The HTML thumbnailer was incorrectly accessing some content of remote
URLs listed in HTML files. This meant that the owners of the servers
referred in HTML files in your system could have seen in their access
logs your IP address every time the thumbnailer tried to create the
thumbnail (CVE-2018-19120).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=23868
• https://www.kde.org/info/security/advisory-20181012-1.txt
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CWRCGXLPJHM4OFD66BINH2FIMYHRCRKF/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19120

SRPMS

6/core

• kio-extras-17.12.2-4.1.mga6