Overview Details Repositories Revisions Requests Users Attributes Meta
Security update for kdebase4-runtime, kdelibs4, konversation, kwebkitpart, libqt4

KDE and QT were updated to fix security issues and bugs.

The following vulerabilities were fixed:

* CVE-2014-0190: Malformed GIF files could have crashed QT based applications
* CVE-2015-0295: Malformed BMP files could have crashed QT based applications
* CVE-2014-8600: Multiple cross-site scripting (XSS) vulnerabilities in the KDE runtime could have allowed remote attackers to insert arbitrary web script or HTML via crafted URIs using one of several supported URL schemes
* CVE-2014-8483: A missing size check in the Blowfish ECB could have lead to a crash of Konversation or 11 byte information leak
* CVE-2014-3494: The KMail POP3 kioslave accepted invalid certifiates and allowed a man-in-the-middle (MITM) attack

Additionally, Konversation was updated to 1.5.1 to fix bugs.

Fixed bugs
bnc#875470
libqt4: NULL pointer dereference flaw in QGIFFormat::fillRect
bnc#883374
kdelibs4: KMail/KIO POP3 SSL MITM Flaw (CVE-2014-3494)
bnc#902670
quassel: out-of-bounds read on a heap-allocated array
bnc#905742
kdebase3,kdebase4-runtime: Insufficient Input Validation By IO Slaves and Webkit Part
bnc#921999
libqt4,qt: division by zero when processing malformed BMP files
CVE-CVE-2014-0190
CVE-CVE-2014-8483
CVE-CVE-2014-3494
CVE-CVE-2014-8600
CVE-CVE-2015-0295
Selected Binaries
openSUSE Build Service is sponsored by
Places