This script is Copyright (C) 2014 Tenable Network Security, Inc.
The remote openSUSE host is missing a security update.
konversation was updated to version 1.5.1, fixing bugs and one
- Konversation 1.5.1 is a maintenance release containing
only bug fixes. The included changes address several
minor behavioral defects and a low-risk DoS security
defect in the Blowfish ECB support. The KDE Platform
version dependency has increased to v4.9.0 to gain
access to newer Qt socket transport security flags.
- Fixed a bug causing wildcards in command alias
replacement patterns not to be expanded.
- Fixed a bug causing auto-joining of channels not
starting in # or & to sometimes fail because the
auto-join command was generated before we got the
CHANTYPES pronouncement by the server.
- Added a size sanity check for incoming Blowfish ECB
blocks. The blind assumption of incoming blocks being
the expected 12 bytes could lead to a crash or up to 11
byte information leak due to an out-of-bounds read.
- Enabling SSL/TLS support for connections will now
advertise the protocols Qt considers secure by default,
instead of being hardcoded to TLSv1.
- Fixed the bundled 'sysinfo' script not coping with empty
lines in /etc/os-release.
- Made disk space info in the bundled 'sysinfo' script
more robust by forcing the C locale for 'df'.
- Added an audio player type hint for Cantata to the
bundled 'media' script.
- Fixed some minor comparison logic errors turned up by
- Konversation now depends on KDE Platform v4.9.0 or
See also :
Update the affected konversation packages.
Risk factor :
Medium / CVSS Base Score : 5.0