openSUSE Security Update : konversation (openSUSE-SU-2014:1406-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Synopsis :

The remote openSUSE host is missing a security update.

Description :

konversation was updated to version 1.5.1, fixing bugs and one
security issue.

Changes :

- Konversation 1.5.1 is a maintenance release containing
only bug fixes. The included changes address several
minor behavioral defects and a low-risk DoS security
defect in the Blowfish ECB support. The KDE Platform
version dependency has increased to v4.9.0 to gain
access to newer Qt socket transport security flags.

- Fixed a bug causing wildcards in command alias
replacement patterns not to be expanded.

- Fixed a bug causing auto-joining of channels not
starting in # or & to sometimes fail because the
auto-join command was generated before we got the
CHANTYPES pronouncement by the server.

- Added a size sanity check for incoming Blowfish ECB
blocks. The blind assumption of incoming blocks being
the expected 12 bytes could lead to a crash or up to 11
byte information leak due to an out-of-bounds read.

- Enabling SSL/TLS support for connections will now
advertise the protocols Qt considers secure by default,
instead of being hardcoded to TLSv1.

- Fixed the bundled 'sysinfo' script not coping with empty
lines in /etc/os-release.

- Made disk space info in the bundled 'sysinfo' script
more robust by forcing the C locale for 'df'.

- Added an audio player type hint for Cantata to the
bundled 'media' script.

- Fixed some minor comparison logic errors turned up by
static analysis.

- Konversation now depends on KDE Platform v4.9.0 or

See also :

Solution :

Update the affected konversation packages.

Risk factor :

Medium / CVSS Base Score : 5.0

Family: SuSE Local Security Checks

Nessus Plugin ID: 79226 ()

Bugtraq ID:

CVE ID: CVE-2014-8483

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now