openSUSE Security Update : konversation (openSUSE-SU-2014:1406-1)

Medium Nessus Plugin ID 79226


The remote openSUSE host is missing a security update.


konversation was updated to version 1.5.1, fixing bugs and one security issue.

Changes :

- Konversation 1.5.1 is a maintenance release containing only bug fixes. The included changes address several minor behavioral defects and a low-risk DoS security defect in the Blowfish ECB support. The KDE Platform version dependency has increased to v4.9.0 to gain access to newer Qt socket transport security flags.

- Fixed a bug causing wildcards in command alias replacement patterns not to be expanded.

- Fixed a bug causing auto-joining of channels not starting in # or & to sometimes fail because the auto-join command was generated before we got the CHANTYPES pronouncement by the server.

- Added a size sanity check for incoming Blowfish ECB blocks. The blind assumption of incoming blocks being the expected 12 bytes could lead to a crash or up to 11 byte information leak due to an out-of-bounds read.

- Enabling SSL/TLS support for connections will now advertise the protocols Qt considers secure by default, instead of being hardcoded to TLSv1.

- Fixed the bundled 'sysinfo' script not coping with empty lines in /etc/os-release.

- Made disk space info in the bundled 'sysinfo' script more robust by forcing the C locale for 'df'.

- Added an audio player type hint for Cantata to the bundled 'media' script.

- Fixed some minor comparison logic errors turned up by static analysis.

- Konversation now depends on KDE Platform v4.9.0 or higher.


Update the affected konversation packages.

See Also

Plugin Details

Severity: Medium

ID: 79226

File Name: openSUSE-2014-659.nasl

Version: $Revision: 1.1 $

Type: local

Agent: unix

Published: 2014/11/13

Modified: 2014/11/13

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:konversation, p-cpe:/a:novell:opensuse:konversation-debuginfo, p-cpe:/a:novell:opensuse:konversation-debugsource, p-cpe:/a:novell:opensuse:konversation-lang, cpe:/o:novell:opensuse:13.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2014/11/05

Reference Information

CVE: CVE-2014-8483