[Bug 1731797] [NEW] [CVE] Crash in IRC message parsing
Simon Quigley
tsimonq2 at ubuntu.com
Sun Nov 12 20:41:35 UTC 2017
*** This bug is a security vulnerability ***
Public security bug reported:
KDE Project Security Advisory
=============================
Title: Konversation: Crash in IRC message parsing
Risk Rating: High
CVE: CVE-2017-15923
Versions: konversation <= 1.7.2
Date: 12 November 2017
Overview
========
Konversation has support for colors in IRC messages. Any malicious user connected to the
same IRC network can send a carefully crafted message that will crash the Konversation user client.
Workaround
==========
Go to Interface → Colors in the Configure Konversation dialog and uncheck Allow Colored Text in IRC Messages (near the bottom)
Solution
========
Update to Konversation > 1.7.2
Or apply the following patches:
1.7: https://cgit.kde.org/konversation.git/commit/?h=1.7&id=34cc9556c1a089fac6b674d3bd6f2248e9512902
1.6: https://cgit.kde.org/konversation.git/commit/?h=1.6&id=cebf8d7658b0e3afb0292c273704ec4d2ea4019f
1.5: https://cgit.kde.org/konversation.git/commit/?h=1.5&id=6a7f59ee1b9dbc6e5cf9e5f3b306504d02b73ef0
1.4: the patch for 1.5 will apply, but you should upgrade
Credits
=======
Thanks to Joseph Bisch for the report and to Eli MacKenzie for the fix.
** Affects: kubuntu-ppa
Importance: High
Assignee: Simon Quigley (tsimonq2)
Status: Triaged
** Affects: konversation (Ubuntu)
Importance: High
Status: Fix Released
** Affects: konversation (Ubuntu Trusty)
Importance: High
Assignee: Simon Quigley (tsimonq2)
Status: Triaged
** Affects: konversation (Ubuntu Xenial)
Importance: High
Assignee: Simon Quigley (tsimonq2)
Status: Triaged
** Affects: konversation (Ubuntu Zesty)
Importance: High
Assignee: Simon Quigley (tsimonq2)
Status: Triaged
** Affects: konversation (Ubuntu Artful)
Importance: High
Assignee: Simon Quigley (tsimonq2)
Status: Triaged
** Affects: konversation (Ubuntu Bionic)
Importance: High
Status: Fix Released
** Also affects: konversation (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: konversation (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: konversation (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: konversation (Ubuntu Artful)
Importance: Undecided
Status: New
** Also affects: konversation (Ubuntu Zesty)
Importance: Undecided
Status: New
** Changed in: konversation (Ubuntu Bionic)
Status: New => Fix Released
** Changed in: konversation (Ubuntu Trusty)
Status: New => Triaged
** Changed in: konversation (Ubuntu Xenial)
Status: New => Triaged
** Changed in: konversation (Ubuntu Zesty)
Status: New => Triaged
** Changed in: konversation (Ubuntu Artful)
Status: New => Triaged
** Changed in: konversation (Ubuntu Trusty)
Importance: Undecided => High
** Changed in: konversation (Ubuntu Xenial)
Importance: Undecided => High
** Changed in: konversation (Ubuntu Zesty)
Importance: Undecided => High
** Changed in: konversation (Ubuntu Artful)
Importance: Undecided => High
** Changed in: konversation (Ubuntu Bionic)
Importance: Undecided => High
** Changed in: konversation (Ubuntu Trusty)
Assignee: (unassigned) => Simon Quigley (tsimonq2)
** Changed in: konversation (Ubuntu Xenial)
Assignee: (unassigned) => Simon Quigley (tsimonq2)
** Changed in: konversation (Ubuntu Zesty)
Assignee: (unassigned) => Simon Quigley (tsimonq2)
** Changed in: konversation (Ubuntu Artful)
Assignee: (unassigned) => Simon Quigley (tsimonq2)
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-15923
** Also affects: kubuntu-ppa
Importance: Undecided
Status: New
** Changed in: kubuntu-ppa
Assignee: (unassigned) => Simon Quigley (tsimonq2)
** Changed in: kubuntu-ppa
Importance: Undecided => High
** Changed in: kubuntu-ppa
Status: New => Triaged
--
You received this bug notification because you are a member of Kubuntu
Developers, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1731797
Title:
[CVE] Crash in IRC message parsing
To manage notifications about this bug go to:
https://bugs.launchpad.net/kubuntu-ppa/+bug/1731797/+subscriptions
More information about the Ubuntu-reviews
mailing list