[CVE] Crash in IRC message parsing
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Kubuntu PPA |
Fix Released
|
High
|
Simon Quigley | ||
konversation (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Trusty |
Fix Released
|
High
|
Steve Beattie | ||
Xenial |
Fix Released
|
High
|
Steve Beattie | ||
Zesty |
Fix Released
|
High
|
Steve Beattie | ||
Artful |
Fix Released
|
High
|
Steve Beattie | ||
Bionic |
Fix Released
|
High
|
Unassigned |
Bug Description
KDE Project Security Advisory
=======
Title: Konversation: Crash in IRC message parsing
Risk Rating: High
CVE: CVE-2017-15923
Versions: konversation <= 1.7.2
Date: 12 November 2017
Overview
========
Konversation has support for colors in IRC messages. Any malicious user connected to the
same IRC network can send a carefully crafted message that will crash the Konversation user client.
Workaround
==========
Go to Interface → Colors in the Configure Konversation dialog and uncheck Allow Colored Text in IRC Messages (near the bottom)
Solution
========
Update to Konversation > 1.7.2
Or apply the following patches:
1.7: https:/
1.6: https:/
1.5: https:/
1.4: the patch for 1.5 will apply, but you should upgrade
Credits
=======
Thanks to Joseph Bisch for the report and to Eli MacKenzie for the fix.
CVE References
Changed in konversation (Ubuntu Bionic): | |
status: | New → Fix Released |
Changed in konversation (Ubuntu Trusty): | |
status: | New → Triaged |
Changed in konversation (Ubuntu Xenial): | |
status: | New → Triaged |
Changed in konversation (Ubuntu Zesty): | |
status: | New → Triaged |
Changed in konversation (Ubuntu Artful): | |
status: | New → Triaged |
Changed in konversation (Ubuntu Trusty): | |
importance: | Undecided → High |
Changed in konversation (Ubuntu Xenial): | |
importance: | Undecided → High |
Changed in konversation (Ubuntu Zesty): | |
importance: | Undecided → High |
Changed in konversation (Ubuntu Artful): | |
importance: | Undecided → High |
Changed in konversation (Ubuntu Bionic): | |
importance: | Undecided → High |
Changed in konversation (Ubuntu Trusty): | |
assignee: | nobody → Simon Quigley (tsimonq2) |
Changed in konversation (Ubuntu Xenial): | |
assignee: | nobody → Simon Quigley (tsimonq2) |
Changed in konversation (Ubuntu Zesty): | |
assignee: | nobody → Simon Quigley (tsimonq2) |
Changed in konversation (Ubuntu Artful): | |
assignee: | nobody → Simon Quigley (tsimonq2) |
Changed in kubuntu-ppa: | |
assignee: | nobody → Simon Quigley (tsimonq2) |
importance: | Undecided → High |
status: | New → Triaged |
Changed in konversation (Ubuntu Trusty): | |
status: | Triaged → In Progress |
Changed in konversation (Ubuntu Xenial): | |
status: | Triaged → In Progress |
Changed in konversation (Ubuntu Artful): | |
status: | Triaged → In Progress |
Changed in konversation (Ubuntu Zesty): | |
status: | Triaged → In Progress |
Changed in kubuntu-ppa: | |
status: | Triaged → In Progress |
Packages are available for testing in ppa:tsimonq2/ security- builds and in ppa:kubuntu- ppa/backports- landing. More details are available here: https:/ /lists. ubuntu. com/archives/ kubuntu- devel/2017- November/ 011487. html