Security update for kconfig, kdelibs4 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:1855-1 Final 1 1 2019-08-13T12:48:43Z current 2019-08-13T12:48:43Z 2019-08-13T12:48:43Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for kconfig, kdelibs4 This update for kconfig, kdelibs4 fixes the following issues: - CVE-2019-14744: Fixed a command execution by an shell expansion (boo#1144600). This update was imported from the openSUSE:Leap:15.0:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-1855 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2019-08/msg00016.html E-Mail link for openSUSE-SU-2019:1855-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1144600 SUSE Bug 1144600 https://www.suse.com/security/cve/CVE-2019-14744/ SUSE CVE CVE-2019-14744 page SUSE Package Hub 15 kconf_update5-5.45.0-bp150.3.8.2 kconfig-devel-5.45.0-bp150.3.8.2 kconfig-devel-64bit-5.45.0-bp150.3.8.2 kdelibs4-4.14.38-bp150.3.8.1 kdelibs4-apidocs-4.14.38-bp150.3.8.1 kdelibs4-branding-upstream-4.14.38-bp150.3.8.1 kdelibs4-core-4.14.38-bp150.3.8.1 kdelibs4-doc-4.14.38-bp150.3.8.1 libKF5ConfigCore5-5.45.0-bp150.3.8.2 libKF5ConfigCore5-64bit-5.45.0-bp150.3.8.2 libKF5ConfigCore5-lang-5.45.0-bp150.3.8.2 libKF5ConfigGui5-5.45.0-bp150.3.8.2 libKF5ConfigGui5-64bit-5.45.0-bp150.3.8.2 libkde4-4.14.38-bp150.3.8.1 libkde4-64bit-4.14.38-bp150.3.8.1 libkde4-devel-4.14.38-bp150.3.8.1 libkdecore4-4.14.38-bp150.3.8.1 libkdecore4-64bit-4.14.38-bp150.3.8.1 libkdecore4-devel-4.14.38-bp150.3.8.1 libksuseinstall-devel-4.14.38-bp150.3.8.1 libksuseinstall1-4.14.38-bp150.3.8.1 libksuseinstall1-64bit-4.14.38-bp150.3.8.1 kconf_update5-5.45.0-bp150.3.8.2 as a component of SUSE Package Hub 15 kconfig-devel-5.45.0-bp150.3.8.2 as a component of SUSE Package Hub 15 kconfig-devel-64bit-5.45.0-bp150.3.8.2 as a component of SUSE Package Hub 15 kdelibs4-4.14.38-bp150.3.8.1 as a component of SUSE Package Hub 15 kdelibs4-apidocs-4.14.38-bp150.3.8.1 as a component of SUSE Package Hub 15 kdelibs4-branding-upstream-4.14.38-bp150.3.8.1 as a component of SUSE Package Hub 15 kdelibs4-core-4.14.38-bp150.3.8.1 as a component of SUSE Package Hub 15 kdelibs4-doc-4.14.38-bp150.3.8.1 as a component of SUSE Package Hub 15 libKF5ConfigCore5-5.45.0-bp150.3.8.2 as a component of SUSE Package Hub 15 libKF5ConfigCore5-64bit-5.45.0-bp150.3.8.2 as a component of SUSE Package Hub 15 libKF5ConfigCore5-lang-5.45.0-bp150.3.8.2 as a component of SUSE Package Hub 15 libKF5ConfigGui5-5.45.0-bp150.3.8.2 as a component of SUSE Package Hub 15 libKF5ConfigGui5-64bit-5.45.0-bp150.3.8.2 as a component of SUSE Package Hub 15 libkde4-4.14.38-bp150.3.8.1 as a component of SUSE Package Hub 15 libkde4-64bit-4.14.38-bp150.3.8.1 as a component of SUSE Package Hub 15 libkde4-devel-4.14.38-bp150.3.8.1 as a component of SUSE Package Hub 15 libkdecore4-4.14.38-bp150.3.8.1 as a component of SUSE Package Hub 15 libkdecore4-64bit-4.14.38-bp150.3.8.1 as a component of SUSE Package Hub 15 libkdecore4-devel-4.14.38-bp150.3.8.1 as a component of SUSE Package Hub 15 libksuseinstall-devel-4.14.38-bp150.3.8.1 as a component of SUSE Package Hub 15 libksuseinstall1-4.14.38-bp150.3.8.1 as a component of SUSE Package Hub 15 libksuseinstall1-64bit-4.14.38-bp150.3.8.1 as a component of SUSE Package Hub 15 In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop file. CVE-2019-14744 SUSE Package Hub 15:kconf_update5-5.45.0-bp150.3.8.2 SUSE Package Hub 15:kconfig-devel-5.45.0-bp150.3.8.2 SUSE Package Hub 15:kconfig-devel-64bit-5.45.0-bp150.3.8.2 SUSE Package Hub 15:kdelibs4-4.14.38-bp150.3.8.1 SUSE Package Hub 15:kdelibs4-apidocs-4.14.38-bp150.3.8.1 SUSE Package Hub 15:kdelibs4-branding-upstream-4.14.38-bp150.3.8.1 SUSE Package Hub 15:kdelibs4-core-4.14.38-bp150.3.8.1 SUSE Package Hub 15:kdelibs4-doc-4.14.38-bp150.3.8.1 SUSE Package Hub 15:libKF5ConfigCore5-5.45.0-bp150.3.8.2 SUSE Package Hub 15:libKF5ConfigCore5-64bit-5.45.0-bp150.3.8.2 SUSE Package Hub 15:libKF5ConfigCore5-lang-5.45.0-bp150.3.8.2 SUSE Package Hub 15:libKF5ConfigGui5-5.45.0-bp150.3.8.2 SUSE Package Hub 15:libKF5ConfigGui5-64bit-5.45.0-bp150.3.8.2 SUSE Package Hub 15:libkde4-4.14.38-bp150.3.8.1 SUSE Package Hub 15:libkde4-64bit-4.14.38-bp150.3.8.1 SUSE Package Hub 15:libkde4-devel-4.14.38-bp150.3.8.1 SUSE Package Hub 15:libkdecore4-4.14.38-bp150.3.8.1 SUSE Package Hub 15:libkdecore4-64bit-4.14.38-bp150.3.8.1 SUSE Package Hub 15:libkdecore4-devel-4.14.38-bp150.3.8.1 SUSE Package Hub 15:libksuseinstall-devel-4.14.38-bp150.3.8.1 SUSE Package Hub 15:libksuseinstall1-4.14.38-bp150.3.8.1 SUSE Package Hub 15:libksuseinstall1-64bit-4.14.38-bp150.3.8.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/opensuse-security-announce/2019-08/msg00016.html https://www.suse.com/security/cve/CVE-2019-14744.html CVE-2019-14744 https://bugzilla.suse.com/1144600 SUSE Bug 1144600