Synopsis
Important: kdelibs and kde-settings security and bug fix update
Type/Severity
Security Advisory: Important
Topic
An update for kdelibs and kde-setting is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The K Desktop Environment (KDE) is a graphical desktop environment for the X Window System. The kdelibs packages include core libraries for the K Desktop Environment.
Security Fix(es):
- kdelibs: malicious desktop files and configuration files lead to code execution with minimal user interaction (CVE-2019-14744)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- kde.csh profile file contains bourne-shell code (BZ#1740042)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The desktop must be restarted (log out, then log back in) for this update to take effect.
Affected Products
-
Red Hat Enterprise Linux Server 7 x86_64
-
Red Hat Enterprise Linux Server - Extended Update Support 7.7 x86_64
-
Red Hat Enterprise Linux Server - AUS 7.7 x86_64
-
Red Hat Enterprise Linux Workstation 7 x86_64
-
Red Hat Enterprise Linux Desktop 7 x86_64
-
Red Hat Enterprise Linux for IBM z Systems 7 s390x
-
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.7 s390x
-
Red Hat Enterprise Linux for Power, big endian 7 ppc64
-
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.7 ppc64
-
Red Hat Enterprise Linux for Scientific Computing 7 x86_64
-
Red Hat Enterprise Linux EUS Compute Node 7.7 x86_64
-
Red Hat Enterprise Linux for Power, little endian 7 ppc64le
-
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.7 ppc64le
-
Red Hat Enterprise Linux Server - TUS 7.7 x86_64
-
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.7 ppc64le
-
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.7 x86_64
Fixes
- BZ - 1740042 - kde.csh profile file contains bourne-shell code [rhel-7.7.z]
- BZ - 1740138 - CVE-2019-14744 kdelibs: malicious desktop files and configuration files lead to code execution with minimal user interaction
CVEs
References