*** This bug is a security vulnerability *** Public security bug reported:
KDE Project Security Advisory ============================= Title: Konversation: Crash in IRC message parsing Risk Rating: High CVE: CVE-2017-15923 Versions: konversation <= 1.7.2 Date: 12 November 2017 Overview ======== Konversation has support for colors in IRC messages. Any malicious user connected to the same IRC network can send a carefully crafted message that will crash the Konversation user client. Workaround ========== Go to Interface → Colors in the Configure Konversation dialog and uncheck Allow Colored Text in IRC Messages (near the bottom) Solution ======== Update to Konversation > 1.7.2 Or apply the following patches: 1.7: https://cgit.kde.org/konversation.git/commit/?h=1.7&id=34cc9556c1a089fac6b674d3bd6f2248e9512902 1.6: https://cgit.kde.org/konversation.git/commit/?h=1.6&id=cebf8d7658b0e3afb0292c273704ec4d2ea4019f 1.5: https://cgit.kde.org/konversation.git/commit/?h=1.5&id=6a7f59ee1b9dbc6e5cf9e5f3b306504d02b73ef0 1.4: the patch for 1.5 will apply, but you should upgrade Credits ======= Thanks to Joseph Bisch for the report and to Eli MacKenzie for the fix. ** Affects: kubuntu-ppa Importance: High Assignee: Simon Quigley (tsimonq2) Status: Triaged ** Affects: konversation (Ubuntu) Importance: High Status: Fix Released ** Affects: konversation (Ubuntu Trusty) Importance: High Assignee: Simon Quigley (tsimonq2) Status: Triaged ** Affects: konversation (Ubuntu Xenial) Importance: High Assignee: Simon Quigley (tsimonq2) Status: Triaged ** Affects: konversation (Ubuntu Zesty) Importance: High Assignee: Simon Quigley (tsimonq2) Status: Triaged ** Affects: konversation (Ubuntu Artful) Importance: High Assignee: Simon Quigley (tsimonq2) Status: Triaged ** Affects: konversation (Ubuntu Bionic) Importance: High Status: Fix Released ** Also affects: konversation (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: konversation (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: konversation (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: konversation (Ubuntu Artful) Importance: Undecided Status: New ** Also affects: konversation (Ubuntu Zesty) Importance: Undecided Status: New ** Changed in: konversation (Ubuntu Bionic) Status: New => Fix Released ** Changed in: konversation (Ubuntu Trusty) Status: New => Triaged ** Changed in: konversation (Ubuntu Xenial) Status: New => Triaged ** Changed in: konversation (Ubuntu Zesty) Status: New => Triaged ** Changed in: konversation (Ubuntu Artful) Status: New => Triaged ** Changed in: konversation (Ubuntu Trusty) Importance: Undecided => High ** Changed in: konversation (Ubuntu Xenial) Importance: Undecided => High ** Changed in: konversation (Ubuntu Zesty) Importance: Undecided => High ** Changed in: konversation (Ubuntu Artful) Importance: Undecided => High ** Changed in: konversation (Ubuntu Bionic) Importance: Undecided => High ** Changed in: konversation (Ubuntu Trusty) Assignee: (unassigned) => Simon Quigley (tsimonq2) ** Changed in: konversation (Ubuntu Xenial) Assignee: (unassigned) => Simon Quigley (tsimonq2) ** Changed in: konversation (Ubuntu Zesty) Assignee: (unassigned) => Simon Quigley (tsimonq2) ** Changed in: konversation (Ubuntu Artful) Assignee: (unassigned) => Simon Quigley (tsimonq2) ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-15923 ** Also affects: kubuntu-ppa Importance: Undecided Status: New ** Changed in: kubuntu-ppa Assignee: (unassigned) => Simon Quigley (tsimonq2) ** Changed in: kubuntu-ppa Importance: Undecided => High ** Changed in: kubuntu-ppa Status: New => Triaged -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1731797 Title: [CVE] Crash in IRC message parsing To manage notifications about this bug go to: https://bugs.launchpad.net/kubuntu-ppa/+bug/1731797/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
