CVE-2014-3494

Published: 1 July 2014

kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive information via an invalid certificate.

Notes

Author	Note
mdeslaur	affects 4.10.95 to 4.13.2

Priority

Status

Package	Release	Status
kde4libs Launchpad, Ubuntu, Debian	lucid	Ignored (end of life)
	precise	Not vulnerable (4:4.8.5-0ubuntu0.3)
	saucy	Released (4:4.11.5-0ubuntu0.3)
	trusty	Released (4:4.13.1-0ubuntu0.2)
	upstream	Needs triage

References

http://quickgit.kde.org/?p=kdelibs.git&a=commitdiff&h=bbae87dc1be3ae063796a582774bd5642cacdd5d&hp=1ccdb43ed3b32a7798eec6d39bb3c83a6e40228f
https://www.cve.org/CVERecord?id=CVE-2014-3494
NVD
Launchpad
Debian

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752052
https://bugs.launchpad.net/ubuntu/+source/kde4libs/+bug/1332064

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›