Upstream information

CVE-2014-3494 at MITRE

Description

kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive information via an invalid certificate.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.3
Vector AV:N/AC:M/Au:N/C:P/I:N/A:N
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None
SUSE Bugzilla entry: 883374 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 13.1
  • kdebase4-runtime >= 4.11.5-482.6
  • kdebase4-runtime-branding-upstream >= 4.11.5-482.6
  • kdebase4-runtime-debuginfo >= 4.11.5-482.6
  • kdebase4-runtime-debugsource >= 4.11.5-482.6
  • kdebase4-runtime-devel >= 4.11.5-482.6
  • kdelibs4 >= 4.11.5-488.2
  • kdelibs4-apidocs >= 4.11.5-488.3
  • kdelibs4-branding-upstream >= 4.11.5-488.2
  • kdelibs4-core >= 4.11.5-488.2
  • kdelibs4-core-debuginfo >= 4.11.5-488.2
  • kdelibs4-debuginfo >= 4.11.5-488.2
  • kdelibs4-debugsource >= 4.11.5-488.2
  • kdelibs4-doc >= 4.11.5-488.2
  • kdelibs4-doc-debuginfo >= 4.11.5-488.2
  • konversation >= 1.5.1-3.4.3
  • konversation-debuginfo >= 1.5.1-3.4.3
  • konversation-debugsource >= 1.5.1-3.4.3
  • konversation-lang >= 1.5.1-3.4.3
  • kwebkitpart >= 1.3.3-2.4.1
  • kwebkitpart-debuginfo >= 1.3.3-2.4.1
  • kwebkitpart-debugsource >= 1.3.3-2.4.1
  • kwebkitpart-lang >= 1.3.3-2.4.1
  • libkde4 >= 4.11.5-488.2
  • libkde4-32bit >= 4.11.5-488.2
  • libkde4-debuginfo >= 4.11.5-488.2
  • libkde4-debuginfo-32bit >= 4.11.5-488.2
  • libkde4-devel >= 4.11.5-488.2
  • libkdecore4 >= 4.11.5-488.2
  • libkdecore4-32bit >= 4.11.5-488.2
  • libkdecore4-debuginfo >= 4.11.5-488.2
  • libkdecore4-debuginfo-32bit >= 4.11.5-488.2
  • libkdecore4-devel >= 4.11.5-488.2
  • libkdecore4-devel-debuginfo >= 4.11.5-488.2
  • libksuseinstall-devel >= 4.11.5-488.2
  • libksuseinstall1 >= 4.11.5-488.2
  • libksuseinstall1-32bit >= 4.11.5-488.2
  • libksuseinstall1-debuginfo >= 4.11.5-488.2
  • libksuseinstall1-debuginfo-32bit >= 4.11.5-488.2
  • libqt4 >= 4.8.5-5.17.1
  • libqt4-32bit >= 4.8.5-5.17.1
  • libqt4-debuginfo >= 4.8.5-5.17.1
  • libqt4-debuginfo-32bit >= 4.8.5-5.17.1
  • libqt4-debugsource >= 4.8.5-5.17.1
  • libqt4-devel >= 4.8.5-5.17.1
  • libqt4-devel-debuginfo >= 4.8.5-5.17.1
  • libqt4-devel-doc >= 4.8.5-5.17.2
  • libqt4-devel-doc-data >= 4.8.5-5.17.2
  • libqt4-devel-doc-debuginfo >= 4.8.5-5.17.2
  • libqt4-devel-doc-debugsource >= 4.8.5-5.17.2
  • libqt4-linguist >= 4.8.5-5.17.1
  • libqt4-linguist-debuginfo >= 4.8.5-5.17.1
  • libqt4-private-headers-devel >= 4.8.5-5.17.1
  • libqt4-qt3support >= 4.8.5-5.17.1
  • libqt4-qt3support-32bit >= 4.8.5-5.17.1
  • libqt4-qt3support-debuginfo >= 4.8.5-5.17.1
  • libqt4-qt3support-debuginfo-32bit >= 4.8.5-5.17.1
  • libqt4-sql >= 4.8.5-5.17.1
  • libqt4-sql-32bit >= 4.8.5-5.17.1
  • libqt4-sql-debuginfo >= 4.8.5-5.17.1
  • libqt4-sql-debuginfo-32bit >= 4.8.5-5.17.1
  • libqt4-sql-mysql >= 4.8.5-5.17.1
  • libqt4-sql-mysql-32bit >= 4.8.5-5.17.1
  • libqt4-sql-mysql-debuginfo >= 4.8.5-5.17.1
  • libqt4-sql-mysql-debuginfo-32bit >= 4.8.5-5.17.1
  • libqt4-sql-plugins >= 4.8.5-5.17.1
  • libqt4-sql-plugins-debugsource >= 4.8.5-5.17.1
  • libqt4-sql-postgresql >= 4.8.5-5.17.1
  • libqt4-sql-postgresql-32bit >= 4.8.5-5.17.1
  • libqt4-sql-postgresql-debuginfo >= 4.8.5-5.17.1
  • libqt4-sql-postgresql-debuginfo-32bit >= 4.8.5-5.17.1
  • libqt4-sql-sqlite >= 4.8.5-5.17.1
  • libqt4-sql-sqlite-32bit >= 4.8.5-5.17.1
  • libqt4-sql-sqlite-debuginfo >= 4.8.5-5.17.1
  • libqt4-sql-sqlite-debuginfo-32bit >= 4.8.5-5.17.1
  • libqt4-sql-unixODBC >= 4.8.5-5.17.1
  • libqt4-sql-unixODBC-32bit >= 4.8.5-5.17.1
  • libqt4-sql-unixODBC-debuginfo >= 4.8.5-5.17.1
  • libqt4-sql-unixODBC-debuginfo-32bit >= 4.8.5-5.17.1
  • libqt4-x11 >= 4.8.5-5.17.1
  • libqt4-x11-32bit >= 4.8.5-5.17.1
  • libqt4-x11-debuginfo >= 4.8.5-5.17.1
  • libqt4-x11-debuginfo-32bit >= 4.8.5-5.17.1
  • plasma-theme-oxygen >= 4.11.5-482.6
  • qt4-x11-tools >= 4.8.5-5.17.2
  • qt4-x11-tools-debuginfo >= 4.8.5-5.17.2
Patchnames:
openSUSE-2015-251
openSUSE Leap 15.0
  • kdelibs4 >= 4.14.38-lp150.5.34
  • kdelibs4-branding-upstream >= 4.14.38-lp150.5.34
  • kdelibs4-core >= 4.14.38-lp150.5.34
  • libkde4 >= 4.14.38-lp150.5.34
  • libkdecore4 >= 4.14.38-lp150.5.34
  • libksuseinstall1 >= 4.14.38-lp150.5.34
Patchnames:
openSUSE Leap 15.0 GA kdelibs4
openSUSE Leap 42.1
  • kdelibs4 >= 4.14.10-2.11
  • kdelibs4-core >= 4.14.10-2.11
  • kdelibs4-doc >= 4.14.10-2.11
  • libkde4 >= 4.14.10-2.11
  • libkde4-devel >= 4.14.10-2.11
  • libkdecore4 >= 4.14.10-2.11
  • libkdecore4-devel >= 4.14.10-2.11
  • libksuseinstall1 >= 4.14.10-2.11
Patchnames:
openSUSE Leap 42.1 GA kdelibs4
openSUSE Leap 42.2
  • kdelibs4 >= 4.14.25-1.1
  • kdelibs4-core >= 4.14.25-1.1
  • kdelibs4-doc >= 4.14.25-1.1
  • libkde4 >= 4.14.25-1.1
  • libkde4-devel >= 4.14.25-1.1
  • libkdecore4 >= 4.14.25-1.1
  • libkdecore4-devel >= 4.14.25-1.1
  • libksuseinstall1 >= 4.14.25-1.1
Patchnames:
openSUSE Leap 42.2 GA kdelibs4
openSUSE Leap 42.3
  • kdelibs4 >= 4.14.33-1.4
  • kdelibs4-core >= 4.14.33-1.4
  • kdelibs4-doc >= 4.14.33-1.4
  • libkde4 >= 4.14.33-1.4
  • libkde4-devel >= 4.14.33-1.4
  • libkdecore4 >= 4.14.33-1.4
  • libkdecore4-devel >= 4.14.33-1.4
  • libksuseinstall1 >= 4.14.33-1.4
Patchnames:
openSUSE Leap 42.3 GA kdelibs4
openSUSE Tumbleweed
  • kdelibs4 >= 4.14.27-1.1
  • kdelibs4-apidocs >= 4.14.27-1.1
  • kdelibs4-branding-upstream >= 4.14.27-1.1
  • kdelibs4-core >= 4.14.27-1.1
  • kdelibs4-doc >= 4.14.27-1.1
  • libkde4 >= 4.14.27-1.1
  • libkde4-32bit >= 4.14.27-1.1
  • libkde4-devel >= 4.14.27-1.1
  • libkdecore4 >= 4.14.27-1.1
  • libkdecore4-32bit >= 4.14.27-1.1
  • libkdecore4-devel >= 4.14.27-1.1
  • libksuseinstall-devel >= 4.14.27-1.1
  • libksuseinstall1 >= 4.14.27-1.1
  • libksuseinstall1-32bit >= 4.14.27-1.1
Patchnames:
openSUSE Tumbleweed GA kdelibs4