Test ID:	1.3.6.1.4.1.25623.1.0.704494
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-4494-1)
Summary:	The remote host is missing an update for the Debian 'kconfig' package(s) announced via the DSA-4494-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'kconfig' package(s) announced via the DSA-4494-1 advisory. Vulnerability Insight: Dominik Penner discovered that KConfig, the KDE configuration settings framework, supported a feature to define shell command execution in .desktop files. If a user is provided with a malformed .desktop file (e.g. if it's embedded into a downloaded archive and it gets opened in a file browser) arbitrary commands could get executed. This update removes this feature. For the oldstable distribution (stretch), this problem has been fixed in version 5.28.0-2+deb9u1. For the stable distribution (buster), this problem has been fixed in version 5.54.0-1+deb10u1. We recommend that you upgrade your kconfig packages. For the detailed security status of kconfig please refer to its security tracker page at: [link moved to references] Affected Software/OS: 'kconfig' package(s) on Debian 9, Debian 10. Solution: Please install the updated package(s). CVSS Score: 5.1 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2019-14744 Bugtraq: 20190808 [slackware-security] kdelibs (SSA:2019-220-01) (Google Search) https://seclists.org/bugtraq/2019/Aug/9 Bugtraq: 20190812 [SECURITY] [DSA 4494-1] kconfig security update (Google Search) https://seclists.org/bugtraq/2019/Aug/12 Debian Security Information: DSA-4494 (Google Search) https://www.debian.org/security/2019/dsa-4494 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YIDXQ6CUB5E7Y3MJWCUY4VR42QAE6SCJ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTFBQRJAU7ITD3TOMPZAUQMYYCAZ6DTX/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UYKLUSSEK3YJOVQDL6K2LKGS3354UH6L/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IRIKH7ZWXELIQT6WSLV7EG3VTFWKZPD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNHO6FZRYBQ2R3UCFDGS66F6DNNTKCMM/ https://security.gentoo.org/glsa/201908-07 http://packetstormsecurity.com/files/153981/Slackware-Security-Advisory-kdelibs-Updates.html https://gist.githubusercontent.com/zeropwn/630832df151029cb8f22d5b6b9efaefb/raw/64aa3d30279acb207f787ce9c135eefd5e52643b/kde-kdesktopfile-command-injection.txt https://www.zdnet.com/article/unpatched-kde-vulnerability-disclosed-on-twitter/ https://lists.debian.org/debian-lts-announce/2019/08/msg00023.html RedHat Security Advisories: RHSA-2019:2606 https://access.redhat.com/errata/RHSA-2019:2606 SuSE Security Announcement: openSUSE-SU-2019:1851 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00013.html SuSE Security Announcement: openSUSE-SU-2019:1855 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00016.html SuSE Security Announcement: openSUSE-SU-2019:1898 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00034.html https://usn.ubuntu.com/4100-1/
Copyright	Copyright (C) 2019 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.