Test ID:	1.3.6.1.4.1.25623.1.1.13.2019.220.01
Category:	Slackware Local Security Checks
Title:	Slackware: Security Advisory (SSA:2019-220-01)
Summary:	The remote host is missing an update for the 'kdelibs' package(s) announced via the SSA:2019-220-01 advisory.
Description:	Summary: The remote host is missing an update for the 'kdelibs' package(s) announced via the SSA:2019-220-01 advisory. Vulnerability Insight: New kdelibs packages are available for Slackware 14.2 and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: +--------------------------+ patches/packages/kdelibs-4.14.38-i586-1_slack14.2.txz: Upgraded. kconfig: malicious .desktop files (and others) would execute code. For more information, see: [links moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'kdelibs' package(s) on Slackware 14.2, Slackware current. Solution: Please install the updated package(s). CVSS Score: 5.1 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2019-14744 Bugtraq: 20190808 [slackware-security] kdelibs (SSA:2019-220-01) (Google Search) https://seclists.org/bugtraq/2019/Aug/9 Bugtraq: 20190812 [SECURITY] [DSA 4494-1] kconfig security update (Google Search) https://seclists.org/bugtraq/2019/Aug/12 Debian Security Information: DSA-4494 (Google Search) https://www.debian.org/security/2019/dsa-4494 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YIDXQ6CUB5E7Y3MJWCUY4VR42QAE6SCJ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTFBQRJAU7ITD3TOMPZAUQMYYCAZ6DTX/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UYKLUSSEK3YJOVQDL6K2LKGS3354UH6L/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IRIKH7ZWXELIQT6WSLV7EG3VTFWKZPD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNHO6FZRYBQ2R3UCFDGS66F6DNNTKCMM/ https://security.gentoo.org/glsa/201908-07 http://packetstormsecurity.com/files/153981/Slackware-Security-Advisory-kdelibs-Updates.html https://gist.githubusercontent.com/zeropwn/630832df151029cb8f22d5b6b9efaefb/raw/64aa3d30279acb207f787ce9c135eefd5e52643b/kde-kdesktopfile-command-injection.txt https://www.zdnet.com/article/unpatched-kde-vulnerability-disclosed-on-twitter/ https://lists.debian.org/debian-lts-announce/2019/08/msg00023.html RedHat Security Advisories: RHSA-2019:2606 https://access.redhat.com/errata/RHSA-2019:2606 SuSE Security Announcement: openSUSE-SU-2019:1851 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00013.html SuSE Security Announcement: openSUSE-SU-2019:1855 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00016.html SuSE Security Announcement: openSUSE-SU-2019:1898 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00034.html https://usn.ubuntu.com/4100-1/
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.