[Bug 1731797] [NEW] [CVE] Crash in IRC message parsing

Launchpad Bug Tracker 1731797 at bugs.launchpad.net
Sun Nov 12 20:42:35 UTC 2017 

*** This bug is a security vulnerability ***

You have been subscribed to a public security bug by Simon Quigley (tsimonq2):

KDE Project Security Advisory
=============================

Title:          Konversation: Crash in IRC message parsing
Risk Rating:    High
CVE:            CVE-2017-15923
Versions:       konversation <= 1.7.2
Date:           12 November 2017


Overview
========
Konversation has support for colors in IRC messages. Any malicious user connected to the
same IRC network can send a carefully crafted message that will crash the Konversation user client.


Workaround
==========
Go to Interface → Colors in the Configure Konversation dialog and uncheck Allow Colored Text in IRC Messages (near the bottom)

Solution
========
Update to Konversation > 1.7.2

Or apply the following patches:
1.7: https://cgit.kde.org/konversation.git/commit/?h=1.7&id=34cc9556c1a089fac6b674d3bd6f2248e9512902
1.6: https://cgit.kde.org/konversation.git/commit/?h=1.6&id=cebf8d7658b0e3afb0292c273704ec4d2ea4019f
1.5: https://cgit.kde.org/konversation.git/commit/?h=1.5&id=6a7f59ee1b9dbc6e5cf9e5f3b306504d02b73ef0
1.4: the patch for 1.5 will apply, but you should upgrade

Credits
=======
Thanks to Joseph Bisch for the report and to Eli MacKenzie for the fix.

** Affects: konversation (Ubuntu)
     Importance: High
         Status: Fix Released

** Affects: konversation (Ubuntu Trusty)
     Importance: High
     Assignee: Simon Quigley (tsimonq2)
         Status: Triaged

** Affects: konversation (Ubuntu Xenial)
     Importance: High
     Assignee: Simon Quigley (tsimonq2)
         Status: Triaged

** Affects: konversation (Ubuntu Zesty)
     Importance: High
     Assignee: Simon Quigley (tsimonq2)
         Status: Triaged

** Affects: konversation (Ubuntu Artful)
     Importance: High
     Assignee: Simon Quigley (tsimonq2)
         Status: Triaged

** Affects: konversation (Ubuntu Bionic)
     Importance: High
         Status: Fix Released

-- 
[CVE] Crash in IRC message parsing
https://bugs.launchpad.net/bugs/1731797
You received this bug notification because you are a member of Kubuntu Developers, which is subscribed to the bug report.

More information about the Ubuntu-reviews mailing list