|
|
Subscribe / Log in / New account

kde-workspace: multiple vulnerabilities

Package(s):kde-workspace CVE #(s):CVE-2013-4132 CVE-2013-4133
Created:July 18, 2013 Updated:August 5, 2013
Description:

From the KDE bug report:

If KDM uses raw crypt() authentication (or pw_encrypt() on a patched Shadow system; see: https://alioth.debian.org/tracker/index.php?func=detail&aid=314234 ), instead of higher-level authentication such as PAM, and that crypt() can return a NULL pointer (as glibc 2.17+ does when passed a DES/MD5 encrypted passwords on Linux systems in FIPS-140 mode), then attempting to login to such an account via KDM crashes the daemon. (CVE-2013-4132)

From the KDE bug report:

Blinking systray icons are causing X to leak memory and plasma-desktop is to blame

In less than 24h it's using 100+ MB memory and the icon wasn't blinking most of the time. When the icon is not blinking then the used memory stays the same. As soon as icon starts to blink the memory usage in X also starts to grow. (CVE-2013-4133)

Alerts:
Fedora FEDORA-2013-13518 kde-workspace 2013-08-04
openSUSE openSUSE-SU-2013:1291-1 kdebase4-workspace 2013-08-02
openSUSE openSUSE-SU-2013:1253-1 kdebase4-workspace 2013-07-25
Fedora FEDORA-2013-13098 kde-workspace 2013-07-18
Mageia MGASA-2013-0269 kde 2013-09-01
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds