Changeset View
Changeset View
Standalone View
Standalone View
_posts/2017-11-11-news1117_2.md
- This file was added.
| 1 | --- | ||||
|---|---|---|---|---|---|
| 2 | title: Security advisory; Crash in parsing IRC color formatting codes | ||||
| 3 | date: 2017-11-11 | ||||
| 4 | layout: post | ||||
| 5 | --- | ||||
| 6 | Recently, we have been alerted* to a Konversation bug that will result in a crash when parsing certain IRC color formatting codes. Konversation v1.7.3 has been released today (see release post below) and contains a fix for this bug. Additionally, we have updated the [1.5](https://cgit.kde.org/konversation.git/log/?h=1.5) and [1.6](https://cgit.kde.org/konversation.git/log/?h=1.6) branches with the fix as well, and encourage distributions still shipping a 1.5.x or 1.6.x version to apply the relevant [patch](https://cgit.kde.org/konversation.git/commit/?h=1.7&id=6a7f59ee1b9dbc6e5cf9e5f3b306504d02b73ef0). If you are using v1.4.x, please upgrade, as it is affected as well. | ||||
| 7 | | ||||
| 8 | If you are unable to upgrade to a fixed version right now, there's also a configuration workaround available: You can head to *Interface → Colors* in the *Configure Konversation* dialog and uncheck *Allow Colored Text in IRC Messages* (near the bottom) until you upgrade to v1.7.3 or a patched version of Konversation. | ||||
| 9 | | ||||
| 10 | <s>We will update this post with the relevant CVE number once available.</s> Update: The vulnerability has been assigned CVE-2017-15923. | ||||
| 11 | | ||||
| 12 | In summary: | ||||
| 13 | | ||||
| 14 | <table> | ||||
| 15 | <tr> | ||||
| 16 | <th>Affected version</th> | ||||
| 17 | <th>Action to take now</th> | ||||
| 18 | </tr> | ||||
| 19 | <tr> | ||||
| 20 | <td>v1.4.x</td> | ||||
| 21 | <td>Apply config workround (above) or upgrade to fixed/patched version (below)</td> | ||||
| 22 | </tr> | ||||
| 23 | <tr> | ||||
| 24 | <td>v1.5.x—v1.6.x</td> | ||||
| 25 | <td>Apply <a href="https://cgit.kde.org/konversation.git/commit/?h=1.7&id=6a7f59ee1b9dbc6e5cf9e5f3b306504d02b73ef0">patch</a> or config workaround (above)</td> | ||||
| 26 | </tr> | ||||
| 27 | <tr> | ||||
| 28 | <td>v1.7.0—v1.7.2</td> | ||||
| 29 | <td>Upgrade to v1.7.3 (out now) or apply <a href="https://cgit.kde.org/konversation.git/commit/?h=1.7&id=6a7f59ee1b9dbc6e5cf9e5f3b306504d02b73ef0">patch</a> or config workaround (above)</td> | ||||
| 30 | </tr> | ||||
| 31 | </table> | ||||
| 32 | | ||||
| 33 | ** Thanks to Joseph Bisch!* | ||||
| 34 | | ||||