Changeset View
Changeset View
Standalone View
Standalone View
_posts/2017-11-11-news1117_2.md
- This file was added.
1 | --- | ||||
---|---|---|---|---|---|
2 | title: Security advisory; Crash in parsing IRC color formatting codes | ||||
3 | date: 2017-11-11 | ||||
4 | layout: post | ||||
5 | --- | ||||
6 | Recently, we have been alerted* to a Konversation bug that will result in a crash when parsing certain IRC color formatting codes. Konversation v1.7.3 has been released today (see release post below) and contains a fix for this bug. Additionally, we have updated the [1.5](https://cgit.kde.org/konversation.git/log/?h=1.5) and [1.6](https://cgit.kde.org/konversation.git/log/?h=1.6) branches with the fix as well, and encourage distributions still shipping a 1.5.x or 1.6.x version to apply the relevant [patch](https://cgit.kde.org/konversation.git/commit/?h=1.7&id=6a7f59ee1b9dbc6e5cf9e5f3b306504d02b73ef0). If you are using v1.4.x, please upgrade, as it is affected as well. | ||||
7 | | ||||
8 | If you are unable to upgrade to a fixed version right now, there's also a configuration workaround available: You can head to *Interface → Colors* in the *Configure Konversation* dialog and uncheck *Allow Colored Text in IRC Messages* (near the bottom) until you upgrade to v1.7.3 or a patched version of Konversation. | ||||
9 | | ||||
10 | <s>We will update this post with the relevant CVE number once available.</s> Update: The vulnerability has been assigned CVE-2017-15923. | ||||
11 | | ||||
12 | In summary: | ||||
13 | | ||||
14 | <table> | ||||
15 | <tr> | ||||
16 | <th>Affected version</th> | ||||
17 | <th>Action to take now</th> | ||||
18 | </tr> | ||||
19 | <tr> | ||||
20 | <td>v1.4.x</td> | ||||
21 | <td>Apply config workround (above) or upgrade to fixed/patched version (below)</td> | ||||
22 | </tr> | ||||
23 | <tr> | ||||
24 | <td>v1.5.x—v1.6.x</td> | ||||
25 | <td>Apply <a href="https://cgit.kde.org/konversation.git/commit/?h=1.7&id=6a7f59ee1b9dbc6e5cf9e5f3b306504d02b73ef0">patch</a> or config workaround (above)</td> | ||||
26 | </tr> | ||||
27 | <tr> | ||||
28 | <td>v1.7.0—v1.7.2</td> | ||||
29 | <td>Upgrade to v1.7.3 (out now) or apply <a href="https://cgit.kde.org/konversation.git/commit/?h=1.7&id=6a7f59ee1b9dbc6e5cf9e5f3b306504d02b73ef0">patch</a> or config workaround (above)</td> | ||||
30 | </tr> | ||||
31 | </table> | ||||
32 | | ||||
33 | ** Thanks to Joseph Bisch!* | ||||
34 | |