CVE-2014-3494

Publication date 1 July 2014

Last updated 24 July 2024

Ubuntu priority

kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive information via an invalid certificate.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
kde4libs	14.04 LTS trusty	Fixed 4:4.13.1-0ubuntu0.2
	13.10 saucy	Fixed 4:4.11.5-0ubuntu0.3
	12.04 LTS precise	Not affected
	10.04 LTS lucid	Ignored end of life

How can I get the fixes?
What do statuses mean?

Notes

mdeslaur

affects 4.10.95 to 4.13.2

References

MITRE
NVD
Launchpad
Debian

Other references

http://quickgit.kde.org/?p=kdelibs.git&a=commitdiff&h=bbae87dc1be3ae063796a582774bd5642cacdd5d&hp=1ccdb43ed3b32a7798eec6d39bb3c83a6e40228f
https://www.cve.org/CVERecord?id=CVE-2014-3494