[SECURITY] Fedora 20 Update: kfilemetadata-4.14.1-1.fc20
updates at fedoraproject.org
updates at fedoraproject.org
Sat Sep 27 09:47:47 UTC 2014
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-11448
2014-09-25 09:30:40
--------------------------------------------------------------------------------
Name : kfilemetadata
Product : Fedora 20
Version : 4.14.1
Release : 1.fc20
URL : https://projects.kde.org/projects/kde/kdelibs/kfilemetadata
Summary : A library for extracting file metadata
Description :
A library for extracting file metadata.
--------------------------------------------------------------------------------
Update Information:
KDE released updates for its Applications and Development Platform, the first in a series of monthly stabilization updates to the 4.14 series. This update also includes the latest stable calligra-2.8.6 and digikam-4.3.0 releases. See also http://kde.org/announcements/4.14/ , http://kde.org/announcements/announce-4.14.1.php , https://www.calligra.org/news/calligra-2-8-6-released/ , https://www.digikam.org/node/718
The update also addresses CVE-2014-5033, fixed in kdelibs ≥ 4.14.0: KAuth was calling PolicyKit 1 (polkit) in an insecure way.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1094890 - CVE-2014-5033 polkit-qt: insecure calling of polkit
https://bugzilla.redhat.com/show_bug.cgi?id=1094890
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update kfilemetadata' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list