CVE-2017-6410

Priority
Medium
Description
kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls the
PAC FindProxyForURL function with a full https URL (potentially including
Basic Authentication credentials, a query string, or PATH_INFO), which
allows remote attackers to obtain sensitive information via a crafted PAC
file.
References
Bugs
Package
Source: kio (LP Ubuntu Debian)
Upstream:needed
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu Touch 15.04:DNE
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (5.18.0-0ubuntu1.1)
Ubuntu 16.10 (Yakkety Yak):released (5.26.0-0ubuntu2.1)
Ubuntu 17.04 (Zesty Zapus):released (5.31.0-0ubuntu2)
Package
Upstream:needed
Ubuntu 12.04 LTS (Precise Pangolin):released (4:4.8.5-0ubuntu0.6)
Ubuntu 14.04 LTS (Trusty Tahr):released (4:4.13.3-0ubuntu0.4)
Ubuntu Touch 15.04:DNE
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (4:4.14.16-0ubuntu3.1)
Ubuntu 16.10 (Yakkety Yak):released (4:4.14.22-0ubuntu2.1)
Ubuntu 17.04 (Zesty Zapus):released (4:4.14.28-0ubuntu3)
More Information

Updated: 2017-03-09 15:14:33 UTC (commit 12207)