An update for kf5-kconfig is now available for openEuler-20.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2021-1295 Final 1.0 1.0 2021-07-31 Initial 2021-07-31 2021-07-31 openEuler SA Tool V1.0 2021-07-31 kf5-kconfig security update An update for kf5-kconfig is now available for openEuler-20.03-LTS-SP1. KDE Frameworks 5 Tier 1 addon with advanced configuration system made of two parts: KConfigCore and KConfigGui. Security Fix(es): In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop file.(CVE-2019-14744) An update for kf5-kconfig is now available for openEuler-20.03-LTS-SP1. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High kf5-kconfig https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1295 https://openeuler.org/en/security/cve/detail.html?id=CVE-2019-14744 https://nvd.nist.gov/vuln/detail/CVE-2019-14744 openEuler-20.03-LTS-SP1 kf5-kconfig-gui-5.55.0-3.oe1.aarch64.rpm kf5-kconfig-devel-5.55.0-3.oe1.aarch64.rpm kf5-kconfig-debuginfo-5.55.0-3.oe1.aarch64.rpm kf5-kconfig-debugsource-5.55.0-3.oe1.aarch64.rpm kf5-kconfig-5.55.0-3.oe1.aarch64.rpm kf5-kconfig-core-5.55.0-3.oe1.aarch64.rpm kf5-kconfig-5.55.0-3.oe1.src.rpm kf5-kconfig-debuginfo-5.55.0-3.oe1.x86_64.rpm kf5-kconfig-5.55.0-3.oe1.x86_64.rpm kf5-kconfig-core-5.55.0-3.oe1.x86_64.rpm kf5-kconfig-devel-5.55.0-3.oe1.x86_64.rpm kf5-kconfig-gui-5.55.0-3.oe1.x86_64.rpm kf5-kconfig-debugsource-5.55.0-3.oe1.x86_64.rpm In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop file. 2021-07-31 CVE-2019-14744 openEuler-20.03-LTS-SP1 High 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H kf5-kconfig security update 2021-07-31 https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1295