CVE-2018-19120

NameCVE-2018-19120
DescriptionThe HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
Debian Bugs913595, 913596

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
kde-runtime (PTS)jessie4:4.14.2-2vulnerable
stretch4:16.08.3-2vulnerable
buster, sid4:17.08.3-2vulnerable
kio-extras (PTS)stretch4:16.08.3-1vulnerable
buster, sid4:18.08.3-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
kde-runtimesource(unstable)(unfixed)913596
kio-extrassource(unstable)4:18.08.3-1913595

Notes

[stretch] - kio-extras <no-dsa> (Minor issue)
[stretch] - kde-runtime <no-dsa> (Minor issue)
[jessie] - kde-runtime <ignored> (Minor issue)
https://www.kde.org/info/security/advisory-20181012-1.txt

Search for package or bug name: Reporting problems