{"id":"USN-4100-1","summary":"kconfig, kde4libs vulnerabilities","details":"It was discovered that KConfig and KDE libraries have a vulnerability\nwhere an attacker could hide malicious code under desktop and\nconfiguration files. (CVE-2019-14744)\n\nIt was discovered that KConfig allows remote attackers to write to\narbitrary files via a ../ in a filename in an archive file. (CVE-2016-6232)\n","modified":"2026-04-22T10:01:35.592564Z","published":"2019-08-16T20:47:00Z","related":["UBUNTU-CVE-2016-6232","UBUNTU-CVE-2019-14744"],"upstream":["CVE-2016-6232","CVE-2019-14744","UBUNTU-CVE-2016-6232","UBUNTU-CVE-2019-14744"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4100-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2016-6232"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-14744"}],"affected":[{"package":{"name":"kconfig","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/kconfig@5.18.0-0ubuntu1.1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.18.0-0ubuntu1.1"}]}],"versions":["5.15.0-0ubuntu1","5.15.0-0ubuntu2","5.18.0-0ubuntu1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"5.18.0-0ubuntu1.1","binary_name":"libkf5config-bin"},{"binary_version":"5.18.0-0ubuntu1.1","binary_name":"libkf5config-data"},{"binary_version":"5.18.0-0ubuntu1.1","binary_name":"libkf5configcore5"},{"binary_version":"5.18.0-0ubuntu1.1","binary_name":"libkf5configgui5"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4100-1.json","cves_map":{"ecosystem":"Ubuntu:16.04:LTS","cves":[{"id":"CVE-2016-6232","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2019-14744","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}]}}},{"package":{"name":"kde4libs","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/kde4libs@4:4.14.16-0ubuntu3.3?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4:4.14.16-0ubuntu3.3"}]}],"versions":["4:4.14.13-0ubuntu1","4:4.14.13-0ubuntu2","4:4.14.13-0ubuntu3","4:4.14.13-0ubuntu4","4:4.14.13-0ubuntu6","4:4.14.16-0ubuntu1","4:4.14.16-0ubuntu3","4:4.14.16-0ubuntu3.1","4:4.14.16-0ubuntu3.2"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"4:4.14.16-0ubuntu3.3","binary_name":"kdelibs-bin"},{"binary_version":"4:4.14.16-0ubuntu3.3","binary_name":"kdelibs5-data"},{"binary_version":"4:4.14.16-0ubuntu3.3","binary_name":"kdelibs5-plugins"},{"binary_version":"4:4.14.16-0ubuntu3.3","binary_name":"kdoctools"},{"binary_version":"4:4.14.16-0ubuntu3.3","binary_name":"libkcmutils4"},{"binary_version":"4:4.14.16-0ubuntu3.3","binary_name":"libkde3support4"},{"binary_version":"4:4.14.16-0ubuntu3.3","binary_name":"libkdeclarative5"},{"binary_version":"4:4.14.16-0ubuntu3.3","binary_name":"libkdecore5"},{"binary_version":"4:4.14.16-0ubuntu3.3","binary_name":"libkdesu5"},{"binary_version":"4:4.14.16-0ubuntu3.3","binary_name":"libkdeui5"},{"binary_version":"4:4.14.16-0ubuntu3.3","binary_name":"libkdewebkit5"},{"binary_version":"4:4.14.16-0ubuntu3.3","binary_name":"libkdnssd4"},{"binary_version":"4:4.14.16-0ubuntu3.3","binary_name":"libkemoticons4"},{"binary_version":"4:4.14.16-0ubuntu3.3","binary_name":"libkfile4"},{"binary_version":"4:4.14.16-0ubuntu3.3","binary_name":"libkhtml5"},{"binary_version":"4:4.14.16-0ubuntu3.3","binary_name":"libkidletime4"},{"binary_version":"4:4.14.16-0ubuntu3.3","binary_name":"libkimproxy4"},{"binary_version":"4:4.14.16-0ubuntu3.3","binary_name":"libkio5"},{"binary_version":"4:4.14.16-0ubuntu3.3","binary_name":"libkjsapi4"},{"binary_version":"4:4.14.16-0ubuntu3.3","binary_name":"libkjsembed4"},{"binary_version":"4:4.14.16-0ubuntu3.3","binary_name":"libkmediaplayer4"},{"binary_version":"4:4.14.16-0ubuntu3.3","binary_name":"libknewstuff2-4"},{"binary_version":"4:4.14.16-0ubuntu3.3","binary_name":"libknewstuff3-4"},{"binary_version":"4:4.14.16-0ubuntu3.3","binary_name":"libknotifyconfig4"},{"binary_version":"4:4.14.16-0ubuntu3.3","binary_name":"libkntlm4"},{"binary_version":"4:4.14.16-0ubuntu3.3","binary_name":"libkparts4"},{"binary_version":"4:4.14.16-0ubuntu3.3","binary_name":"libkprintutils4"},{"binary_version":"4:4.14.16-0ubuntu3.3","binary_name":"libkpty4"},{"binary_version":"4:4.14.16-0ubuntu3.3","binary_name":"libkrosscore4"},{"binary_version":"4:4.14.16-0ubuntu3.3","binary_name":"libkrossui4"},{"binary_version":"4:4.14.16-0ubuntu3.3","binary_name":"libktexteditor4"},{"binary_version":"4:4.14.16-0ubuntu3.3","binary_name":"libkunitconversion4"},{"binary_version":"4:4.14.16-0ubuntu3.3","binary_name":"libkutils4"},{"binary_version":"4:4.14.16-0ubuntu3.3","binary_name":"libplasma3"},{"binary_version":"4:4.14.16-0ubuntu3.3","binary_name":"libsolid4"},{"binary_version":"4:4.14.16-0ubuntu3.3","binary_name":"libthreadweaver4"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4100-1.json","cves_map":{"ecosystem":"Ubuntu:16.04:LTS","cves":[{"id":"CVE-2016-6232","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2019-14744","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}]}}},{"package":{"name":"kconfig","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/kconfig@5.44.0-0ubuntu1.1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.44.0-0ubuntu1.1"}]}],"versions":["5.38.0-0ubuntu1","5.40.0-0ubuntu1","5.41.0-0ubuntu1","5.42.0-0ubuntu1","5.43.0-0ubuntu1","5.44.0-0ubuntu1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"5.44.0-0ubuntu1.1","binary_name":"libkf5config-bin"},{"binary_version":"5.44.0-0ubuntu1.1","binary_name":"libkf5config-data"},{"binary_version":"5.44.0-0ubuntu1.1","binary_name":"libkf5configcore5"},{"binary_version":"5.44.0-0ubuntu1.1","binary_name":"libkf5configgui5"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4100-1.json","cves_map":{"ecosystem":"Ubuntu:18.04:LTS","cves":[{"id":"CVE-2019-14744","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}]}}},{"package":{"name":"kde4libs","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/kde4libs@4:4.14.38-0ubuntu3.1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4:4.14.38-0ubuntu3.1"}]}],"versions":["4:4.14.34-0ubuntu2","4:4.14.38-0ubuntu2","4:4.14.38-0ubuntu3"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"4:4.14.38-0ubuntu3.1","binary_name":"kdelibs-bin"},{"binary_version":"4:4.14.38-0ubuntu3.1","binary_name":"kdelibs5-data"},{"binary_version":"4:4.14.38-0ubuntu3.1","binary_name":"kdelibs5-plugins"},{"binary_version":"4:4.14.38-0ubuntu3.1","binary_name":"kdoctools"},{"binary_version":"4:4.14.38-0ubuntu3.1","binary_name":"libkcmutils4"},{"binary_version":"4:4.14.38-0ubuntu3.1","binary_name":"libkde3support4"},{"binary_version":"4:4.14.38-0ubuntu3.1","binary_name":"libkdeclarative5"},{"binary_version":"4:4.14.38-0ubuntu3.1","binary_name":"libkdecore5"},{"binary_version":"4:4.14.38-0ubuntu3.1","binary_name":"libkdesu5"},{"binary_version":"4:4.14.38-0ubuntu3.1","binary_name":"libkdeui5"},{"binary_version":"4:4.14.38-0ubuntu3.1","binary_name":"libkdewebkit5"},{"binary_version":"4:4.14.38-0ubuntu3.1","binary_name":"libkdnssd4"},{"binary_version":"4:4.14.38-0ubuntu3.1","binary_name":"libkemoticons4"},{"binary_version":"4:4.14.38-0ubuntu3.1","binary_name":"libkfile4"},{"binary_version":"4:4.14.38-0ubuntu3.1","binary_name":"libkhtml5"},{"binary_version":"4:4.14.38-0ubuntu3.1","binary_name":"libkidletime4"},{"binary_version":"4:4.14.38-0ubuntu3.1","binary_name":"libkimproxy4"},{"binary_version":"4:4.14.38-0ubuntu3.1","binary_name":"libkio5"},{"binary_version":"4:4.14.38-0ubuntu3.1","binary_name":"libkjsapi4"},{"binary_version":"4:4.14.38-0ubuntu3.1","binary_name":"libkjsembed4"},{"binary_version":"4:4.14.38-0ubuntu3.1","binary_name":"libkmediaplayer4"},{"binary_version":"4:4.14.38-0ubuntu3.1","binary_name":"libknewstuff2-4"},{"binary_version":"4:4.14.38-0ubuntu3.1","binary_name":"libknewstuff3-4"},{"binary_version":"4:4.14.38-0ubuntu3.1","binary_name":"libknotifyconfig4"},{"binary_version":"4:4.14.38-0ubuntu3.1","binary_name":"libkntlm4"},{"binary_version":"4:4.14.38-0ubuntu3.1","binary_name":"libkparts4"},{"binary_version":"4:4.14.38-0ubuntu3.1","binary_name":"libkprintutils4"},{"binary_version":"4:4.14.38-0ubuntu3.1","binary_name":"libkpty4"},{"binary_version":"4:4.14.38-0ubuntu3.1","binary_name":"libkrosscore4"},{"binary_version":"4:4.14.38-0ubuntu3.1","binary_name":"libkrossui4"},{"binary_version":"4:4.14.38-0ubuntu3.1","binary_name":"libktexteditor4"},{"binary_version":"4:4.14.38-0ubuntu3.1","binary_name":"libkunitconversion4"},{"binary_version":"4:4.14.38-0ubuntu3.1","binary_name":"libkutils4"},{"binary_version":"4:4.14.38-0ubuntu3.1","binary_name":"libplasma3"},{"binary_version":"4:4.14.38-0ubuntu3.1","binary_name":"libsolid4"},{"binary_version":"4:4.14.38-0ubuntu3.1","binary_name":"libthreadweaver4"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4100-1.json","cves_map":{"ecosystem":"Ubuntu:18.04:LTS","cves":[{"id":"CVE-2019-14744","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}]}}}],"schema_version":"1.7.5"}