KDE Project Security Advisory ============================= Title: Konversation: Crash in IRC message parsing Risk Rating: High CVE: CVE-2017-15923 Versions: konversation <= 1.7.2 Date: 12 November 2017 Overview ======== Konversation has support for colors in IRC messages. Any malicious user connected to the same IRC network can send a carefully crafted message that will crash the Konversation user client. Workaround ========== Go to Interface → Colors in the Configure Konversation dialog and uncheck Allow Colored Text in IRC Messages (near the bottom) Solution ======== Update to Konversation > 1.7.2 Or apply the following patches: 1.7: https://commits.kde.org/konversation/34cc9556c1a089fac6b674d3bd6f2248e9512902 1.6: https://commits.kde.org/konversation/cebf8d7658b0e3afb0292c273704ec4d2ea4019f 1.5: https://commits.kde.org/konversation/6a7f59ee1b9dbc6e5cf9e5f3b306504d02b73ef0 1.4: the patch for 1.5 will apply, but you should upgrade Credits ======= Thanks to Joseph Bisch for the report and to Eli MacKenzie for the fix.