KeePassX

KeePassX 0.4.4 Security Update released

Two security flaws have been discovered in KeePassX 0.4.3.
Version 2.0 has a different codebase and is not affected.

  • CVE-2015-8359: DLL Preloading vulnerability on Windows
    The version of Qt bundled with KeePassX 0.4.3 is vulnerable to a DDL preloading attack.
    This vulnerability only affects KeePassX on Windows.
    If successfully exploited, arbitrary code can be executed in the context of KeePassX.
    KeePassX 0.4.4 ships with Qt 4.8.7 and employs additional hardening measures.
    Thanks to Trenton Ivey from SecureWorks for reporting this vulnerability to us.
  • CVE-2015-8378: Canceling XML export function creates export as “.xml” file
    When canceling the “Export to > KeePassX XML file” function the cleartext passwords were still exported.
    In this case the password database was exported as the file “.xml” in the current working directory (often $HOME or the directory of the database).
    Originally reported as Debian bug #791858

KeePassX 0.4.4 fixes both vulnerabilities.
It is available as a source tarball and Windows / Mac OS X binaries: Download
The OS X bundle contains only a 64bit binary (compared to 0.4.3 which shipped as i386 and powerpc).
The fix for CVE-2015-8378 is also available as a patch: CVE-2015-8378.patch

We will still provide security support for the 0.4 series for some time but please consider updating to version 2.0 instead.

Leave a comment
Trackback

63 Responses to “KeePassX 0.4.4 Security Update released”

  1. helix jump says:

    This icing is an absolute MUST for angel food cakes!

  2. albert says:

    thx for this article

  3. zara says:

    He told the client that their home would be part of a HERO program — that stands for Home Energy Renovation Opportunity. It’s a private company like Ygrene, approved by local governments to set up repayment of loans through the homeowner’s property taxes. The money can be used for anything from air-conditioning to windows to doors — it’s jut not a government entity. But you’d never know it from his pitch.

  4. A fabulous cleaning service plan contract dictates and additionally governs many of the agreements, words and phrases, services, and similar costs for in either of the cleaning arrangements you’ve gotten with whatever professional housecleaning agency. Almost just about every single cleaning office offers some kind of cleaning service plan contract.

  5. I learned a lot from the article. Thank you so much for sharing the nice information.

  6. This topic is very interesting and I am interested but do not know where to find, thankfully you create this topic, hope everyone will help me

  7. The information you share is very interesting.

  8. Ԍood dɑy! Woᥙld yoᥙ mind if I share your blog with my myspace gгoup?
    There’s a lot of people tһat I think wⲟuld really appreciate your ⅽontent.
    Pⅼease let me қnow. Thanks

  9. Brenda McClean says:

    my keypass seems to have disappeared .I had many many passwords in it and they are all gone what can I do to get them back please

  10. Omio Coupons says:

    He told the client that their home would be part of a HERO program — that stands for Home Energy Renovation Opportunity. It’s a private company like Ygrene, approved by local governments to set up repayment of loans through the homeowner’s property taxes. The money can be used for anything from air-conditioning to windows to doors — it’s jut not a government entity. But you’d never know it from his pitch.

Leave a Reply to candy crush soda