KeePassX

KeePassX 0.4.4 Security Update released

Two security flaws have been discovered in KeePassX 0.4.3.
Version 2.0 has a different codebase and is not affected.

  • CVE-2015-8359: DLL Preloading vulnerability on Windows
    The version of Qt bundled with KeePassX 0.4.3 is vulnerable to a DDL preloading attack.
    This vulnerability only affects KeePassX on Windows.
    If successfully exploited, arbitrary code can be executed in the context of KeePassX.
    KeePassX 0.4.4 ships with Qt 4.8.7 and employs additional hardening measures.
    Thanks to Trenton Ivey from SecureWorks for reporting this vulnerability to us.
  • CVE-2015-8378: Canceling XML export function creates export as “.xml” file
    When canceling the “Export to > KeePassX XML file” function the cleartext passwords were still exported.
    In this case the password database was exported as the file “.xml” in the current working directory (often $HOME or the directory of the database).
    Originally reported as Debian bug #791858

KeePassX 0.4.4 fixes both vulnerabilities.
It is available as a source tarball and Windows / Mac OS X binaries: Download
The OS X bundle contains only a 64bit binary (compared to 0.4.3 which shipped as i386 and powerpc).
The fix for CVE-2015-8378 is also available as a patch: CVE-2015-8378.patch

We will still provide security support for the 0.4 series for some time but please consider updating to version 2.0 instead.

Leave a comment
Trackback

39 Responses to “KeePassX 0.4.4 Security Update released”

  1. Your article is detailed, thanks to it I solved the problem I am entangled. I will regularly follow your writers and visit this site daily.

  2. alsec says:

    Boom Just what my readers at http://alsec.co.il will appreciate. Thanks for the heads up.

  3. smith says:

    I will share to your post alternative website or friendz.this post truly helpful for business work.carry on

    https://sparkstore.pro

  4. The entire blog has been written in impressive way and I am sure it will also inspire other readers

  5. gmail login says:

    Your article is detailed, thanks to it I solved the problem I am entangled. I will regularly follow your writers and visit this site daily.

  6. qt001 says:

    /src/lib/random.cpp

    #include “random.h”
    #include <— Add here

    #if defined(Q_WS_X11) || defined(Q_WS_MAC)
    #include

    # make install
    # keepassx

  7. I have read through many articles, but I found this article very good and meaningful. Thank you for sharing.

  8. Elisaa says:

    The entire blog has been written in impressive way and I am sure it will also inspire other readers.

  9. Duck life says:

    KeePassX 0.4.4 fixes both vulnerabilities. better than the instrument version. I enjoyed this update.

  10. I’d like to thank you for the efforts you’ve put in writing
    this website. I am hoping to check out the same high-grade content by you in the future as well.
    In fact, your creative writing abilities has inspired me to
    get my own site now 😉

  11. happy wheels says:

    I am really impressed by the interior of your house.

Leave a Reply to Klaus Brueck