Announcement

Collapse
No announcement yet.

Security update published in Neon Wednesday morning

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Security update published in Neon Wednesday morning

    KDE Project Security Advisory
    =============================

    Title: kauth: Local privilege escalation
    Risk Rating: High
    CVE: CVE-2017-8422
    Versions: kauth < 5.34, kdelibs < 4.14.32
    Date: 10 May 2017


    Overview
    ========
    KAuth contains a logic flaw in which the service invoking dbus
    is not properly checked.

    This allows spoofing the identity of the caller and with some
    carefully crafted calls can lead to gaining root from an
    unprivileged account.

    Solution
    ========
    Update to kauth >= 5.34 and kdelibs >= 4.14.32 (when released)

    Or apply the following patches:
    kauth: https://commits.kde.org/kauth/df875f...2eb158b4f9216a
    kdelibs: https://commits.kde.org/kdelibs/264e...6ffb52582888ab

    Credits
    =======
    Thanks to Sebastian Krahmer from SUSE for the report and
    to Albert Astals Cid from KDE for the fix.
    Windows no longer obstructs my view.
    Using Kubuntu Linux since March 23, 2007.
    "It is a capital mistake to theorize before one has data." - Sherlock Holmes
Working...
X