If anyone has Frameworks below 5.55.0 installed, I recommend updating if
it's not too disruptive.
-------- Forwarded Message --------
Subject: KDE Project Security Advisory: kauth: Insecure handling of
arguments in helpers
Date: Sat, 09 Feb 2019 12:13:05 +0100
From: Albert Astals Cid <[email protected]>
To: [email protected]
KDE Project Security Advisory
=============================
Title: kauth: Insecure handling of arguments in helpers
Risk Rating: Medium
CVE: CVE-2019-7443
Versions: KDE Frameworks < 5.55.0
Date: 9 February 2019
Overview
========
KAuth allows to pass parameters with arbitrary types to helpers running
as root
over DBus. Certain types can cause crashes and trigger decoding arbitrary
images with dynamically loaded plugins.
Solution
========
Update to kauth >= 5.55.0
Or apply the following patch to kauth:
https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a
Credits
=======
Thanks to Fabian Vogt for the report and Albert Astals Cid for the fix.
--
http://lists.linuxfromscratch.org/listinfo/blfs-support
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
