KDE Project Security Advisory ============================= Title: kauth: Insecure handling of arguments in helpers Risk Rating: Medium CVE: CVE-2019-7443 Versions: KDE Frameworks < 5.55.0 Date: 9 February 2019
Overview ======== KAuth allows to pass parameters with arbitrary types to helpers running as root over DBus. Certain types can cause crashes and trigger decoding arbitrary images with dynamically loaded plugins. Solution ======== Update to kauth >= 5.55.0 Or apply the following patch to kauth: https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a Credits ======= Thanks to Fabian Vogt for the report and Albert Astals Cid for the fix.
