[Group.of.nepali.translators] [Bug 1768649] Re: [CVE] Access to privileged files
This bug was fixed in the package kwallet-pam - 4:5.12.4-0ubuntu1.3 --- kwallet-pam (4:5.12.4-0ubuntu1.3) bionic-security; urgency=medium * SECURITY UPDATE: Access to privileged files (LP: #1768649): - fix-CVE-2018-10380-1.patch - fix-CVE-2018-10380-2.patch - fix-CVE-2018-10380-3.patch - CVE-2018-10380 -- Simon Quigley Thu, 14 Jun 2018 11:30:19 -0500 ** Changed in: kwallet-pam (Ubuntu Bionic) Status: Triaged => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1768649 Title: [CVE] Access to privileged files Status in kwallet-pam package in Ubuntu: Fix Released Status in pam-kwallet package in Ubuntu: Invalid Status in pam-kwallet source package in Trusty: New Status in kwallet-pam source package in Xenial: Fix Released Status in kwallet-pam source package in Artful: Fix Released Status in kwallet-pam source package in Bionic: Fix Released Status in kwallet-pam source package in Cosmic: Fix Released Bug description: KDE Project Security Advisory = Title: kwallet-pam: Access to privileged files Risk Rating:High CVE:CVE-2018-10380 Versions: Plasma < 5.12.6 Date: 4 May 2018 Overview kwallet-pam was doing file writing and permission changing as root that with correct timing and use of carefully crafted symbolic links could allow a non privileged user to become the owner of any file on the system. Workaround == None (other than not using kwallet-pam) Solution Update to Plasma >= 5.12.6 or Plasma >= 5.13.0 Or apply the following patches: Plasma 5.12 https://commits.kde.org/kwallet-pam/2134dec85ce19d6378d03cddfae9e5e464cb24c0 https://commits.kde.org/kwallet-pam/01d4143fda5bddb6dca37b23304dc239a5fb38b5 Plasma 5.8 https://commits.kde.org/kwallet-pam/99abc7fde21f40cc6da5feb6ee766cc46fcca1f8 https://commits.kde.org/kwallet-pam/802f305d81f8771c4f4a8bd7fd0e368ffc6f9b3b Credits === Thanks to Fabian Vogt for the report and to Albert Astals Cid for the fix. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/kwallet-pam/+bug/1768649/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1768649] Re: [CVE] Access to privileged files
This bug was fixed in the package kwallet-pam - 4:5.10.5-0ubuntu1.3 --- kwallet-pam (4:5.10.5-0ubuntu1.3) artful-security; urgency=medium * SECURITY UPDATE: Access to privileged files (LP: #1768649): - fix-CVE-2018-10380-1.patch - fix-CVE-2018-10380-2.patch - fix-CVE-2018-10380-3.patch - CVE-2018-10380 -- Simon Quigley Thu, 14 Jun 2018 11:44:32 -0500 ** Changed in: kwallet-pam (Ubuntu Artful) Status: Triaged => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1768649 Title: [CVE] Access to privileged files Status in kwallet-pam package in Ubuntu: Fix Released Status in pam-kwallet package in Ubuntu: Invalid Status in pam-kwallet source package in Trusty: New Status in kwallet-pam source package in Xenial: Fix Released Status in kwallet-pam source package in Artful: Fix Released Status in kwallet-pam source package in Bionic: Fix Released Status in kwallet-pam source package in Cosmic: Fix Released Bug description: KDE Project Security Advisory = Title: kwallet-pam: Access to privileged files Risk Rating:High CVE:CVE-2018-10380 Versions: Plasma < 5.12.6 Date: 4 May 2018 Overview kwallet-pam was doing file writing and permission changing as root that with correct timing and use of carefully crafted symbolic links could allow a non privileged user to become the owner of any file on the system. Workaround == None (other than not using kwallet-pam) Solution Update to Plasma >= 5.12.6 or Plasma >= 5.13.0 Or apply the following patches: Plasma 5.12 https://commits.kde.org/kwallet-pam/2134dec85ce19d6378d03cddfae9e5e464cb24c0 https://commits.kde.org/kwallet-pam/01d4143fda5bddb6dca37b23304dc239a5fb38b5 Plasma 5.8 https://commits.kde.org/kwallet-pam/99abc7fde21f40cc6da5feb6ee766cc46fcca1f8 https://commits.kde.org/kwallet-pam/802f305d81f8771c4f4a8bd7fd0e368ffc6f9b3b Credits === Thanks to Fabian Vogt for the report and to Albert Astals Cid for the fix. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/kwallet-pam/+bug/1768649/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1768649] Re: [CVE] Access to privileged files
This bug was fixed in the package kwallet-pam - 4:5.5.5-0ubuntu1.3 --- kwallet-pam (4:5.5.5-0ubuntu1.3) xenial-security; urgency=medium * SECURITY UPDATE: Access to privileged files (LP: #1768649): - fix-CVE-2018-10380-1.patch - fix-CVE-2018-10380-2.patch - fix-CVE-2018-10380-3.patch - CVE-2018-10380 -- Simon Quigley Thu, 14 Jun 2018 11:51:19 -0500 ** Changed in: kwallet-pam (Ubuntu Xenial) Status: Triaged => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1768649 Title: [CVE] Access to privileged files Status in kwallet-pam package in Ubuntu: Fix Released Status in pam-kwallet package in Ubuntu: Invalid Status in pam-kwallet source package in Trusty: New Status in kwallet-pam source package in Xenial: Fix Released Status in kwallet-pam source package in Artful: Triaged Status in kwallet-pam source package in Bionic: Triaged Status in kwallet-pam source package in Cosmic: Fix Released Bug description: KDE Project Security Advisory = Title: kwallet-pam: Access to privileged files Risk Rating:High CVE:CVE-2018-10380 Versions: Plasma < 5.12.6 Date: 4 May 2018 Overview kwallet-pam was doing file writing and permission changing as root that with correct timing and use of carefully crafted symbolic links could allow a non privileged user to become the owner of any file on the system. Workaround == None (other than not using kwallet-pam) Solution Update to Plasma >= 5.12.6 or Plasma >= 5.13.0 Or apply the following patches: Plasma 5.12 https://commits.kde.org/kwallet-pam/2134dec85ce19d6378d03cddfae9e5e464cb24c0 https://commits.kde.org/kwallet-pam/01d4143fda5bddb6dca37b23304dc239a5fb38b5 Plasma 5.8 https://commits.kde.org/kwallet-pam/99abc7fde21f40cc6da5feb6ee766cc46fcca1f8 https://commits.kde.org/kwallet-pam/802f305d81f8771c4f4a8bd7fd0e368ffc6f9b3b Credits === Thanks to Fabian Vogt for the report and to Albert Astals Cid for the fix. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/kwallet-pam/+bug/1768649/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1768649] Re: [CVE] Access to privileged files
** Changed in: kwallet-pam (Ubuntu Bionic) Status: Fix Released => Triaged ** Changed in: kwallet-pam (Ubuntu Artful) Status: Fix Released => Triaged ** Changed in: kwallet-pam (Ubuntu Xenial) Status: Fix Released => Triaged -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1768649 Title: [CVE] Access to privileged files Status in kwallet-pam package in Ubuntu: Fix Released Status in pam-kwallet package in Ubuntu: Invalid Status in pam-kwallet source package in Trusty: New Status in kwallet-pam source package in Xenial: Triaged Status in kwallet-pam source package in Artful: Triaged Status in kwallet-pam source package in Bionic: Triaged Status in kwallet-pam source package in Cosmic: Fix Released Bug description: KDE Project Security Advisory = Title: kwallet-pam: Access to privileged files Risk Rating:High CVE:CVE-2018-10380 Versions: Plasma < 5.12.6 Date: 4 May 2018 Overview kwallet-pam was doing file writing and permission changing as root that with correct timing and use of carefully crafted symbolic links could allow a non privileged user to become the owner of any file on the system. Workaround == None (other than not using kwallet-pam) Solution Update to Plasma >= 5.12.6 or Plasma >= 5.13.0 Or apply the following patches: Plasma 5.12 https://commits.kde.org/kwallet-pam/2134dec85ce19d6378d03cddfae9e5e464cb24c0 https://commits.kde.org/kwallet-pam/01d4143fda5bddb6dca37b23304dc239a5fb38b5 Plasma 5.8 https://commits.kde.org/kwallet-pam/99abc7fde21f40cc6da5feb6ee766cc46fcca1f8 https://commits.kde.org/kwallet-pam/802f305d81f8771c4f4a8bd7fd0e368ffc6f9b3b Credits === Thanks to Fabian Vogt for the report and to Albert Astals Cid for the fix. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/kwallet-pam/+bug/1768649/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1768649] Re: [CVE] Access to privileged files
This bug was fixed in the package kwallet-pam - 4:5.10.5-0ubuntu1.1 --- kwallet-pam (4:5.10.5-0ubuntu1.1) artful-security; urgency=medium * SECURITY UPDATE: Access to privileged files (LP: #1768649): - fix-CVE-2018-10380-1.patch - fix-CVE-2018-10380-2.patch - CVE-2018-10380 -- Simon QuigleyThu, 03 May 2018 16:25:43 -0500 ** Changed in: kwallet-pam (Ubuntu Artful) Status: Fix Committed => Fix Released ** Changed in: kwallet-pam (Ubuntu Bionic) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1768649 Title: [CVE] Access to privileged files Status in kwallet-pam package in Ubuntu: Fix Released Status in pam-kwallet package in Ubuntu: Invalid Status in pam-kwallet source package in Trusty: New Status in kwallet-pam source package in Xenial: Fix Released Status in kwallet-pam source package in Artful: Fix Released Status in kwallet-pam source package in Bionic: Fix Released Status in kwallet-pam source package in Cosmic: Fix Released Bug description: KDE Project Security Advisory = Title: kwallet-pam: Access to privileged files Risk Rating:High CVE:CVE-2018-10380 Versions: Plasma < 5.12.6 Date: 4 May 2018 Overview kwallet-pam was doing file writing and permission changing as root that with correct timing and use of carefully crafted symbolic links could allow a non privileged user to become the owner of any file on the system. Workaround == None (other than not using kwallet-pam) Solution Update to Plasma >= 5.12.6 or Plasma >= 5.13.0 Or apply the following patches: Plasma 5.12 https://commits.kde.org/kwallet-pam/2134dec85ce19d6378d03cddfae9e5e464cb24c0 https://commits.kde.org/kwallet-pam/01d4143fda5bddb6dca37b23304dc239a5fb38b5 Plasma 5.8 https://commits.kde.org/kwallet-pam/99abc7fde21f40cc6da5feb6ee766cc46fcca1f8 https://commits.kde.org/kwallet-pam/802f305d81f8771c4f4a8bd7fd0e368ffc6f9b3b Credits === Thanks to Fabian Vogt for the report and to Albert Astals Cid for the fix. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/kwallet-pam/+bug/1768649/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1768649] Re: [CVE] Access to privileged files
This bug was fixed in the package kwallet-pam - 4:5.12.4-0ubuntu1.1 --- kwallet-pam (4:5.12.4-0ubuntu1.1) bionic-security; urgency=medium * SECURITY UPDATE: Access to privileged files (LP: #1768649): - fix-CVE-2018-10380-1.patch - fix-CVE-2018-10380-2.patch - CVE-2018-10380 -- Simon QuigleyThu, 03 May 2018 16:06:06 -0500 ** Changed in: kwallet-pam (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1768649 Title: [CVE] Access to privileged files Status in kwallet-pam package in Ubuntu: Fix Released Status in pam-kwallet package in Ubuntu: Invalid Status in pam-kwallet source package in Trusty: New Status in kwallet-pam source package in Xenial: Fix Released Status in kwallet-pam source package in Artful: Fix Released Status in kwallet-pam source package in Bionic: Fix Released Status in kwallet-pam source package in Cosmic: Fix Released Bug description: KDE Project Security Advisory = Title: kwallet-pam: Access to privileged files Risk Rating:High CVE:CVE-2018-10380 Versions: Plasma < 5.12.6 Date: 4 May 2018 Overview kwallet-pam was doing file writing and permission changing as root that with correct timing and use of carefully crafted symbolic links could allow a non privileged user to become the owner of any file on the system. Workaround == None (other than not using kwallet-pam) Solution Update to Plasma >= 5.12.6 or Plasma >= 5.13.0 Or apply the following patches: Plasma 5.12 https://commits.kde.org/kwallet-pam/2134dec85ce19d6378d03cddfae9e5e464cb24c0 https://commits.kde.org/kwallet-pam/01d4143fda5bddb6dca37b23304dc239a5fb38b5 Plasma 5.8 https://commits.kde.org/kwallet-pam/99abc7fde21f40cc6da5feb6ee766cc46fcca1f8 https://commits.kde.org/kwallet-pam/802f305d81f8771c4f4a8bd7fd0e368ffc6f9b3b Credits === Thanks to Fabian Vogt for the report and to Albert Astals Cid for the fix. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/kwallet-pam/+bug/1768649/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1768649] Re: [CVE] Access to privileged files
Updated packages are in the security proposed PPA. I have tested all three in fresh, fully updated virtual machines of each release, and all three work. The Trusty backport is pending a review, but I would call the Xenial, Artful, and Bionic updates good. ** Changed in: kwallet-pam (Ubuntu Artful) Status: New => Fix Committed ** Changed in: kwallet-pam (Ubuntu Bionic) Status: In Progress => Fix Committed ** Changed in: kwallet-pam (Ubuntu Xenial) Status: New => Fix Committed ** No longer affects: kwallet-pam (Ubuntu Trusty) ** No longer affects: pam-kwallet (Ubuntu Xenial) ** No longer affects: pam-kwallet (Ubuntu Artful) ** No longer affects: pam-kwallet (Ubuntu Bionic) ** No longer affects: pam-kwallet (Ubuntu Cosmic) -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1768649 Title: [CVE] Access to privileged files Status in kwallet-pam package in Ubuntu: Fix Released Status in pam-kwallet package in Ubuntu: Invalid Status in pam-kwallet source package in Trusty: New Status in kwallet-pam source package in Xenial: Fix Committed Status in kwallet-pam source package in Artful: Fix Committed Status in kwallet-pam source package in Bionic: Fix Committed Status in kwallet-pam source package in Cosmic: Fix Released Bug description: KDE Project Security Advisory = Title: kwallet-pam: Access to privileged files Risk Rating:High CVE:CVE-2018-10380 Versions: Plasma < 5.12.6 Date: 4 May 2018 Overview kwallet-pam was doing file writing and permission changing as root that with correct timing and use of carefully crafted symbolic links could allow a non privileged user to become the owner of any file on the system. Workaround == None (other than not using kwallet-pam) Solution Update to Plasma >= 5.12.6 or Plasma >= 5.13.0 Or apply the following patches: Plasma 5.12 https://commits.kde.org/kwallet-pam/2134dec85ce19d6378d03cddfae9e5e464cb24c0 https://commits.kde.org/kwallet-pam/01d4143fda5bddb6dca37b23304dc239a5fb38b5 Plasma 5.8 https://commits.kde.org/kwallet-pam/99abc7fde21f40cc6da5feb6ee766cc46fcca1f8 https://commits.kde.org/kwallet-pam/802f305d81f8771c4f4a8bd7fd0e368ffc6f9b3b Credits === Thanks to Fabian Vogt for the report and to Albert Astals Cid for the fix. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/kwallet-pam/+bug/1768649/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
[Group.of.nepali.translators] [Bug 1768649] Re: [CVE] Access to privileged files
This bug was fixed in the package kwallet-pam - 4:5.12.5-0ubuntu1 --- kwallet-pam (4:5.12.5-0ubuntu1) cosmic; urgency=medium * SECURITY UPDATE: Access to privileged files (LP: #1768649) - debian/patches/CVE-2018-10380-salt-creation.diff: Move salt creation to an unprivileged process - debian/patches/CVE-2018-10380-socket-creation.diff: Move socket creation to unprivileged codepath - CVE-2018-10380 * New upstream release (5.12.5) -- Rik MillsThu, 03 May 2018 20:49:30 +0100 ** Changed in: kwallet-pam (Ubuntu Cosmic) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1768649 Title: [CVE] Access to privileged files Status in kwallet-pam package in Ubuntu: Fix Released Status in pam-kwallet package in Ubuntu: Invalid Status in kwallet-pam source package in Trusty: Invalid Status in pam-kwallet source package in Trusty: New Status in kwallet-pam source package in Xenial: New Status in pam-kwallet source package in Xenial: Invalid Status in kwallet-pam source package in Artful: New Status in pam-kwallet source package in Artful: Invalid Status in kwallet-pam source package in Bionic: In Progress Status in pam-kwallet source package in Bionic: Invalid Status in kwallet-pam source package in Cosmic: Fix Released Status in pam-kwallet source package in Cosmic: Invalid Bug description: KDE Project Security Advisory = Title: kwallet-pam: Access to privileged files Risk Rating:High CVE:CVE-2018-10380 Versions: Plasma < 5.12.6 Date: 4 May 2018 Overview kwallet-pam was doing file writing and permission changing as root that with correct timing and use of carefully crafted symbolic links could allow a non privileged user to become the owner of any file on the system. Workaround == None (other than not using kwallet-pam) Solution Update to Plasma >= 5.12.6 or Plasma >= 5.13.0 Or apply the following patches: Plasma 5.12 https://commits.kde.org/kwallet-pam/2134dec85ce19d6378d03cddfae9e5e464cb24c0 https://commits.kde.org/kwallet-pam/01d4143fda5bddb6dca37b23304dc239a5fb38b5 Plasma 5.8 https://commits.kde.org/kwallet-pam/99abc7fde21f40cc6da5feb6ee766cc46fcca1f8 https://commits.kde.org/kwallet-pam/802f305d81f8771c4f4a8bd7fd0e368ffc6f9b3b Credits === Thanks to Fabian Vogt for the report and to Albert Astals Cid for the fix. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/kwallet-pam/+bug/1768649/+subscriptions ___ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp