Public bug reported:

KDE Project Security Advisory
=============================

Title:          kauth: Insecure handling of arguments in helpers
Risk Rating:    Medium
CVE:            CVE-2019-7443
Versions:       KDE Frameworks < 5.55.0
Date:           9 February 2019


Overview
========
KAuth allows to pass parameters with arbitrary types to helpers running as root
over DBus. Certain types can cause crashes and trigger decoding arbitrary
images with dynamically loaded plugins.

Solution
========
Update to kauth >= 5.55.0

Or apply the following patch to kauth:
https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a

Credits
=======

Thanks to Fabian Vogt for the report and Albert Astals Cid for the fix.

Debian advisory: https://security-
tracker.debian.org/tracker/CVE-2019-7443

** Affects: kauth (Ubuntu)
     Importance: Undecided
         Status: New

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-7443

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1815427

Title:
  [CVE] Insecure handling of arguments in helpers

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/kauth/+bug/1815427/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to