Public bug reported:

KDE Project Security Advisory

Title:          kauth: Insecure handling of arguments in helpers
Risk Rating:    Medium
CVE:            CVE-2019-7443
Versions:       KDE Frameworks < 5.55.0
Date:           9 February 2019

KAuth allows to pass parameters with arbitrary types to helpers running as root
over DBus. Certain types can cause crashes and trigger decoding arbitrary
images with dynamically loaded plugins.

Update to kauth >= 5.55.0

Or apply the following patch to kauth:


Thanks to Fabian Vogt for the report and Albert Astals Cid for the fix.

Debian advisory: https://security-

** Affects: kauth (Ubuntu)
     Importance: Undecided
         Status: New

** CVE added:

You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

  [CVE] Insecure handling of arguments in helpers

To manage notifications about this bug go to:

ubuntu-bugs mailing list

Reply via email to