GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Mon Mar 19, 2018 4:26 am Post subject: [ GLSA 201803-09 ] KDE Plasma Workspaces |
|
|
Gentoo Linux Security Advisory
Title: KDE Plasma Workspaces: Multiple vulnerabilities (GLSA 201803-09)
Severity: normal
Exploitable: local, remote
Date: 2018-03-19
Bug(s): #647106
ID: 201803-09
Synopsis
Multiple vulnerabilities have been found in KDE Plasma Workspaces,
the worst of which allows local attackers to execute arbitrary commands.
Background
KDE Plasma workspace is a widget based desktop environment designed to
be fast and efficient.
Affected Packages
Package: kde-plasma/plasma-workspace
Vulnerable: < 5.11.5-r1
Unaffected: >= 5.11.5-r1
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in KDE Plasma Workspaces.
Please review the referenced CVE identifiers for details.
Impact
An attacker could execute arbitrary commands via specially crafted thumb
drive’s volume labels or obtain sensitive information via specially
crafted notifications.
Workaround
Users should mount removable devices with Dolphin instead of the device
notifier.
Users should disable notifications.
Resolution
All KDE Plasma Workspace users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose
">=kde-plasma/plasma-workspace-5.11.5-r1"
|
References
CVE-2018-6790
CVE-2018-6791 |
|