Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Fedora 33: FEDORA-2020-73471e6414 Moderate: kpmcore Local Escalation

fedora
Calendar Grey October 23, 2020
Dist Fedora Esm H88
Crucial patch addresses local privilege escalation issues in kpmcore for Fedora 33 utilizing calamares setup.
Update kpmcore to 4.2.0 and rebuild all dependent packages

Summary

Calamares is a distribution-independent installer framework, designed to install

from a live CD/DVD/USB environment to a hard disk. It includes a graphical

installation program based on Qt 5. This package includes the Calamares

framework and the required configuration files to produce a working replacement

for Anaconda's liveinst.

Update kpmcore to 4.2.0 and rebuild all dependent packages. This update also

fixes CVE-2020-27187.

* Sat Oct 17 2020 Mattia Verga - 3.2.11-14

- Rebuilt for kpmcore 4.2.0

* Sat Oct 17 2020 Mamoru TASAKA - 3.2.11-13

- Workaround for FTBFS

- Workaround for %cmake_kf5 forcely undefining %__cmake_in_source_build

- Upstream patch for missing header include

- Kill python bytecompile for now

* Sat Aug 1 2020 Fedora Release Engineering - 3.2.11-12

- Second attempt - Rebuilt for

https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild

* Tue Jul 28 2020 Adam Jackson - 3.2.11-11

- Require setxkbmap not xorg-x11-xkb-utils

* Mon Jul 27 2020 Fedora Release Engineering - 3.2.11-10

- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild

* Fri Jul 24 2020 Jeff Law - 3.2.11-10

- Use __cmake_in_source_build

[ 1 ] Bug #1890199 - CVE-2020-27187 kpmcore: kpmcore_externalcommand helper can be exploited in local privilege escalation

https://bugzilla.redhat.com/show_bug.cgi?id=1890199

su -c 'dnf upgrade --advisory FEDORA-2020-73471e6414' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory update local privilege escalation Fedora installer kpmcore

Change Log

References

Update Instructions

Severity
important
Lowest
Low
Medium
High
Critical

Product: Fedora 33
Version: 3.2.11
Release: 14.fc33
URL: https://calamares.io/
Summary: Installer from a live CD/DVD/USB to disk

Topics%20covered

Topics Covered

security advisory update local privilege escalation Fedora installer kpmcore

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here