Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

Gentoo: GLSA-201803-09 Normal: KDE Plasma Command Execution Threat

gentoo
Calendar Grey March 19, 2018
Dist Gentoo Esm H88
Various vulnerabilities in KDE Plasma Workspaces enable local users to execute arbitrary commands. Ensure you install the latest updates for your security.
Multiple vulnerabilities have been found in KDE Plasma Workspaces, the worst of which allows local attackers to execute arbitrary commands.

Summary

Multiple vulnerabilities have been discovered in KDE Plasma Workspaces. Please review the referenced CVE identifiers for details.

Topics%20covered

Topics Covered

security advisory command execution local attack Gentoo Linux KDE Plasma normal severity

Resolution

All KDE Plasma Workspace users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=kde-plasma/plasma-workspace-5.11.5-r1"

References

[ 1 ] CVE-2018-6790 https://nvd.nist.gov/vuln/detail/CVE-2018-6790 [ 2 ] CVE-2018-6791 https://nvd.nist.gov/vuln/detail/CVE-2018-6791

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201803-09
style>.gentoo_availability{display:block;}

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity: Normal
Title: KDE Plasma Workspaces: Multiple vulnerabilities
Date: March 19, 2018
Bugs: #647106
ID: 201803-09

Topics%20covered

Topics Covered

security advisory command execution local attack Gentoo Linux KDE Plasma normal severity

Synopsis

Multiple vulnerabilities have been found in KDE Plasma Workspaces, the worst of which allows local attackers to execute arbitrary commands.

Background

KDE Plasma workspace is a widget based desktop environment designed to be fast and efficient.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 kde-plasma/plasma-workspace < 5.11.5-r1 >= 5.11.5-r1

Impact

===== An attacker could execute arbitrary commands via specially crafted thumb drive's volume labels or obtain sensitive information via specially crafted notifications.

Workaround

Users should mount removable devices with Dolphin instead of the device notifier. Users should disable notifications.

Related News

Your message here