==========================================================================
Ubuntu Security Notice USN-6843-1
June 26, 2024

plasma-workspace vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

plasma-workspace would allow unintended access to the session manager.

Software Description:
- plasma-workspace: Plasma Workspace for KF5

Details:

Fabian Vogt discovered that Plasma Workspace incorrectly handled
connections via ICE. A local attacker could possibly use this issue to
gain access to another user's session manager and execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
   plasma-workspace                4:5.27.11-0ubuntu4.1

Ubuntu 23.10
   plasma-workspace                4:5.27.8-0ubuntu1.1

Ubuntu 22.04 LTS
   plasma-workspace                4:5.24.7-0ubuntu0.2

Ubuntu 20.04 LTS
   plasma-workspace                4:5.18.8-0ubuntu0.2

After a standard system update you need to reboot your computer to make all
the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-6843-1
   CVE-2024-36041

Package Information:
   https://launchpad.net/ubuntu/+source/plasma-workspace/4:5.27.11-0ubuntu4.1
   https://launchpad.net/ubuntu/+source/plasma-workspace/4:5.27.8-0ubuntu1.1
   https://launchpad.net/ubuntu/+source/plasma-workspace/4:5.24.7-0ubuntu0.2
   https://launchpad.net/ubuntu/+source/plasma-workspace/4:5.18.8-0ubuntu0.2

Ubuntu 6843-1: Plasma Workspace Security Advisory Updates

June 26, 2024
plasma-workspace would allow unintended access to the session manager.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 23.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: plasma-workspace would allow unintended access to the session manager. Software Description: - plasma-workspace: Plasma Workspace for KF5 Details: Fabian Vogt discovered that Plasma Workspace incorrectly handled connections via ICE. A local attacker could possibly use this issue to gain access to another user's session manager and execute arbitrary code.

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS plasma-workspace 4:5.27.11-0ubuntu4.1 Ubuntu 23.10 plasma-workspace 4:5.27.8-0ubuntu1.1 Ubuntu 22.04 LTS plasma-workspace 4:5.24.7-0ubuntu0.2 Ubuntu 20.04 LTS plasma-workspace 4:5.18.8-0ubuntu0.2 After a standard system update you need to reboot your computer to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6843-1

CVE-2024-36041

Severity
Ubuntu Security Notice USN-6843-1

Package Information

https://launchpad.net/ubuntu/+source/plasma-workspace/4:5.27.11-0ubuntu4.1 https://launchpad.net/ubuntu/+source/plasma-workspace/4:5.27.8-0ubuntu1.1 https://launchpad.net/ubuntu/+source/plasma-workspace/4:5.24.7-0ubuntu0.2 https://launchpad.net/ubuntu/+source/plasma-workspace/4:5.18.8-0ubuntu0.2

Related News

8.Locks HexConnections CodeGlobe Esm H170
2 - 4 min read
Canonical has made headlines with its groundbreaking long-term support (LTS) service offering to extend far beyond Ubuntu deb packages, promising 12
14.Lock Code WorldMap Esm H170
2 - 4 min read
Government agencies are drawing attention to an issue plaguing open-source communities: memory-unsafe languages. A study entitled " Exploring Memory
11.Locks IsometricPattern Esm H170
2 - 3 min read
Cybersecurity threats continue to emerge regularly, and Promon's security team recently identified one such novel threat, Snowblind. This malware
32.Lock Code Circular Esm H170
2 - 4 min read
The Cybersecurity and Infrastructure Security Agency (CISA) recently added a new Linux kernel privilege escalation bug ( CVE-2024-1086 ) to its
6.EmailConnection Touch Esm H170
2 - 3 min read
Recent security updates for Ubuntu and Debian have been released to address vulnerabilities in Thunderbird, the popular open-source mail and
20.Lock AbstractDigital Circular Esm H170
2 - 3 min read
Google has released fixes for a high-severity Chromium security flaw ( CVE-2024-5274 ) impacting its widely used Chrome browser and other
20.Lock AbstractDigital Circular Esm H170
2 - 4 min read
The recent discovery of a backdoor in Linux's xz compression tool has shed light on cybercriminals' ingenious methods of gaining entry and remaining
19.Laptop Bed Esm H170
2 - 4 min read
Wordfence security researchers recently shed light on an infamous supply chain attack that may have affected as many as 36,000 WordPress websites.

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved