Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -2 articles for you...
87
security advisorycriticaldebianDebian: kdeconnect Critical Impersonation Threat DSA-6063-1 CVE-2025-66270
It was discovered that missing validation of the device ID during handshakes in KDE Connect, a tool to integrate smart phones to a desktop, could allow an attacker to impersonate another device. The oldstable distribution (bookworm) is not affected. For the stable distribution (trixie), this problem has been fixed in. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6063-1
Nov 26, 2025
•Critical
Debian
202
security advisorysecurity fixpatchopenSUSE: 2020:2361-1 Important: kdeconnect-kde Device Verification Fix
An update that contains security fixes can now be installed. . openSUSE Security Update: Security update for kdeconnect-kde ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:2361-1 Rating: important References: #1177672 Affected Products: openSUSE Backports SLE-15-SP1 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for kdeconnect-kde fixes the following issues: - Add fingerprinting for device verification (boo#1177672). This update was imported from the openSUSE:Leap:15.1:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP1: zypper in -t patch openSUSE-2020-2361=1 Package List: - openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64): kdeconnect-kde-1.3.3-bp151.4.6.1 - openSUSE Backports SLE-15-SP1 (noarch): kdeconnect-kde-lang-1.3.3-bp151.4.6.1 References: https://bugzilla.suse.com/1177672 . Stay secure with the latest kdeconnect-kde update, which patches vulnerabilities to protect user data and improve security protocols for safe transmission. openSUSE,kdeconnect,security update,important patch,installation instructions. . Severity: Important. LinuxSecurity.com Team
Dec 29, 2020
•Important
OpenSUSE
203
security advisorymoderatesecurity enhancementMageia 7 MGASA-2020-0475 Moderate: kdeconnect-kde Security Enhancement
For the pairing procedure, the GUI component only presented the friendly 'deviceName' to identify peer devices, which is completely under attacker control. Furthermore the 'deviceName' is transmitted in cleartext in UDP broadcast messages for all other nodes in the network segment to see. Therefore malicious devices can attempt to confuse users by requesting a . MGASA-2020-0475 - Updated kdeconnect-kde packages improve security Publication date: 29 Dec 2020 URL: https://advisories.mageia.org/MGASA-2020-0475.html Type: security Affected Mageia releases: 7 For the pairing procedure, the GUI component only presented the friendly 'deviceName' to identify peer devices, which is completely under attacker control. Furthermore the 'deviceName' is transmitted in cleartext in UDP broadcast messages for all other nodes in the network segment to see. Therefore malicious devices can attempt to confuse users by requesting a pairing under the same 'deviceName' to gain access to a system. Now, a sha256 fingerprint of the concatenated public keys of the two involved certificates is displayed. In the initial popup, a prefix of 8 hex digits of the fingerprint is displayed. The full fingerprint is reachable via an additional "view key" button. References: - https://bugs.mageia.org/show_bug.cgi?id=27700 - https://www.openwall.com/lists/oss-security/2020/11/30/1 - SRPMS: - 7/core/kdeconnect-kde-1.3.4-2.2.mga7 . Mageia's latest security patch resolves kdeconnect concerns regarding unencrypted device identifiers; strengthens peer validation protocols.. Kdeconnect Security, Mageia Update, Peer Authentication, Network Security, Cleartext Risk. . LinuxSecurity.com Team
Dec 29, 2020
Mageia
202
security advisorysecurity updatesoftware updateopenSUSE Leap 15.1: 2020:2334-1 Important: kdeconnect-kde Security Update
An update that contains security fixes can now be installed. . openSUSE Security Update: Security update for kdeconnect-kde ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:2334-1 Rating: important References: #1177672 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for kdeconnect-kde fixes the following issues: - Add fingerprinting for device verification (boo#1177672). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-2334=1 Package List: - openSUSE Leap 15.1 (x86_64): kdeconnect-kde-1.3.3-lp151.2.6.1 kdeconnect-kde-debuginfo-1.3.3-lp151.2.6.1 kdeconnect-kde-debugsource-1.3.3-lp151.2.6.1 - openSUSE Leap 15.1 (noarch): kdeconnect-kde-lang-1.3.3-lp151.2.6.1 References: https://bugzilla.suse.com/1177672 _______________________________________________ openSUSE Security Announce mailing list --
Dec 26, 2020
•Important
OpenSUSE
203
security advisorysecurity issueDenial of ServiceMageia 7: MGASA-2020-0416 Critical: kdeconnect-kde Network Attack
An attacker on your local network could send maliciously crafted packets to other hosts running kdeconnect on the network, causing them to use large amounts of CPU, memory or network connections, which could be used in a Denial of Service attack within the network. (CVE-2020-26164) . MGASA-2020-0416 - Updated kdeconnect-kde packages fix a security vulnerability Publication date: 13 Nov 2020 URL: https://advisories.mageia.org/MGASA-2020-0416.html Type: security Affected Mageia releases: 7 CVE: CVE-2020-26164 An attacker on your local network could send maliciously crafted packets to other hosts running kdeconnect on the network, causing them to use large amounts of CPU, memory or network connections, which could be used in a Denial of Service attack within the network. (CVE-2020-26164) References: - https://bugs.mageia.org/show_bug.cgi?id=27349 - https://www.openwall.com/lists/oss-security/2020/10/13/4 - https://kde.org/info/security/advisory-20201002-1.txt - https://www.cve.org/CVERecord?id=CVE-2020-26164 SRPMS: - 7/core/kdeconnect-kde-1.3.4-2.1.mga7 . Recent kdeconnect-kde updates address a local network denial of service vulnerability, essential for Mageia users' security.. kdeconnect security,Patch Mageia 2020,Denial of Service vulnerability,Mageia network security,Mageia advisory. . Severity: Critical. LinuxSecurity.com Team
Nov 13, 2020
•Critical
Mageia
198
security advisoryhigh severityarbitrary code executionArch Linux: 202010-7 High: kdeconnect Arbitrary Code Execution
The package kdeconnect before version 20.08.2-1 is vulnerable to arbitrary code execution. . Arch Linux Security Advisory ASA-202010-7 ======================================== Severity: High Date : 2020-10-18 CVE-ID : CVE-2020-26164 Package : kdeconnect Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1241 Summary ====== The package kdeconnect before version 20.08.2-1 is vulnerable to arbitrary code execution. Resolution ========= Upgrade to 20.08.2-1. # pacman -Syu "kdeconnect> =20.08.2-1" The problem has been fixed upstream in version 20.08.2. Workaround ========= None. Description ========== Several issues have been found in kdeconnect
Oct 21, 2020
ArchLinux
202
security advisoryupdatebug fixopenSUSE: 2020:1650-1 Important: kdeconnect-kde Network Issue Fix
An update that fixes one vulnerability is now available.. openSUSE Security Update: Security update for kdeconnect-kde ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:1650-1 Rating: important References: #1176268 Cross-References: CVE-2020-26164 Affected Products: openSUSE Backports SLE-15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for kdeconnect-kde fixes the following issues: kdeconnect-kde was updated to fix various security issues in its default enabled network service (CVE-2020-26164, boo#1176268): This update was imported from the openSUSE:Leap:15.2:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP2: zypper in -t patch openSUSE-2020-1650=1 Package List: - openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x x86_64): kdeconnect-kde-20.04.2-bp152.2.3.1 - openSUSE Backports SLE-15-SP2 (noarch): kdeconnect-kde-lang-20.04.2-bp152.2.3.1 kdeconnect-kde-zsh-completion-20.04.2-bp152.2.3.1 References: https://www.suse.com/security/cve/CVE-2020-26164.html https://bugzilla.suse.com/1176268 -- . Addresses a vulnerability in kdeconnect-kde and offers guidance for openSUSE users to implement the required patches.. openSUSE,kdeconnect,security update,fix,network service. . Severity: Important. LinuxSecurity.com Team
Oct 10, 2020
•Important
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!