Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
91
security advisoryGentooprivilege escalationGentoo: GLSA-202011-03 Normal: KPMCore Root Escalation Risk
A vulnerability in kpmcore could result in privilege escalation.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202011-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: KPMCore: Root privilege escalation Date: November 03, 2020 Bugs: #749822 ID: 202011-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A vulnerability in kpmcore could result in privilege escalation. Background ========= KPMcore, the KDE Partition Manager core, is a library for examining and modifying partitions, disk devices, and filesystems on a Linux system. It provides a unified programming interface over top of (external) system-manipulation tools. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sys-libs/kpmcore < 4.2.0 > = 4.2.0 Description ========== Improper checks on the D-Bus request received resulted in improper protection for /etc/fstab. Impact ===== An attacker could esclate privileges to root by exploiting this vulnerability. Workaround ========= There is no known workaround at this time. Resolution ========= All KPMCore users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =sys-libs/kpmcore-4.2.0" References ========= [ 1 ] CVE-2020-27187 https://nvd.nist.gov/vuln/detail/CVE-2020-27187 [ 2 ] Upstream advisory https://mail.kde.org/pipermail/kde-announce/2020-October/000124.html Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo SecurityWebsite: https://security.gentoo.org/glsa/202011-03 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Nov 02, 2020
Gentoo
89
security advisoryFedorapackage updateFedora 32 kde-partitionmanager Update 4.2.0: Fix for Critical Issues
Update kpmcore to 4.2.0 and rebuild all dependent packages. This update also fixes a not yet disclosed CVE.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-da859aadde 2020-10-26 01:22:40.513149 --------------------------------------------------------------------------------Name : kde-partitionmanager Product : Fedora 32 Version : 4.2.0 Release : 1.fc32 URL : Summary : KDE Partition Manager Description : KDE Partition Manager is a utility program to help you manage the disk devices, partitions and file systems on your computer. It allows you to easily create, copy, move, delete, resize without losing data, backup and restore partitions. KDE Partition Manager supports a large number of file systems, including ext2/3/4, reiserfs, NTFS, FAT16/32, jfs, xfs and more. Starting from version 1.9.50 KDE Partition Manager has become the GUI part of KPMcore (KDE PartitionManager core) which contain the libraries used to manipulate filesystems. --------------------------------------------------------------------------------Update Information: Update kpmcore to 4.2.0 and rebuild all dependent packages. This update also fixes a not yet disclosed CVE. --------------------------------------------------------------------------------ChangeLog: * Sat Oct 17 2020 Mattia Verga - 4.2.0-1 - Update to stable release 4.2.0 * Tue Jul 28 2020 Fedora Release Engineering - 4.1.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-da859aadde' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Projectcan be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Oct 25, 2020
•Critical
Fedora
89
security advisoryupdatecriticalFedora 33: 2020-73471e6414 Critical: kpmcore Local Privilege Escalation
Update kpmcore to 4.2.0 and rebuild all dependent packages. This update also fixes CVE-2020-27187.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-73471e6414 2020-10-23 22:01:02.263265 --------------------------------------------------------------------------------Name : kpmcore Product : Fedora 33 Version : 4.2.0 Release : 1.fc33 URL : https://github.com/KDE/kpmcore Summary : Library for managing partitions by KDE programs Description : KPMcore contains common code for managing partitions by KDE Partition Manager and other KDE projects --------------------------------------------------------------------------------Update Information: Update kpmcore to 4.2.0 and rebuild all dependent packages. This update also fixes CVE-2020-27187. --------------------------------------------------------------------------------ChangeLog: * Sat Oct 17 2020 Mattia Verga - 4.2.0-1 - Update to stable release 4.2.0 --------------------------------------------------------------------------------References: [ 1 ] Bug #1890199 - CVE-2020-27187 kpmcore: kpmcore_externalcommand helper can be exploited in local privilege escalation https://bugzilla.redhat.com/show_bug.cgi?id=1890199 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-73471e6414' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Oct 23, 2020
•Critical
Fedora
89
security advisoryupdatelocal privilege escalationFedora 33: FEDORA-2020-73471e6414 Moderate: kpmcore Local Escalation
Update kpmcore to 4.2.0 and rebuild all dependent packages. This update also fixes CVE-2020-27187.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-73471e6414 2020-10-23 22:01:02.263265 --------------------------------------------------------------------------------Name : calamares Product : Fedora 33 Version : 3.2.11 Release : 14.fc33 URL : https://calamares.io/ Summary : Installer from a live CD/DVD/USB to disk Description : Calamares is a distribution-independent installer framework, designed to install from a live CD/DVD/USB environment to a hard disk. It includes a graphical installation program based on Qt 5. This package includes the Calamares framework and the required configuration files to produce a working replacement for Anaconda's liveinst. --------------------------------------------------------------------------------Update Information: Update kpmcore to 4.2.0 and rebuild all dependent packages. This update also fixes CVE-2020-27187. --------------------------------------------------------------------------------ChangeLog: * Sat Oct 17 2020 Mattia Verga - 3.2.11-14 - Rebuilt for kpmcore 4.2.0 * Sat Oct 17 2020 Mamoru TASAKA - 3.2.11-13 - Workaround for FTBFS - Workaround for %cmake_kf5 forcely undefining %__cmake_in_source_build - Upstream patch for missing header include - Kill python bytecompile for now * Sat Aug 1 2020 Fedora Release Engineering - 3.2.11-12 - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Tue Jul 28 2020 Adam Jackson - 3.2.11-11 - Require setxkbmap not xorg-x11-xkb-utils * Mon Jul 27 2020 Fedora Release Engineering - 3.2.11-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Fri Jul 24 2020 Jeff Law - 3.2.11-10 - Use __cmake_in_source_build --------------------------------------------------------------------------------References: [ 1 ] Bug #1890199- CVE-2020-27187 kpmcore: kpmcore_externalcommand helper can be exploited in local privilege escalation https://bugzilla.redhat.com/show_bug.cgi?id=1890199 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-73471e6414' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Oct 23, 2020
•Important
Fedora
198
security advisoryhigh severityprivilege escalationArch Linux: ASA-202010-8 High: kpmcore Privilege Escalation
The package kpmcore before version 4.2.0-1 is vulnerable to privilege escalation. . Arch Linux Security Advisory ASA-202010-8 ======================================== Severity: High Date : 2020-10-18 CVE-ID : CVE-2020-27187 Package : kpmcore Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-1253 Summary ====== The package kpmcore before version 4.2.0-1 is vulnerable to privilege escalation. Resolution ========= Upgrade to 4.2.0-1. # pacman -Syu "kpmcore> =4.2.0-1" The problem has been fixed upstream in version 4.2.0. Workaround ========= None. Description ========== kpmcore_externalcommand helper contains a logic flaw in which the service invoking dbus is not properly checked. An attacker on your local machine can replace /etc/fstab, execute mount and other partitioning related commands while KDE Partition Manager is running. mount command can then be used to gain full root privileges. Impact ===== A local attacker is able to escalate privileges, modify the filesystem and launch partition commands on the host while the program is running. References ========= https://kde.org/info/security/advisory-20201017-1.txt https://security.archlinux.org/CVE-2020-27187 . Debian Security Notice DSA-2021-005 highlights a critical vulnerability in libfoo prior to version 1.7.12, exposing systems to potential data breaches.. Arch Linux Security, kpmcore Privilege Escalation, High Severity Advisory. . LinuxSecurity.com Team
Oct 21, 2020
ArchLinux
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!