From 5d8ffbc273ca664e15618d557ced3e02de1a884b Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Sun, 7 Jul 2024 12:24:47 +0100 Subject: gentoo auto-resync : 07:07:2024 - 12:24:46 --- metadata/glsa/glsa-202407-20.xml | 48 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 metadata/glsa/glsa-202407-20.xml (limited to 'metadata/glsa/glsa-202407-20.xml') diff --git a/metadata/glsa/glsa-202407-20.xml b/metadata/glsa/glsa-202407-20.xml new file mode 100644 index 000000000000..84856ba8345c --- /dev/null +++ b/metadata/glsa/glsa-202407-20.xml @@ -0,0 +1,48 @@ + + + + KDE Plasma Workspaces: Privilege Escalation + A vulnerability has been discovered in KDE Plasma Workspaces, which can lead to privilege escalation. + plasma-workspace + 2024-07-06 + 2024-07-06 + 933342 + remote + + + 5.27.11.1 + 5.27.11.1 + + + +

KDE Plasma workspace is a widget based desktop environment designed to be fast and efficient.

+ + +

Multiple vulnerabilities have been discovered in KDE Plasma Workspaces. Please review the CVE identifiers referenced below for details.

+ + +

KSmserver, KDE's XSMP manager, incorrectly allows connections via ICE +based purely on the host, allowing all local connections. This allows +another user on the same machine to gain access to the session +manager. + +A well crafted client could use the session restore feature to execute +arbitrary code as the user on the next boot.

+ + +

There is no known workaround at this time.

+ + +

All KDE Plasma Workspaces users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=kde-plasma/plasma-workspace-5.27.11.1" + + + + CVE-2024-36041 + + graaff + graaff + \ No newline at end of file -- cgit v1.2.3