Summary: | <kde-base/systemsettings-4.11.13-r1: escalated arbitrary command execution (CVE-2014-8651) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Manuel Rüger (RETIRED) <mrueg> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.kde.org/info/security/advisory-20141106-1.txt | ||
Whiteboard: | A1 [glsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 517344 | ||
Bug Blocks: |
Description
Manuel Rüger (RETIRED)
2014-11-06 18:48:37 UTC
@maintainers: Is 4.11.13-r1 ready for stabilization? Arches have been added to bug 528466 CVE-2014-8651 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8651): The KDE Clock KCM policykit helper in kde-workspace before 4.11.14 and plasma-desktop before 5.1.1 allows local users to gain privileges via a crafted ntpUtility (ntp utility name) argument. Thanks all. Cleanup done my Michael. Removing kde from cc, nothing to do for us anymore. + + 19 Feb 2015; Michael Palimaka <kensington@gentoo.org> + -systemsettings-4.11.9-r1.ebuild, -systemsettings-4.11.9.ebuild:+ + Remove KDE Workspace 4.11.9 + This issue was resolved and addressed in GLSA 201512-12 at https://security.gentoo.org/glsa/201512-12 by GLSA coordinator Yury German (BlueKnight). |