Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 528468 (CVE-2014-8651)

Summary: <kde-base/systemsettings-4.11.13-r1: escalated arbitrary command execution (CVE-2014-8651)
Product: Gentoo Security Reporter: Manuel Rüger (RETIRED) <mrueg>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://www.kde.org/info/security/advisory-20141106-1.txt
Whiteboard: A1 [glsa cve]
Package list:
Runtime testing required: ---
Bug Depends on: 517344    
Bug Blocks:    

Description Manuel Rüger (RETIRED) gentoo-dev 2014-11-06 18:48:37 UTC 
Vulnerability fixed in 4.11.13-r1.

Stabilization bug #528466.
Comment 1 Kristian Fiskerstrand (RETIRED) gentoo-dev 2014-11-08 23:12:23 UTC 
@maintainers: Is 4.11.13-r1 ready for stabilization?
Comment 2 Manuel Rüger (RETIRED) gentoo-dev 2014-11-09 01:16:26 UTC 
Arches have been added to bug 528466
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2015-01-04 20:35:23 UTC 
CVE-2014-8651 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8651):
  The KDE Clock KCM policykit helper in kde-workspace before 4.11.14 and
  plasma-desktop before 5.1.1 allows local users to gain privileges via a
  crafted ntpUtility (ntp utility name) argument.
Comment 4 Johannes Huber (RETIRED) gentoo-dev 2015-02-19 18:16:50 UTC 
Thanks all. Cleanup done my Michael. Removing kde from cc, nothing to do for us anymore.

+
+  19 Feb 2015; Michael Palimaka <kensington@gentoo.org>
+  -systemsettings-4.11.9-r1.ebuild, -systemsettings-4.11.9.ebuild:+
+  Remove KDE Workspace 4.11.9
+
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2015-12-30 21:11:04 UTC 
This issue was resolved and addressed in
 GLSA 201512-12 at https://security.gentoo.org/glsa/201512-12
by GLSA coordinator Yury German (BlueKnight).