Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 528468 (CVE-2014-8651) - <kde-base/systemsettings-4.11.13-r1: escalated arbitrary command execution (CVE-2014-8651)
Summary: <kde-base/systemsettings-4.11.13-r1: escalated arbitrary command execution (C...
Status: RESOLVED FIXED
Alias: CVE-2014-8651
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://www.kde.org/info/security/adv...
Whiteboard: A1 [glsa cve]
Keywords:
Depends on: kde-4.14.3-stable
Blocks:
  Show dependency tree
 
Reported: 2014-11-06 18:48 UTC by Manuel Rüger (RETIRED)
Modified: 2015-12-30 21:11 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Manuel Rüger (RETIRED) gentoo-dev 2014-11-06 18:48:37 UTC 
Vulnerability fixed in 4.11.13-r1.

Stabilization bug #528466.
Comment 1 Kristian Fiskerstrand (RETIRED) gentoo-dev 2014-11-08 23:12:23 UTC 
@maintainers: Is 4.11.13-r1 ready for stabilization?
Comment 2 Manuel Rüger (RETIRED) gentoo-dev 2014-11-09 01:16:26 UTC 
Arches have been added to bug 528466
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2015-01-04 20:35:23 UTC 
CVE-2014-8651 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8651):
  The KDE Clock KCM policykit helper in kde-workspace before 4.11.14 and
  plasma-desktop before 5.1.1 allows local users to gain privileges via a
  crafted ntpUtility (ntp utility name) argument.
Comment 4 Johannes Huber (RETIRED) gentoo-dev 2015-02-19 18:16:50 UTC 
Thanks all. Cleanup done my Michael. Removing kde from cc, nothing to do for us anymore.

+
+  19 Feb 2015; Michael Palimaka <kensington@gentoo.org>
+  -systemsettings-4.11.9-r1.ebuild, -systemsettings-4.11.9.ebuild:+
+  Remove KDE Workspace 4.11.9
+
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2015-12-30 21:11:04 UTC 
This issue was resolved and addressed in
 GLSA 201512-12 at https://security.gentoo.org/glsa/201512-12
by GLSA coordinator Yury German (BlueKnight).