Overview ======== KSmserver, KDE's XSMP manager, incorrectly allows connections via ICE based purely on the host, allowing all local connections. This allows another user on the same machine to gain access to the session manager. A well crafted client could use the session restore feature to execute arbitrary code as the user on the next boot.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f102a34bb6339a5ee03f9a4a7b381dc6c0abf300 commit f102a34bb6339a5ee03f9a4a7b381dc6c0abf300 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2024-06-07 16:08:45 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2024-06-07 16:16:43 +0000 kde-plasma/plasma-workspace: drop 5.27.11, 5.27.11.1 Bug: https://bugs.gentoo.org/933342 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> kde-plasma/plasma-workspace/Manifest | 1 - .../plasma-workspace-5.27.11.1.ebuild | 233 --------------------- .../plasma-workspace-5.27.11.ebuild | 233 --------------------- 3 files changed, 467 deletions(-)
Cleanup done, thanks everyone.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=ff64c164b3070caa6ec2bf19cbea6d9083251e93 commit ff64c164b3070caa6ec2bf19cbea6d9083251e93 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-07-06 06:45:04 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-07-06 06:45:13 +0000 [ GLSA 202407-20 ] KDE Plasma Workspaces: Privilege Escalation Bug: https://bugs.gentoo.org/933342 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202407-20.xml | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+)
