Overview ======== KSmserver, KDE's XSMP manager, incorrectly allows connections via ICE based purely on the host, allowing all local connections. This allows another user on the same machine to gain access to the session manager. A well crafted client could use the session restore feature to execute arbitrary code as the user on the next boot.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f102a34bb6339a5ee03f9a4a7b381dc6c0abf300 commit f102a34bb6339a5ee03f9a4a7b381dc6c0abf300 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2024-06-07 16:08:45 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2024-06-07 16:16:43 +0000 kde-plasma/plasma-workspace: drop 5.27.11, 5.27.11.1 Bug: https://bugs.gentoo.org/933342 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> kde-plasma/plasma-workspace/Manifest | 1 - .../plasma-workspace-5.27.11.1.ebuild | 233 --------------------- .../plasma-workspace-5.27.11.ebuild | 233 --------------------- 3 files changed, 467 deletions(-)
Cleanup done, thanks everyone.
