KDE Project Security Advisory ============================= Title: kauth: Insecure handling of arguments in helpers Risk Rating: Medium CVE: CVE-2019-7443 Versions: KDE Frameworks < 5.55.0 Date: 9 February 2019 Overview ======== KAuth allows to pass parameters with arbitrary types to helpers running as root over DBus. Certain types can cause crashes and trigger decoding arbitrary images with dynamically loaded plugins. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7443
x86 stable
amd64 stable
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e037d56b2b07aeffbf1117893f706b51338cf94e commit e037d56b2b07aeffbf1117893f706b51338cf94e Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2019-02-18 09:01:20 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2019-02-18 10:53:55 +0000 kde-frameworks/kauth: Security cleanup Bug: https://bugs.gentoo.org/678170 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> Package-Manager: Portage-2.3.51, Repoman-2.3.11 kde-frameworks/kauth/kauth-5.54.0.ebuild | 41 -------------------------------- 1 file changed, 41 deletions(-)
Cleanup done, KDE team out.