Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 678170 (CVE-2019-7443) - <kde-frameworks/kauth-5.54.0-r1: Insecure handling of arguments in helpers
Summary: <kde-frameworks/kauth-5.54.0-r1: Insecure handling of arguments in helpers
Alias: CVE-2019-7443
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: B3 [noglsa cve]
Depends on:
Reported: 2019-02-16 18:25 UTC by Andreas Sturmlechner
Modified: 2019-03-10 03:51 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---
stable-bot: sanity-check+


Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Sturmlechner gentoo-dev 2019-02-16 18:25:50 UTC
KDE Project Security Advisory

Title:          kauth: Insecure handling of arguments in helpers
Risk Rating:    Medium
CVE:            CVE-2019-7443
Versions:       KDE Frameworks < 5.55.0
Date:           9 February 2019

KAuth allows to pass parameters with arbitrary types to helpers running as root
over DBus. Certain types can cause crashes and trigger decoding arbitrary
images with dynamically loaded plugins.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2019-02-17 22:37:11 UTC
x86 stable
Comment 2 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-02-18 06:17:35 UTC
amd64 stable
Comment 3 Larry the Git Cow gentoo-dev 2019-02-18 10:54:10 UTC
The bug has been referenced in the following commit(s):

commit e037d56b2b07aeffbf1117893f706b51338cf94e
Author:     Andreas Sturmlechner <>
AuthorDate: 2019-02-18 09:01:20 +0000
Commit:     Andreas Sturmlechner <>
CommitDate: 2019-02-18 10:53:55 +0000

    kde-frameworks/kauth: Security cleanup
    Signed-off-by: Andreas Sturmlechner <>
    Package-Manager: Portage-2.3.51, Repoman-2.3.11

 kde-frameworks/kauth/kauth-5.54.0.ebuild | 41 --------------------------------
 1 file changed, 41 deletions(-)
Comment 4 Andreas Sturmlechner gentoo-dev 2019-02-18 15:14:12 UTC
Cleanup done, KDE team out.