Advisories » MGASA-2017-0274

Updated kauth and kdelibs4 packages fix security vulnerability

Publication date: 16 Aug 2017
Modification date: 16 Aug 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-8422

Description

Sebastian Krahmer from SUSE discovered that the KAuth framework contains a
logic flaw in which the service invoking dbus is not properly checked. This
flaw allows spoofing the identity of the caller and gaining root privileges
from an unprivileged account (CVE-2017-8422).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=20843
• https://www.kde.org/info/security/advisory-20170510-1.txt
• https://www.debian.org/security/2017/dsa-3849
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8422

SRPMS

5/core

• kauth-5.5.0-1.1.mga5
• kdelibs4-4.14.30-1.1.mga5