Updated kauth and kdelibs4 packages fix security vulnerability
Publication date: 16 Aug 2017Modification date: 16 Aug 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-8422
Description
Sebastian Krahmer from SUSE discovered that the KAuth framework contains a logic flaw in which the service invoking dbus is not properly checked. This flaw allows spoofing the identity of the caller and gaining root privileges from an unprivileged account (CVE-2017-8422).
References
SRPMS
5/core
- kauth-5.5.0-1.1.mga5
- kdelibs4-4.14.30-1.1.mga5