Advisories ยป MGASA-2017-0274

Updated kauth and kdelibs4 packages fix security vulnerability

Publication date: 16 Aug 2017
Modification date: 16 Aug 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-8422

Description

Sebastian Krahmer from SUSE discovered that the KAuth framework contains a
logic flaw in which the service invoking dbus is not properly checked. This
flaw allows spoofing the identity of the caller and gaining root privileges
from an unprivileged account (CVE-2017-8422).
                

References

SRPMS

5/core