Advisories » MGASA-2024-0214

Updated plasma-workspace packages fix security vulnerability

Publication date: 07 Jun 2024
Modification date: 07 Jun 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-36041

Description

KSmserver, KDE's XSMP manager, incorrectly allows connections via ICE
based purely on the host, allowing all local connections. This allows
another user on the same machine to gain access to the session
manager.
A well crafted client could use the session restore feature to execute
arbitrary code as the user on the next boot.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33272
• https://kde.org/info/security/advisory-20240531-1.txt
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-36041

SRPMS

9/core

• plasma-workspace-5.27.10-1.1.mga9