ACK on the debdiffs in comments #1 and #2. I have uploaded them for releasing as a security update, with a few minor changes, such as targeting the security pocket, some whitespace changes in the changelog, and adding the new patch to the end of the series file rather than at the beginning.
Thanks! ** Also affects: kde4libs (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: kauth (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: kde4libs (Ubuntu Artful) Importance: Undecided Status: Confirmed ** Also affects: kauth (Ubuntu Artful) Importance: Undecided Status: Confirmed ** Also affects: kde4libs (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: kauth (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: kde4libs (Ubuntu Yakkety) Importance: Undecided Status: New ** Also affects: kauth (Ubuntu Yakkety) Importance: Undecided Status: New ** Also affects: kde4libs (Ubuntu Zesty) Importance: Undecided Status: New ** Also affects: kauth (Ubuntu Zesty) Importance: Undecided Status: New ** Changed in: kde4libs (Ubuntu Trusty) Importance: Undecided => High ** Changed in: kde4libs (Ubuntu Trusty) Status: New => Confirmed ** Changed in: kde4libs (Ubuntu Trusty) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: kde4libs (Ubuntu Xenial) Importance: Undecided => High ** Changed in: kde4libs (Ubuntu Xenial) Status: New => Confirmed ** Changed in: kde4libs (Ubuntu Yakkety) Importance: Undecided => High ** Changed in: kde4libs (Ubuntu Yakkety) Status: New => Confirmed ** Changed in: kde4libs (Ubuntu Zesty) Importance: Undecided => High ** Changed in: kde4libs (Ubuntu Zesty) Status: New => Confirmed ** Changed in: kde4libs (Ubuntu Zesty) Status: Confirmed => In Progress ** Changed in: kauth (Ubuntu Trusty) Status: New => Invalid ** Changed in: kauth (Ubuntu Xenial) Importance: Undecided => High ** Changed in: kauth (Ubuntu Xenial) Status: New => Confirmed ** Changed in: kauth (Ubuntu Yakkety) Importance: Undecided => High ** Changed in: kauth (Ubuntu Yakkety) Status: New => Confirmed ** Changed in: kauth (Ubuntu Zesty) Importance: Undecided => High ** Changed in: kauth (Ubuntu Zesty) Status: New => Confirmed ** Changed in: kauth (Ubuntu Zesty) Status: Confirmed => In Progress ** Changed in: kauth (Ubuntu Artful) Importance: Undecided => High ** Changed in: kde4libs (Ubuntu Artful) Importance: Undecided => High ** Changed in: kde4libs (Ubuntu Trusty) Status: Confirmed => In Progress -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1689759 Title: CVE 2017-8422 - kauth: Local privilege escalation Status in kauth package in Ubuntu: Confirmed Status in kde4libs package in Ubuntu: Confirmed Status in kauth source package in Trusty: Invalid Status in kde4libs source package in Trusty: In Progress Status in kauth source package in Xenial: Confirmed Status in kde4libs source package in Xenial: Confirmed Status in kauth source package in Yakkety: Confirmed Status in kde4libs source package in Yakkety: Confirmed Status in kauth source package in Zesty: In Progress Status in kde4libs source package in Zesty: In Progress Status in kauth source package in Artful: Confirmed Status in kde4libs source package in Artful: Confirmed Bug description: KDE Project Security Advisory ============================= Title: kauth: Local privilege escalation Risk Rating: High CVE: CVE-2017-8422 Versions: kauth < 5.34, kdelibs < 4.14.32 Date: 10 May 2017 Overview ======== KAuth contains a logic flaw in which the service invoking dbus is not properly checked. This allows spoofing the identity of the caller and with some carefully crafted calls can lead to gaining root from an unprivileged account. Solution ======== Update to kauth >= 5.34 and kdelibs >= 4.14.32 (when released) Or apply the following patches: kauth: https://commits.kde.org/kauth/df875f725293af53399f5146362eb158b4f9216a kdelibs: https://commits.kde.org/kdelibs/264e97625abe2e0334f97de17f6ffb52582888ab Credits ======= Thanks to Sebastian Krahmer from SUSE for the report and to Albert Astals Cid from KDE for the fix. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/kauth/+bug/1689759/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp