Public bug reported: KDE Project Security Advisory =============================
Title: kauth: Insecure handling of arguments in helpers Risk Rating: Medium CVE: CVE-2019-7443 Versions: KDE Frameworks < 5.55.0 Date: 9 February 2019 Overview ======== KAuth allows to pass parameters with arbitrary types to helpers running as root over DBus. Certain types can cause crashes and trigger decoding arbitrary images with dynamically loaded plugins. Solution ======== Update to kauth >= 5.55.0 Or apply the following patch to kauth: https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a Credits ======= Thanks to Fabian Vogt for the report and Albert Astals Cid for the fix. Debian advisory: https://security- tracker.debian.org/tracker/CVE-2019-7443 ** Affects: kauth (Ubuntu) Importance: Undecided Status: New ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-7443 -- You received this bug notification because you are a member of Kubuntu Bugs, which is subscribed to kauth in Ubuntu. https://bugs.launchpad.net/bugs/1815427 Title: [CVE] Insecure handling of arguments in helpers To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/kauth/+bug/1815427/+subscriptions -- kubuntu-bugs mailing list kubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/kubuntu-bugs