Package: kdelibs-bin
Version: 4:4.14.14-1+b1
Severity: critical
File: /usr/bin/kdeinit4
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
since the last update kdeinit4 starts on a xfce session:
ps -Af | grep kde
root37 2 0 20:49 ?00:00:00 [kdevtmpfs]
jff 5752 1 0 20:51 ?00:00:00 kdeinit4: kdeinit4 Running...
jff 5757 5752 0 20:51 ?00:00:00 kdeinit4: klauncher [kdeinit]
- --fd
jff 5771 1 0 20:51 ?00:00:00 kdeinit4: kded4 [kdeinit]
jff 6708 5752 0 20:52 ?00:00:00 kdeinit4: kio_http [kdeinit]
https
jff 6709 5752 0 20:52 ?00:00:00 kdeinit4: kio_http [kdeinit]
http
jff 6712 5752 0 20:52 ?00:00:00 kdeinit4: kio_http [kdeinit]
http
jff 6714 5752 0 20:52 ?00:00:00 kdeinit4: kio_http [kdeinit]
https
jff 6715 5752 0 20:52 ?00:00:00 kdeinit4: kio_http [kdeinit]
http
jff 6718 5752 0 20:52 ?00:00:00 kdeinit4: kio_http [kdeinit]
https
jff 6719 5752 0 20:52 ?00:00:00 kdeinit4: kio_http [kdeinit]
http
jff 6723 5752 0 20:52 ?00:00:00 kdeinit4: kio_http [kdeinit]
https
jff 6724 5752 0 20:52 ?00:00:00 kdeinit4: kio_http [kdeinit]
http
jff 6727 5752 0 20:52 ?00:00:00 kdeinit4: kio_http [kdeinit]
https
jff 6729 5752 0 20:52 ?00:00:00 kdeinit4: kio_http [kdeinit]
http
jff 6736 5752 0 20:52 ?00:00:00
/usr/lib/kde4/libexec/kio_http_cache_cleaner
jff 6760 5752 0 20:52 ?00:00:00 kdeinit4: kio_http [kdeinit]
http
jff 6761 5752 0 20:52 ?00:00:00 kdeinit4: kio_http [kdeinit]
http
jff 6762 5752 0 20:52 ?00:00:00 kdeinit4: kio_http [kdeinit]
http
jff 6764 5752 0 20:52 ?00:00:00 kdeinit4: kio_http [kdeinit]
http
jff 6901 5654 0 20:53 pts/200:00:00 grep kde
I think that running unwanted programs on a system is always a security hole.
Therefore
I set the severity to critical.
CU
Jörg
- -- System Information:
Debian Release: stretch/sid
APT prefers testing
APT policy: (900, 'testing'), (800, 'unstable'), (500, 'testing-updates'),
(1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.2.0-1-amd64 (SMP w/6 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages kdelibs-bin depends on:
ii libc6 2.21-4
ii libkdecore5 4:4.14.14-1+b1
ii libkdeui5 4:4.14.14-1+b1
ii libkio5 4:4.14.14-1+b1
ii libkjsapi44:4.14.14-1+b1
ii libkjsembed4 4:4.14.14-1+b1
ii libkrosscore4 4:4.14.14-1+b1
ii libnepomuk4 4:4.14.14-1+b1
ii libnepomukutils4 4:4.14.14-1+b1
ii libqt4-dbus 4:4.8.7+dfsg-5
ii libqt4-xml4:4.8.7+dfsg-5
ii libqtcore44:4.8.7+dfsg-5
ii libqtgui4 4:4.8.7+dfsg-5
ii libsoprano4 2.9.4+dfsg-3+b1
ii libstdc++65.3.1-3
ii libx11-6 2:1.6.3-1
kdelibs-bin recommends no packages.
kdelibs-bin suggests no packages.
- -- no debconf information
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQIcBAEBCgAGBQJWdbsUAAoJEAn4nzyModJdcMsP/0onUGszu4h9+7E4j7rY4caw
vKEH8JnYgnpnEe26IB86/ep17ihOZEonI0oWAaZX9EHGJKTV8DBlpYckY5ZY/QrC
cqj5+2xmEf3wmL99J9NWvn1UVFggPX/2bZ5wQvqEwHyNAlu4fcOuJtO+cnWi75HD
0wW5PjLp1Dah4HlnJ2KJnV6JhLhPiqOFRP4GIcK+SIofybXBQtJEhzalTrwzoLLH
/aakVz3qY0vLDYFV1tZS0+SD3sKJ8ip3L4ij0dIoZwYJvKp4aJ3uw3gOrZ4AyKgk
7uaNezAesX/a2Xdf+9Nno7qLJVS58/9gB6hii2LoAwSLqT4Z6tlIwzL/h79+kbx2
7kVbUAwaXMtBBu33MaOYekmxoMpojlRsTep7Tcoagr8t93lPshsSUn91bL0DduBT
oEQ85cqeNoc3wivno44h92jHbJhbcpW2K1+YLaxxOODUaFMJWZ3VDqRgrHQJXqbk
KAG8diHSgHf0wrxAuXOk0K1uz/pWEorbVKJbnnf9S+dRzzkDy4kkG7d9ITkGQzl/
CrNYHHJOGiTtNhArs26fyzJf48H6KZlJRhQKSdwa0E2Mai+e8bVTzEbsk6jCcll5
psbBmnDOkVfn4+ImusYpeucQI/+Dx04itbgF0xK59xuxu9T1LtDu1ejJAw6vbeZx
ljNUV6f55OBU6y364TG8
=n+EQ
-END PGP SIGNATURE-
