openSUSE-SU-2019:0242-1

Опубликовано: 11 апр. 2019

Источник: suse-cvrf

Описание

Security update for kauth

This update for kauth fixes the following issues:

Security issue fixed:

CVE-2019-7443: Fixed an insecure handling of arguments in helpers by removing the support of passing gui variants (bsc#1124863).

Список пакетов

SUSE Package Hub 12 SP1

extra-cmake-modules-5.32.0-7.2

kauth-devel-5.45.0-bp150.5.2

kauth-devel-32bit-5.45.0-lp150.5.2

kauth-devel-64bit-5.45.0-bp150.5.2

kcoreaddons-5.45.0-bp150.3.6.2

kcoreaddons-devel-5.45.0-bp150.3.6.2

kcoreaddons-devel-64bit-5.45.0-bp150.3.6.2

kcoreaddons-lang-5.45.0-bp150.3.6.2

libKF5Auth5-5.45.0-bp150.5.2

libKF5Auth5-32bit-5.45.0-lp150.5.2

libKF5Auth5-64bit-5.45.0-bp150.5.2

libKF5Auth5-lang-5.45.0-bp150.5.2

libKF5CoreAddons5-5.45.0-bp150.3.6.2

libKF5CoreAddons5-64bit-5.45.0-bp150.3.6.2

libpolkit-qt5-1-1-0.112.0-5.2

libpolkit-qt5-1-1-64bit-0.112.0-5.2

libpolkit-qt5-1-devel-0.112.0-5.2

libpolkit-qt5-1-devel-64bit-0.112.0-5.2

SUSE Package Hub 12 SP2

extra-cmake-modules-5.32.0-7.2

kauth-devel-5.45.0-bp150.5.2

kauth-devel-32bit-5.45.0-lp150.5.2

kauth-devel-64bit-5.45.0-bp150.5.2

kcoreaddons-5.45.0-bp150.3.6.2

kcoreaddons-devel-5.45.0-bp150.3.6.2

kcoreaddons-devel-64bit-5.45.0-bp150.3.6.2

kcoreaddons-lang-5.45.0-bp150.3.6.2

libKF5Auth5-5.45.0-bp150.5.2

libKF5Auth5-32bit-5.45.0-lp150.5.2

libKF5Auth5-64bit-5.45.0-bp150.5.2

libKF5Auth5-lang-5.45.0-bp150.5.2

libKF5CoreAddons5-5.45.0-bp150.3.6.2

libKF5CoreAddons5-64bit-5.45.0-bp150.3.6.2

libpolkit-qt5-1-1-0.112.0-5.2

libpolkit-qt5-1-1-64bit-0.112.0-5.2

libpolkit-qt5-1-devel-0.112.0-5.2

libpolkit-qt5-1-devel-64bit-0.112.0-5.2

SUSE Package Hub 12 SP3

extra-cmake-modules-5.32.0-7.2

kauth-devel-5.45.0-bp150.5.2

kauth-devel-32bit-5.45.0-lp150.5.2

kauth-devel-64bit-5.45.0-bp150.5.2

kcoreaddons-5.45.0-bp150.3.6.2

kcoreaddons-devel-5.45.0-bp150.3.6.2

kcoreaddons-devel-64bit-5.45.0-bp150.3.6.2

kcoreaddons-lang-5.45.0-bp150.3.6.2

libKF5Auth5-5.45.0-bp150.5.2

libKF5Auth5-32bit-5.45.0-lp150.5.2

libKF5Auth5-64bit-5.45.0-bp150.5.2

libKF5Auth5-lang-5.45.0-bp150.5.2

libKF5CoreAddons5-5.45.0-bp150.3.6.2

libKF5CoreAddons5-64bit-5.45.0-bp150.3.6.2

libpolkit-qt5-1-1-0.112.0-5.2

libpolkit-qt5-1-1-64bit-0.112.0-5.2

libpolkit-qt5-1-devel-0.112.0-5.2

libpolkit-qt5-1-devel-64bit-0.112.0-5.2

SUSE Package Hub 15

extra-cmake-modules-5.32.0-7.2

kauth-devel-5.45.0-bp150.5.2

kauth-devel-32bit-5.45.0-lp150.5.2

kauth-devel-64bit-5.45.0-bp150.5.2

kcoreaddons-5.45.0-bp150.3.6.2

kcoreaddons-devel-5.45.0-bp150.3.6.2

kcoreaddons-devel-64bit-5.45.0-bp150.3.6.2

kcoreaddons-lang-5.45.0-bp150.3.6.2

libKF5Auth5-5.45.0-bp150.5.2

libKF5Auth5-32bit-5.45.0-lp150.5.2

libKF5Auth5-64bit-5.45.0-bp150.5.2

libKF5Auth5-lang-5.45.0-bp150.5.2

libKF5CoreAddons5-5.45.0-bp150.3.6.2

libKF5CoreAddons5-64bit-5.45.0-bp150.3.6.2

libpolkit-qt5-1-1-0.112.0-5.2

libpolkit-qt5-1-1-64bit-0.112.0-5.2

libpolkit-qt5-1-devel-0.112.0-5.2

libpolkit-qt5-1-devel-64bit-0.112.0-5.2

openSUSE Leap 15.0

extra-cmake-modules-5.32.0-7.2

kauth-devel-5.45.0-bp150.5.2

kauth-devel-32bit-5.45.0-lp150.5.2

kauth-devel-64bit-5.45.0-bp150.5.2

kcoreaddons-5.45.0-bp150.3.6.2

kcoreaddons-devel-5.45.0-bp150.3.6.2

kcoreaddons-devel-64bit-5.45.0-bp150.3.6.2

kcoreaddons-lang-5.45.0-bp150.3.6.2

libKF5Auth5-5.45.0-bp150.5.2

libKF5Auth5-32bit-5.45.0-lp150.5.2

libKF5Auth5-64bit-5.45.0-bp150.5.2

libKF5Auth5-lang-5.45.0-bp150.5.2

libKF5CoreAddons5-5.45.0-bp150.3.6.2

libKF5CoreAddons5-64bit-5.45.0-bp150.3.6.2

libpolkit-qt5-1-1-0.112.0-5.2

libpolkit-qt5-1-1-64bit-0.112.0-5.2

libpolkit-qt5-1-devel-0.112.0-5.2

libpolkit-qt5-1-devel-64bit-0.112.0-5.2

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FVD5STKYWF7LYLT7SRZUXVAZWHNJ3DEG/#FVD5STKYWF7LYLT7SRZUXVAZWHNJ3DEG
E-Mail link for openSUSE-SU-2019:0242-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1124863
SUSE Bug 1124863
https://www.suse.com/security/cve/CVE-2019-7443/
SUSE CVE CVE-2019-7443 page

Описание

KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability.

Затронутые продукты

SUSE Package Hub 12 SP1:extra-cmake-modules-5.32.0-7.2

SUSE Package Hub 12 SP1:kauth-devel-32bit-5.45.0-lp150.5.2

SUSE Package Hub 12 SP1:kauth-devel-5.45.0-bp150.5.2

SUSE Package Hub 12 SP1:kauth-devel-64bit-5.45.0-bp150.5.2

Ссылки

https://www.suse.com/security/cve/CVE-2019-7443.html
CVE-2019-7443
https://bugzilla.suse.com/1124863
SUSE Bug 1124863
https://bugzilla.suse.com/1170293
SUSE Bug 1170293

openSUSE-SU-2019:0242-1

Описание

Список пакетов

SUSE Package Hub 12 SP1

SUSE Package Hub 12 SP2

SUSE Package Hub 12 SP3

SUSE Package Hub 15

openSUSE Leap 15.0

Ссылки

Уязвимость: CVE-2019-7443

Описание

Затронутые продукты

Ссылки