Описание
Security update for plasma5-workspace
plasma5-workspace was updated to fix the following issue:
-
Fixed ksmserver authentication (CVE-2024-36041, boo#1225774).
-
Fixed a regression introduced by the preceding change (kde#487912, boo#1226110):
Список пакетов
SUSE Package Hub 15 SP6
gmenudbusmenuproxy-5.27.11-bp156.3.3.1
plasma5-session-5.27.11-bp156.3.3.1
plasma5-session-wayland-5.27.11-bp156.3.3.1
plasma5-workspace-5.27.11-bp156.3.3.1
plasma5-workspace-devel-5.27.11-bp156.3.3.1
plasma5-workspace-lang-5.27.11-bp156.3.3.1
plasma5-workspace-libs-5.27.11-bp156.3.3.1
xembedsniproxy-5.27.11-bp156.3.3.1
openSUSE Leap 15.6
gmenudbusmenuproxy-5.27.11-bp156.3.3.1
plasma5-session-5.27.11-bp156.3.3.1
plasma5-session-wayland-5.27.11-bp156.3.3.1
plasma5-workspace-5.27.11-bp156.3.3.1
plasma5-workspace-devel-5.27.11-bp156.3.3.1
plasma5-workspace-lang-5.27.11-bp156.3.3.1
plasma5-workspace-libs-5.27.11-bp156.3.3.1
xembedsniproxy-5.27.11-bp156.3.3.1
Ссылки
- E-Mail link for openSUSE-SU-2024:0161-1
- SUSE Security Ratings
- SUSE Bug 1225774
- SUSE Bug 1226110
- SUSE Bug 487912
- SUSE CVE CVE-2024-36041 page
Описание
KSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This allows another user on the same machine to gain access to the session manager, e.g., use the session-restore feature to execute arbitrary code as the victim (on the next boot) via earlier use of the /tmp directory.
Затронутые продукты
SUSE Package Hub 15 SP6:gmenudbusmenuproxy-5.27.11-bp156.3.3.1
SUSE Package Hub 15 SP6:plasma5-session-5.27.11-bp156.3.3.1
SUSE Package Hub 15 SP6:plasma5-session-wayland-5.27.11-bp156.3.3.1
SUSE Package Hub 15 SP6:plasma5-workspace-5.27.11-bp156.3.3.1
Ссылки
- CVE-2024-36041
- SUSE Bug 1225774