KDE Project Security Advisory: kauth: Insecure handling of arguments in helpers
Albert Astals Cid
aacid at kde.org
Sat Feb 9 11:13:05 GMT 2019
KDE Project Security Advisory
Title: kauth: Insecure handling of arguments in helpers
Risk Rating: Medium
Versions: KDE Frameworks < 5.55.0
Date: 9 February 2019
KAuth allows to pass parameters with arbitrary types to helpers running as root
over DBus. Certain types can cause crashes and trigger decoding arbitrary
images with dynamically loaded plugins.
Update to kauth >= 5.55.0
Or apply the following patch to kauth:
Thanks to Fabian Vogt for the report and Albert Astals Cid for the fix.
More information about the kde-announce