FS#42679 : [kdebase-workspace] Privilege Escalation via KDE Clock KCM polkit helper

FS#42679 - [kdebase-workspace] Privilege Escalation via KDE Clock KCM polkit helper

Attached to Project: Arch Linux
Opened by Remi Gacogne (rgacogne) - Tuesday, 04 November 2014, 15:23 GMT
Last edited by Andrea Scarpino (BaSh) - Monday, 10 November 2014, 14:32 GMT

Task Type	Bug Report
Category	Packages: Extra
Status	Closed
Assigned To	Andrea Scarpino (BaSh) Sven-Hendrik Haase (Svenstaro)
Architecture	All
Severity	High
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	1 Levente Polyak (anthraxx) (2014-11-09)
Private	No

Details

Hello,

A serious security issue in kde-workspace < 4.14.3 has been disclosed on oss-security [1]. It seems that an unprivileged user could use this flaw to run arbitrary command as root, depending on the configuration.

I don't know whether a new version fixing the issue will be released soon.
If that's not the case, we may want to backport the related patch [2] in Arch.

[1] http://seclists.org/oss-sec/2014/q4/520
[2] https://git.reviewboard.kde.org/r/120977/diff/#

This task depends upon

Closed by Andrea Scarpino (BaSh)
Monday, 10 November 2014, 14:32 GMT
Reason for closing: Fixed
Additional comments about closing: 4.11.13-2

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#42679 - [kdebase-workspace] Privilege Escalation via KDE Clock KCM polkit helper

Details

Loading...