2017-04-23
ALT-BU-2017-3075-1
Branch p8 update bulletin.
Closed vulnerabilities
Published: 2017-05-17
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2017-8422
KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app.
Severity: HIGH (7.8)
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- DSA-3849
- DSA-3849
- [oss-security] 20170510 generic kde LPE
- [oss-security] 20170510 generic kde LPE
- 98412
- 98412
- 1038480
- 1038480
- RHSA-2017:1264
- RHSA-2017:1264
- https://bugzilla.redhat.com/show_bug.cgi?id=1449647
- https://bugzilla.redhat.com/show_bug.cgi?id=1449647
- https://cgit.kde.org/kauth.git/commit/?id=df875f725293af53399f5146362eb158b4f9216a
- https://cgit.kde.org/kauth.git/commit/?id=df875f725293af53399f5146362eb158b4f9216a
- https://cgit.kde.org/kdelibs.git/commit/?id=264e97625abe2e0334f97de17f6ffb52582888ab
- https://cgit.kde.org/kdelibs.git/commit/?id=264e97625abe2e0334f97de17f6ffb52582888ab
- GLSA-201706-29
- GLSA-201706-29
- 42053
- 42053
- https://www.kde.org/info/security/advisory-20170510-1.txt
- https://www.kde.org/info/security/advisory-20170510-1.txt