Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 5723-1] plasma-workspace security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5723-1] plasma-workspace security update


Chronologisch Thread  
    < Chronologisch >       < Thread >
  • From: Moritz Muehlenhoff <jmm AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 5723-1] plasma-workspace security update
  • Date: Thu, 27 Jun 2024 18:36:31 +0000
  • List-archive: https://lists.debian.org/msgid-search/Zn2xLzJWsU3Oglwi AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=ft2qD4G/Dex3DHgrdDDinIMUklGLNZlAKjPZtqBD5ek=; b=rc o8vpXiYigVXNVUmwh1U9oI+QYUwHjk6de+HZCtGhhBFdb7m7JoWw926LVGV7QdHEdPU18BrmVagQU rw9jrPkCSYhpCxTg8pJdGS4khfCqPCPdbuzD8+P6L1dFcPGO9vA9Ri4gCWrie3krcnwc1QcdaaxfT lXSD3XzNpSHnDmoDY7q+989Inj7whdA5mBhPn1eudIGnrxKkJtfHUr0qsNMRPsUddwHpD4wySSwEJ 1u8HzJAawYK8gp2WzWQ7bAOBwP+alHEROocUiz1JauhshMo/+3kpd/c8MqfXn19AZ6qvLdisvGZa3 AUy7YA6FRoVAE8E43uEiQymE0xxqB3iw==;
  • Old-return-path: <jmm AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Thu, 27 Jun 2024 18:36:50 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <sJJQpxnXqNI.A.HzXH.CFbfmB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5723-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
June 27, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : plasma-workspace
CVE ID : CVE-2024-36041

Fabian Vogt discovered that the KDE session management server
insufficiently restricted ICE connections from localhost, which could
allow a local attacker to execute arbitrary code as another user on
next boot.

For the oldstable distribution (bullseye), this problem has been fixed
in version 4:5.20.5-6+deb11u1.

For the stable distribution (bookworm), this problem has been fixed in
version 4:5.27.5-2+deb12u2.

We recommend that you upgrade your plasma-workspace packages.

For the detailed security status of plasma-workspace please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/plasma-workspace

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZ9r5gACgkQEMKTtsN8
TjZUrRAAped6yEardsWDFEJgGZPtJzGItPSo1cS4u5J+DxNSOs5F0YWYpfgYk9Vq
Ud92pF/ORYH4IVVUjKKDye6hVPufY1mu0Bibgl5OyZxgkrXLnnTRg69PAwqT1IZi
3L4ge8g+6zG3Y4j+e4kVOcgStvLnKXz8URQVCYvQB+VJWWfIJXl0YDJnHlX7hYhn
Th2X1aUIryZs0reokkrofRIkcuPWZqth1Dgy1xmGBC2voCfrJ5g3Qu05nVFvnBFe
QMV737XZxShKMbiV7oE7BXAZ3DuYU4OOXm14SvqTTwdNe/7zhhyz4GCmlIJHQu1u
rTMPVODckBBAhc3dBjEPpAV5LJpEmoIoINsfp/ulArZkXifTl7sIBLcgodNsTPrE
W6q5MU7u51XUDd4yYaa2PVT2U3xpPHaj4C5opbp7EwvoCN0Gj6m7BRhSWKl74joO
QkWjRBxHcmv0zJPH0ttekpyjcwxPmGSSshVEbPYeG6Sw0Zwn9r6fT5749DP+iESf
7gDJhIxyxVG9o/p5sJOuGo9G43reGleQMigWwhfVt74Ing05o4sSIcqJkkmPNoIT
MhkKHXRmKtDQOMsT74T/NX7zUGGZBpsmtZZq4Ze0zEvnVfMnxJc+n0WXIRLW+gid
YFFHRXUY4T1vkcJKSLZpI3Kdp5xzMRPAVAn1sGrmnqkwZfcrWiA=
=hKop
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 5723-1] plasma-workspace security update, Moritz Muehlenhoff, 27.06.2024

Archiv bereitgestellt durch MHonArc 2.6.19+.

Seitenanfang