MGASA-2024-0214

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2024-0214.html

Import Source

https://advisories.mageia.org/MGASA-2024-0214.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2024-0214

Related

CVE-2024-36041

Published

2024-06-07T17:31:41Z

Modified

2024-06-07T17:14:16Z

Summary

Updated plasma-workspace packages fix security vulnerability

Details

KSmserver, KDE's XSMP manager, incorrectly allows connections via ICE based purely on the host, allowing all local connections. This allows another user on the same machine to gain access to the session manager. A well crafted client could use the session restore feature to execute arbitrary code as the user on the next boot.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:9 / plasma-workspace

Package

Name: plasma-workspace
Purl: pkg:rpm/mageia/plasma-workspace?distro=mageia-9

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.27.10-1.1.mga9

Ecosystem specific

{
    "section": "core"
}