group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #13159
[Bug 1689759] Re: CVE 2017-8422 - kauth: Local privilege escalation
This bug was fixed in the package kauth - 5.31.0-0ubuntu1.1
---------------
kauth (5.31.0-0ubuntu1.1) zesty-security; urgency=medium
* SECURITY UPDATE: Local privilege escalation (LP: #1689759)
- debian/patches/local-privilege-esc-CVE-2017-8422.patch
- Thanks to Sebastian Krahmer for reporting this issue,
Albert Astals Cid for fixing this issue.
- CVE-2017-8422
-- vishnu@xxxxxxxxxxxxxxx (v.naini) Wed, 10 May 2017 15:22:25 +0530
** Changed in: kauth (Ubuntu Zesty)
Status: In Progress => Fix Released
** Changed in: kde4libs (Ubuntu Zesty)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1689759
Title:
CVE 2017-8422 - kauth: Local privilege escalation
Status in kauth package in Ubuntu:
Confirmed
Status in kde4libs package in Ubuntu:
Confirmed
Status in kauth source package in Trusty:
Invalid
Status in kde4libs source package in Trusty:
In Progress
Status in kauth source package in Xenial:
Confirmed
Status in kde4libs source package in Xenial:
Confirmed
Status in kauth source package in Yakkety:
Confirmed
Status in kde4libs source package in Yakkety:
Confirmed
Status in kauth source package in Zesty:
Fix Released
Status in kde4libs source package in Zesty:
Fix Released
Status in kauth source package in Artful:
Confirmed
Status in kde4libs source package in Artful:
Confirmed
Bug description:
KDE Project Security Advisory
=============================
Title: kauth: Local privilege escalation
Risk Rating: High
CVE: CVE-2017-8422
Versions: kauth < 5.34, kdelibs < 4.14.32
Date: 10 May 2017
Overview
========
KAuth contains a logic flaw in which the service invoking dbus
is not properly checked.
This allows spoofing the identity of the caller and with some
carefully crafted calls can lead to gaining root from an
unprivileged account.
Solution
========
Update to kauth >= 5.34 and kdelibs >= 4.14.32 (when released)
Or apply the following patches:
kauth: https://commits.kde.org/kauth/df875f725293af53399f5146362eb158b4f9216a
kdelibs: https://commits.kde.org/kdelibs/264e97625abe2e0334f97de17f6ffb52582888ab
Credits
=======
Thanks to Sebastian Krahmer from SUSE for the report and
to Albert Astals Cid from KDE for the fix.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/kauth/+bug/1689759/+subscriptions