drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Eingabeprüfung in plasma-workspace
Name: |
Mangelnde Eingabeprüfung in plasma-workspace |
|
ID: |
DSA-4116-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian stretch |
|
Datum: |
Sa, 17. Februar 2018, 11:01 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6791 |
|
Applikationen: |
KDE Plasma |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-4116-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 16, 2018 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : plasma-workspace CVE ID : CVE-2018-6791
Krzysztof Sieluzycki discovered that the notifier for removable devices in the KDE Plasma workspace performed insufficient sanitisation of FAT/VFAT volume labels, which could result in the execution of arbitrary shell commands if a removable device with a malformed disk label is mounted.
For the stable distribution (stretch), this problem has been fixed in version 4:5.8.6-2.1+deb9u1.
We recommend that you upgrade your plasma-workspace packages.
For the detailed security status of plasma-workspace please refer to its security tracker page at: https://security-tracker.debian.org/tracker/plasma-workspace
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlqHQqIACgkQEMKTtsN8 TjZY3RAAkUCktNs6NXdNera66uIPSr6OgvNwMzpkTGDRogtAxQpNoDBoDOK/GgjF YhOVvh/8t5oL4e1n8S04pVP7yj9dXzP80d9MTleoNqtkxBIPESdUISOSsxWaTI8+ fRiBH9YqKFeSV332KKVke7PXUGoAJNJiLgtaMX7spSE88LNbm8pzGOd/I9js54bf bppqZnnUWvBwWPpJAqZis5LSWK+2+qXeJBm76nE1WVxooncQ0KPWUhnIFwODeAJT ALhTMCzvlXBVV7HaslA8CCBitw+l0kv+g7R5rg0uAZIzd3vYjroG/Lp5cXitb5ls L9CjAKTsqBIdFIOj8jwyNE+Dj2QQFYBufl/LNJwpkPlcO+sCk26OshYoIWiCjJ9w qO+vL4zq2ihdV6ihfwPtXEvBuCUGpQBJitWl5wGnBBlqLp7yxpoiTrtnkd8jEeUz LerxBfUEtCHDrOyR1MTqzufNBc4+hAkRINq8DwOjE4Ku5nY4cyAhCyMKmIT0GF1f JD7DoHbOu2cStWP/l9HrjEthto6py16Ua4eo7qSbSCKWIfv/VdV6IqEVa+LQbzox DiepHeq/j8aufZAS06giYQKhnG7n1rTrn0qqI/y1mcw5jmTmU/gMymVc4Ux72bkr 8qOI8Tw5614YnWDDaQXuYrpvhX7QIxGOVw6hTwyE9ePaN56zxHY= =tzeQ -----END PGP SIGNATURE-----
|
|
|
|