Security update for plasma5-workspace SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:0161-1 Final 1 1 2024-06-13T20:01:46Z current 2024-06-13T20:01:46Z 2024-06-13T20:01:46Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for plasma5-workspace plasma5-workspace was updated to fix the following issue: - Fixed ksmserver authentication (CVE-2024-36041, boo#1225774). - Fixed a regression introduced by the preceding change (kde#487912, boo#1226110): The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2024-161 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VXFL4FV75KKEUKXI3LJ5OTFGTIP4IVYA/ E-Mail link for openSUSE-SU-2024:0161-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1225774 SUSE Bug 1225774 https://bugzilla.suse.com/1226110 SUSE Bug 1226110 https://bugzilla.suse.com/487912 SUSE Bug 487912 https://www.suse.com/security/cve/CVE-2024-36041/ SUSE CVE CVE-2024-36041 page SUSE Package Hub 15 SP6 openSUSE Leap 15.6 gmenudbusmenuproxy-5.27.11-bp156.3.3.1 plasma5-session-5.27.11-bp156.3.3.1 plasma5-session-wayland-5.27.11-bp156.3.3.1 plasma5-workspace-5.27.11-bp156.3.3.1 plasma5-workspace-devel-5.27.11-bp156.3.3.1 plasma5-workspace-lang-5.27.11-bp156.3.3.1 plasma5-workspace-libs-5.27.11-bp156.3.3.1 xembedsniproxy-5.27.11-bp156.3.3.1 gmenudbusmenuproxy-5.27.11-bp156.3.3.1 as a component of SUSE Package Hub 15 SP6 plasma5-session-5.27.11-bp156.3.3.1 as a component of SUSE Package Hub 15 SP6 plasma5-session-wayland-5.27.11-bp156.3.3.1 as a component of SUSE Package Hub 15 SP6 plasma5-workspace-5.27.11-bp156.3.3.1 as a component of SUSE Package Hub 15 SP6 plasma5-workspace-devel-5.27.11-bp156.3.3.1 as a component of SUSE Package Hub 15 SP6 plasma5-workspace-lang-5.27.11-bp156.3.3.1 as a component of SUSE Package Hub 15 SP6 plasma5-workspace-libs-5.27.11-bp156.3.3.1 as a component of SUSE Package Hub 15 SP6 xembedsniproxy-5.27.11-bp156.3.3.1 as a component of SUSE Package Hub 15 SP6 gmenudbusmenuproxy-5.27.11-bp156.3.3.1 as a component of openSUSE Leap 15.6 plasma5-session-5.27.11-bp156.3.3.1 as a component of openSUSE Leap 15.6 plasma5-session-wayland-5.27.11-bp156.3.3.1 as a component of openSUSE Leap 15.6 plasma5-workspace-5.27.11-bp156.3.3.1 as a component of openSUSE Leap 15.6 plasma5-workspace-devel-5.27.11-bp156.3.3.1 as a component of openSUSE Leap 15.6 plasma5-workspace-lang-5.27.11-bp156.3.3.1 as a component of openSUSE Leap 15.6 plasma5-workspace-libs-5.27.11-bp156.3.3.1 as a component of openSUSE Leap 15.6 xembedsniproxy-5.27.11-bp156.3.3.1 as a component of openSUSE Leap 15.6 KSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This allows another user on the same machine to gain access to the session manager, e.g., use the session-restore feature to execute arbitrary code as the victim (on the next boot) via earlier use of the /tmp directory. CVE-2024-36041 SUSE Package Hub 15 SP6:gmenudbusmenuproxy-5.27.11-bp156.3.3.1 SUSE Package Hub 15 SP6:plasma5-session-5.27.11-bp156.3.3.1 SUSE Package Hub 15 SP6:plasma5-session-wayland-5.27.11-bp156.3.3.1 SUSE Package Hub 15 SP6:plasma5-workspace-5.27.11-bp156.3.3.1 SUSE Package Hub 15 SP6:plasma5-workspace-devel-5.27.11-bp156.3.3.1 SUSE Package Hub 15 SP6:plasma5-workspace-lang-5.27.11-bp156.3.3.1 SUSE Package Hub 15 SP6:plasma5-workspace-libs-5.27.11-bp156.3.3.1 SUSE Package Hub 15 SP6:xembedsniproxy-5.27.11-bp156.3.3.1 openSUSE Leap 15.6:gmenudbusmenuproxy-5.27.11-bp156.3.3.1 openSUSE Leap 15.6:plasma5-session-5.27.11-bp156.3.3.1 openSUSE Leap 15.6:plasma5-session-wayland-5.27.11-bp156.3.3.1 openSUSE Leap 15.6:plasma5-workspace-5.27.11-bp156.3.3.1 openSUSE Leap 15.6:plasma5-workspace-devel-5.27.11-bp156.3.3.1 openSUSE Leap 15.6:plasma5-workspace-lang-5.27.11-bp156.3.3.1 openSUSE Leap 15.6:plasma5-workspace-libs-5.27.11-bp156.3.3.1 openSUSE Leap 15.6:xembedsniproxy-5.27.11-bp156.3.3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VXFL4FV75KKEUKXI3LJ5OTFGTIP4IVYA/ https://www.suse.com/security/cve/CVE-2024-36041.html CVE-2024-36041 https://bugzilla.suse.com/1225774 SUSE Bug 1225774