kauth-devel-5.86.0-1.2 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10887-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z kauth-devel-5.86.0-1.2 on GA media These are all security issues fixed in the kauth-devel-5.86.0-1.2 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10887 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2017-8422/ SUSE CVE CVE-2017-8422 page https://www.suse.com/security/cve/CVE-2019-7443/ SUSE CVE CVE-2019-7443 page openSUSE Tumbleweed kauth-devel-5.86.0-1.2 libKF5Auth5-5.86.0-1.2 libKF5Auth5-lang-5.86.0-1.2 libKF5AuthCore5-5.86.0-1.2 kauth-devel-5.86.0-1.2 as a component of openSUSE Tumbleweed libKF5Auth5-5.86.0-1.2 as a component of openSUSE Tumbleweed libKF5Auth5-lang-5.86.0-1.2 as a component of openSUSE Tumbleweed libKF5AuthCore5-5.86.0-1.2 as a component of openSUSE Tumbleweed KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app. CVE-2017-8422 openSUSE Tumbleweed:kauth-devel-5.86.0-1.2 openSUSE Tumbleweed:libKF5Auth5-5.86.0-1.2 openSUSE Tumbleweed:libKF5Auth5-lang-5.86.0-1.2 openSUSE Tumbleweed:libKF5AuthCore5-5.86.0-1.2 important 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-8422.html CVE-2017-8422 https://bugzilla.suse.com/1033300 SUSE Bug 1033300 https://bugzilla.suse.com/1036244 SUSE Bug 1036244 https://bugzilla.suse.com/1041511 SUSE Bug 1041511 https://bugzilla.suse.com/749065 SUSE Bug 749065 https://bugzilla.suse.com/869959 SUSE Bug 869959 KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability. CVE-2019-7443 openSUSE Tumbleweed:kauth-devel-5.86.0-1.2 openSUSE Tumbleweed:libKF5Auth5-5.86.0-1.2 openSUSE Tumbleweed:libKF5Auth5-lang-5.86.0-1.2 openSUSE Tumbleweed:libKF5AuthCore5-5.86.0-1.2 moderate 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-7443.html CVE-2019-7443 https://bugzilla.suse.com/1124863 SUSE Bug 1124863 https://bugzilla.suse.com/1170293 SUSE Bug 1170293