plasma6-session-6.0.5-2.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:14018-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z plasma6-session-6.0.5-2.1 on GA media These are all security issues fixed in the plasma6-session-6.0.5-2.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-14018 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2024-36041/ SUSE CVE CVE-2024-36041 page openSUSE Tumbleweed plasma6-session-6.0.5-2.1 plasma6-session-x11-6.0.5-2.1 plasma6-workspace-6.0.5-2.1 plasma6-workspace-devel-6.0.5-2.1 plasma6-workspace-lang-6.0.5-2.1 plasma6-workspace-libs-6.0.5-2.1 sddm-qt6-branding-openSUSE-6.0.5-2.1 plasma6-session-6.0.5-2.1 as a component of openSUSE Tumbleweed plasma6-session-x11-6.0.5-2.1 as a component of openSUSE Tumbleweed plasma6-workspace-6.0.5-2.1 as a component of openSUSE Tumbleweed plasma6-workspace-devel-6.0.5-2.1 as a component of openSUSE Tumbleweed plasma6-workspace-lang-6.0.5-2.1 as a component of openSUSE Tumbleweed plasma6-workspace-libs-6.0.5-2.1 as a component of openSUSE Tumbleweed sddm-qt6-branding-openSUSE-6.0.5-2.1 as a component of openSUSE Tumbleweed KSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This allows another user on the same machine to gain access to the session manager, e.g., use the session-restore feature to execute arbitrary code as the victim (on the next boot) via earlier use of the /tmp directory. CVE-2024-36041 openSUSE Tumbleweed:plasma6-session-6.0.5-2.1 openSUSE Tumbleweed:plasma6-session-x11-6.0.5-2.1 openSUSE Tumbleweed:plasma6-workspace-6.0.5-2.1 openSUSE Tumbleweed:plasma6-workspace-devel-6.0.5-2.1 openSUSE Tumbleweed:plasma6-workspace-lang-6.0.5-2.1 openSUSE Tumbleweed:plasma6-workspace-libs-6.0.5-2.1 openSUSE Tumbleweed:sddm-qt6-branding-openSUSE-6.0.5-2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-36041.html CVE-2024-36041 https://bugzilla.suse.com/1225774 SUSE Bug 1225774