Wednesday, June 26, 2024

[USN-6843-1] Plasma Workspace vulnerability

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmZ8MGoACgkQZWnYVadE
vpN3Jg//amSVyTv5nLK8xRqRfmCa581aPDo68HkvLAg+dLRw/guLZfgoV4SyWmJ4
uNSibVSbEdXj5PTPsPK48YFTkZJrloQZvQiLqX1Y3foeoceDOsQpBKbVQ7ANs+df
dTmkaMIiOR41ZqxMYxU866hmVg5lCJL95Cwjy+qm9rCiCw7kzfsaNdSiuAQrpxR1
3CoTqdS7/k43kOPrGiZbMUqfZR03bTSz/3nrh+rJy6JpHFjOzWY2SUD919zVTeVr
gp/zovrR5TY4fBbVsUWfrwqHLoFJ0pmhckFHnDqv5OXZKNAFHbW8LpSd2VaNTRCV
G+bqGOZz1ug2qxTIOgge0Kl4W1g5bIQBOP/EQI35i4M76VR3Y5G+Lr8EYHs0ffsh
cAef0rMqucClsUCtLUuU+oanxuqS1jmhTeEdlTqK607+fFsJhvOQ721CyH5+lDc0
rSNfs0XhHBqFndbljKGafZZ+X+IAyPlRsJV7rRg7L9sdJuW74FQ/wByCISyHo0Tq
TSYn5OacZm20TwqQDK7rrvKTcFkV1iah0CB+YMpowMJzKJppTzZQOqgLJSwOCcVl
SNln3eapDMBPExTmbbHhOCMVYg+8KnR8kpB8InRQiN0Np/uxgBUTxhm2VHWs3o2K
aWL1b6eWqIUXWLwDi8hEbCGI++79pn2z9gHcq9C+17HkOTLZckQ=
=dwWM
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6843-1
June 26, 2024

plasma-workspace vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

plasma-workspace would allow unintended access to the session manager.

Software Description:
- plasma-workspace: Plasma Workspace for KF5

Details:

Fabian Vogt discovered that Plasma Workspace incorrectly handled
connections via ICE. A local attacker could possibly use this issue to
gain access to another user's session manager and execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
plasma-workspace 4:5.27.11-0ubuntu4.1

Ubuntu 23.10
plasma-workspace 4:5.27.8-0ubuntu1.1

Ubuntu 22.04 LTS
plasma-workspace 4:5.24.7-0ubuntu0.2

Ubuntu 20.04 LTS
plasma-workspace 4:5.18.8-0ubuntu0.2

After a standard system update you need to reboot your computer to make all
the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6843-1
CVE-2024-36041

Package Information:
https://launchpad.net/ubuntu/+source/plasma-workspace/4:5.27.11-0ubuntu4.1
https://launchpad.net/ubuntu/+source/plasma-workspace/4:5.27.8-0ubuntu1.1
https://launchpad.net/ubuntu/+source/plasma-workspace/4:5.24.7-0ubuntu0.2
https://launchpad.net/ubuntu/+source/plasma-workspace/4:5.18.8-0ubuntu0.2

No comments:

Post a Comment