Multiple vulnerabilities have been found in KDE Plasma Workspaces, the worst of which allows local attackers to execute arbitrary commands.
Package | kde-plasma/plasma-workspace on all architectures |
---|---|
Affected versions | < 5.11.5-r1 |
Unaffected versions | >= 5.11.5-r1 |
KDE Plasma workspace is a widget based desktop environment designed to be fast and efficient.
Multiple vulnerabilities have been discovered in KDE Plasma Workspaces. Please review the referenced CVE identifiers for details.
An attacker could execute arbitrary commands via specially crafted thumb drive’s volume labels or obtain sensitive information via specially crafted notifications.
Users should mount removable devices with Dolphin instead of the device notifier.
Users should disable notifications.
All KDE Plasma Workspace users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=kde-plasma/plasma-workspace-5.11.5-r1"
Release date
March 19, 2018
Latest revision
March 19, 2018: 1
Severity
normal
Exploitable
local, remote
Bugzilla entries