Multiple vulnerabilities have been found in KDE Plasma Workspaces, the worst of which allows local attackers to execute arbitrary commands.
|Package||kde-plasma/plasma-workspace on all architectures|
|Affected versions||< 5.11.5-r1|
|Unaffected versions||>= 5.11.5-r1|
KDE Plasma workspace is a widget based desktop environment designed to be fast and efficient.
Multiple vulnerabilities have been discovered in KDE Plasma Workspaces. Please review the referenced CVE identifiers for details.
An attacker could execute arbitrary commands via specially crafted thumb drive’s volume labels or obtain sensitive information via specially crafted notifications.
Users should mount removable devices with Dolphin instead of the device notifier.
Users should disable notifications.
All KDE Plasma Workspace users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=kde-plasma/plasma-workspace-5.11.5-r1"
March 19, 2018
March 19, 2018: 1