A vulnerability in kpmcore could result in privilege escalation.
|Package||sys-libs/kpmcore on all architectures|
|Affected versions||< 4.2.0|
|Unaffected versions||>= 4.2.0|
KPMcore, the KDE Partition Manager core, is a library for examining and modifying partitions, disk devices, and filesystems on a Linux system. It provides a unified programming interface over top of (external) system-manipulation tools.
Improper checks on the D-Bus request received resulted in improper protection for /etc/fstab.
An attacker could esclate privileges to root by exploiting this vulnerability.
There is no known workaround at this time.
All KPMCore users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=sys-libs/kpmcore-4.2.0"
November 03, 2020
November 03, 2020: 1