Diffusion FreeBSD ports repository rP440556

kf5-kauth
rP440556
Actions

Description

Add upstream fixes for CVE-2017-8422 to x11/kdelibs4 and devel/kf5-kauth

KAuth contains a logic flaw in which the service invoking dbus
is not properly checked.

This allows spoofing the identity of the caller and with some
carefully crafted calls can lead to gaining root from an
unprivileged account.

https://www.kde.org/info/security/advisory-20170510-1.txt

Reviewed by: rakuco
Approved by: rakuco (mentor)
Obtained from: https://www.kde.org/info/security/advisory-20170510-1.txt
MFH: 2017Q2
Security: CVE-2017-8422
Differential Revision: https://reviews.freebsd.org/D10660

Details

Provenance

tcberner

Authored on

Reviewer

rakuco

Differential Revision

D10660: Add patches for CVE-2017-8422 in x11/kdelibs4 and devel/kf5-kauth

Parents

rP440555: Document kauth privilege escalation.

Branches

Unknown

Tags

Unknown

Event Timeline

tcberner committed rP440556: Add upstream fixes for CVE-2017-8422 to x11/kdelibs4 and devel/kf5-kauth.May 10 2017, 12:03 PM

Changes (5)

Path

Size

head/

devel/

kf5-kauth/

Makefile

files

patch-git_df875f7_CVE-2017-8422

x11/

kdelibs4/

Makefile

files/

patch-git_264e976_CVE-2017-8422

rP440556

View Options

head/devel/kf5-kauth/Makefile

View Options

head/devel/kf5-kauth/files/

View Options

head/devel/kf5-kauth/files/patch-git_df875f7_CVE-2017-8422

View Options

head/x11/kdelibs4/Makefile

View Options

head/x11/kdelibs4/files/patch-git_264e976_CVE-2017-8422

Add upstream fixes for CVE-2017-8422 to x11/kdelibs4 and devel/kf5-kauthrP440556Actions

Description

Details

Event Timeline

Changes (5)

rP440556

head/devel/kf5-kauth/Makefile

head/devel/kf5-kauth/files/

head/devel/kf5-kauth/files/patch-git_df875f7_CVE-2017-8422

head/x11/kdelibs4/Makefile

head/x11/kdelibs4/files/patch-git_264e976_CVE-2017-8422

Add upstream fixes for CVE-2017-8422 to x11/kdelibs4 and devel/kf5-kauth
rP440556
Actions