HomeFreeBSD

devel/kf5-kauth: add fix for CVE-2019-7443

Description

devel/kf5-kauth: add fix for CVE-2019-7443

From https://www.kde.org/info/security/advisory-20190209-1.txt :

KDE Project Security Advisory

Title: kauth: Insecure handling of arguments in helpers
Risk Rating: Medium
CVE: CVE-2019-7443
Versions: KDE Frameworks < 5.55.0
Date: 9 February 2019

Overview

KAuth allows to pass parameters with arbitrary types to helpers running as root
over DBus. Certain types can cause crashes and trigger decoding arbitrary
images with dynamically loaded plugins.

Solution

Update to kauth >= 5.55.0

Or apply the following patch to kauth:
https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a

Credits

Thanks to Fabian Vogt for the report and Albert Astals Cid for the fix.

MFH: 2019Q1
Security: CVE-2019-7443

Details

Committed
tcbernerFeb 10 2019, 6:04 PM
Parents
rP492622: Document kf5-kauth vulnerability.
Branches
Unknown
Tags
Unknown