Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.0494 plasma-workspace security update 19 February 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: plasma-workspace Publisher: Debian Operating System: Debian GNU/Linux 9 UNIX variants (UNIX, Linux, OSX) Impact/Access: Execute Arbitrary Code/Commands -- Console/Physical Resolution: Patch/Upgrade CVE Names: CVE-2018-6791 Original Bulletin: http://www.debian.org/security/2018/dsa-4116 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running plasma-workspace check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4116-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 16, 2018 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : plasma-workspace CVE ID : CVE-2018-6791 Krzysztof Sieluzycki discovered that the notifier for removable devices in the KDE Plasma workspace performed insufficient sanitisation of FAT/VFAT volume labels, which could result in the execution of arbitrary shell commands if a removable device with a malformed disk label is mounted. For the stable distribution (stretch), this problem has been fixed in version 4:5.8.6-2.1+deb9u1. We recommend that you upgrade your plasma-workspace packages. For the detailed security status of plasma-workspace please refer to its security tracker page at: https://security-tracker.debian.org/tracker/plasma-workspace Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlqHQqIACgkQEMKTtsN8 TjZY3RAAkUCktNs6NXdNera66uIPSr6OgvNwMzpkTGDRogtAxQpNoDBoDOK/GgjF YhOVvh/8t5oL4e1n8S04pVP7yj9dXzP80d9MTleoNqtkxBIPESdUISOSsxWaTI8+ fRiBH9YqKFeSV332KKVke7PXUGoAJNJiLgtaMX7spSE88LNbm8pzGOd/I9js54bf bppqZnnUWvBwWPpJAqZis5LSWK+2+qXeJBm76nE1WVxooncQ0KPWUhnIFwODeAJT ALhTMCzvlXBVV7HaslA8CCBitw+l0kv+g7R5rg0uAZIzd3vYjroG/Lp5cXitb5ls L9CjAKTsqBIdFIOj8jwyNE+Dj2QQFYBufl/LNJwpkPlcO+sCk26OshYoIWiCjJ9w qO+vL4zq2ihdV6ihfwPtXEvBuCUGpQBJitWl5wGnBBlqLp7yxpoiTrtnkd8jEeUz LerxBfUEtCHDrOyR1MTqzufNBc4+hAkRINq8DwOjE4Ku5nY4cyAhCyMKmIT0GF1f JD7DoHbOu2cStWP/l9HrjEthto6py16Ua4eo7qSbSCKWIfv/VdV6IqEVa+LQbzox DiepHeq/j8aufZAS06giYQKhnG7n1rTrn0qqI/y1mcw5jmTmU/gMymVc4Ux72bkr 8qOI8Tw5614YnWDDaQXuYrpvhX7QIxGOVw6hTwyE9ePaN56zxHY= =tzeQ - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWopfJox+lLeg9Ub1AQgRIQ//WmR399KBdQCxDPz7sOnRIumUQkaAGBfG 7COL5s72VU85ntUic+7C/zuNa/8Ax36tf1pYNG4ASOulp7KJIyXiHfQiivbGQd2w wzCN85zfNx/w3i11asxdmS+f0Y5xvkThmsrhG1Sr5M9+RNBrbiTqu5PQTHgxlEaF bvWXEPH5/DmP55XombFgFuHpHA095eTh4jXhKZ/43EORff8JYdC3numY/jiSh131 P+QeF4w24qo202gMm98Q+a/VqOtq8mHOyM+0UThOYWylL30jjglX3PwhAkRBzGhY Q0d0gvUsFpTPCzX6UIgVtY6wJltpKa7Ey/TGXakPXmiyzyzmaUrgzqE4cX4kVBC7 A/VTBlB4NZilEbElkMPvFysBHdNzEJrS9BwwaRQIhJoC8cPRNzofoAkPR9XtlH2T zz4xdfF8xwILFp2ySUK6OIc4yldFwl6OUgKW3w5+0AKMrXvM50AVj0CHSk2QAlIZ 46DHsfwTGs03rx/WAiWfgmJ80ttYSfvFjSajrQDDwDQE8a7+oQyNoKUePvxHADl+ ccLpt6VRqRnaKjplGaWZU6EPKhWtaFASDe9ELFgMkdT9opa4uMmYW11lsSItugzw pDE9dJCE9BHS0AnXF5v3rn6jU8C0FovwQAeDEfbcSOwhQrsvabWb800t7RVdoTnb aH1R5zy5SXs= =0byR -----END PGP SIGNATURE-----