GLSA-201803-09 : KDE Plasma Workspaces: Multiple vulnerabilities
2018-03-19T00:00:00
ID GENTOO_GLSA-201803-09.NASL Type nessus Reporter This script is Copyright (C) 2018 Tenable Network Security, Inc. Modified 2019-12-02T00:00:00
Description
The remote host is affected by the vulnerability described in GLSA-201803-09
(KDE Plasma Workspaces: Multiple vulnerabilities)
Multiple vulnerabilities have been discovered in KDE Plasma Workspaces.
Please review the referenced CVE identifiers for details.
Impact :
An attacker could execute arbitrary commands via specially crafted thumb
drive’s volume labels or obtain sensitive information via specially
crafted notifications.
Workaround :
Users should mount removable devices with Dolphin instead of the device
notifier.
Users should disable notifications.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 201803-09.
#
# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#
include("compat.inc");
if (description)
{
script_id(108435);
script_version("1.2");
script_cvs_date("Date: 2018/06/07 13:15:38");
script_cve_id("CVE-2018-6790", "CVE-2018-6791");
script_xref(name:"GLSA", value:"201803-09");
script_name(english:"GLSA-201803-09 : KDE Plasma Workspaces: Multiple vulnerabilities");
script_summary(english:"Checks for updated package(s) in /var/db/pkg");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Gentoo host is missing one or more security-related
patches."
);
script_set_attribute(
attribute:"description",
value:
"The remote host is affected by the vulnerability described in GLSA-201803-09
(KDE Plasma Workspaces: Multiple vulnerabilities)
Multiple vulnerabilities have been discovered in KDE Plasma Workspaces.
Please review the referenced CVE identifiers for details.
Impact :
An attacker could execute arbitrary commands via specially crafted thumb
drive’s volume labels or obtain sensitive information via specially
crafted notifications.
Workaround :
Users should mount removable devices with Dolphin instead of the device
notifier.
Users should disable notifications."
);
script_set_attribute(
attribute:"see_also",
value:"https://security.gentoo.org/glsa/201803-09"
);
script_set_attribute(
attribute:"solution",
value:
"All KDE Plasma Workspace users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose
'>=kde-plasma/plasma-workspace-5.11.5-r1'"
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:plasma-workspace");
script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
script_set_attribute(attribute:"patch_publication_date", value:"2018/03/19");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/19");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2018 Tenable Network Security, Inc.");
script_family(english:"Gentoo Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (qpkg_check(package:"kde-plasma/plasma-workspace", unaffected:make_list("ge 5.11.5-r1"), vulnerable:make_list("lt 5.11.5-r1"))) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
else security_hole(0);
exit(0);
}
else
{
tested = qpkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "KDE Plasma Workspaces");
}
{"id": "GENTOO_GLSA-201803-09.NASL", "bulletinFamily": "scanner", "title": "GLSA-201803-09 : KDE Plasma Workspaces: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-201803-09\n(KDE Plasma Workspaces: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in KDE Plasma Workspaces.\n Please review the referenced CVE identifiers for details.\n \nImpact :\n\n An attacker could execute arbitrary commands via specially crafted thumb\n drive’s volume labels or obtain sensitive information via specially\n crafted notifications.\n \nWorkaround :\n\n Users should mount removable devices with Dolphin instead of the device\n notifier.\n Users should disable notifications.", "published": "2018-03-19T00:00:00", "modified": "2019-12-02T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/108435", "reporter": "This script is Copyright (C) 2018 Tenable Network Security, Inc.", "references": ["https://security.gentoo.org/glsa/201803-09"], "cvelist": ["CVE-2018-6790", "CVE-2018-6791"], "type": "nessus", "lastseen": "2019-12-13T07:36:03", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:plasma-workspace"], "cvelist": ["CVE-2018-6790", "CVE-2018-6791"], "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The remote host is affected by the vulnerability described in GLSA-201803-09\n(KDE Plasma Workspaces: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in KDE Plasma Workspaces.\n Please review the referenced CVE identifiers for details.\nImpact :\n\n An attacker could execute arbitrary commands via specially crafted thumb\n drive’s volume labels or obtain sensitive information via specially\n crafted notifications.\nWorkaround :\n\n Users should mount removable devices with Dolphin instead of the device\n notifier.\n Users should disable notifications.", "edition": 5, "enchantments": {"dependencies": {"modified": "2019-01-16T20:33:15", "references": [{"idList": ["GLSA-201803-09"], "type": "gentoo"}, {"idList": ["DEBIAN_DSA-4116.NASL", "FEDORA_2018-337757E11F.NASL", "FEDORA_2018-FA58E0C507.NASL", "OPENSUSE-2018-147.NASL"], "type": "nessus"}, {"idList": ["OPENVAS:1361412562310704116", "OPENVAS:1361412562310851697", "OPENVAS:1361412562310874134"], "type": "openvas"}, {"idList": ["OPENSUSE-SU-2018:0397-1", "OPENSUSE-SU-2018:0398-1"], "type": "suse"}, {"idList": ["DEBIAN:DSA-4116-1:FDDE7"], "type": "debian"}, {"idList": ["CVE-2018-6790", "CVE-2018-6791"], "type": "cve"}]}, "score": {"value": 7.5, "vector": "NONE"}}, "hash": "38a24d4a0b005a5694c12746dd8e3fc21962452ae4bed73db52b6174b09c8a59", "hashmap": [{"hash": "cfd16da9581e0c21db590e40dfd9e493", "key": "cvss"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "efaeb0f162f8d0681b4fdf6cb71fab22", "key": "description"}, {"hash": "78b633596d8b6053372735d06553e837", "key": "cpe"}, {"hash": "9aadbfcd7f2ef6f356fc5adf8d37694d", "key": "cvelist"}, {"hash": "febf06d268a1c02357ad9273ac1dd189", "key": "href"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "27ea5e6775ab5a1e9b8e7950add566df", "key": "pluginID"}, {"hash": "e19ad0425a6553a20b362f59124d2f30", "key": "modified"}, {"hash": "dd71e9dbe63a7304db2b6a438056eded", "key": "sourceData"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}, {"hash": "76e8782b29cfd39782ffd31ec97c3583", "key": "published"}, {"hash": "47bd682f4591450ea7eaa9d36e8c125e", "key": "references"}, {"hash": "965cc58a8aa8073e6aaf5db233f25c6d", "key": "title"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=108435", "id": "GENTOO_GLSA-201803-09.NASL", "lastseen": "2019-01-16T20:33:15", "modified": "2018-06-07T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "108435", "published": "2018-03-19T00:00:00", "references": ["https://security.gentoo.org/glsa/201803-09"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201803-09.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108435);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/06/07 13:15:38\");\n\n script_cve_id(\"CVE-2018-6790\", \"CVE-2018-6791\");\n script_xref(name:\"GLSA\", value:\"201803-09\");\n\n script_name(english:\"GLSA-201803-09 : KDE Plasma Workspaces: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201803-09\n(KDE Plasma Workspaces: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in KDE Plasma Workspaces.\n Please review the referenced CVE identifiers for details.\n \nImpact :\n\n An attacker could execute arbitrary commands via specially crafted thumb\n drive’s volume labels or obtain sensitive information via specially\n crafted notifications.\n \nWorkaround :\n\n Users should mount removable devices with Dolphin instead of the device\n notifier.\n Users should disable notifications.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201803-09\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All KDE Plasma Workspace users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=kde-plasma/plasma-workspace-5.11.5-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:plasma-workspace\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"kde-plasma/plasma-workspace\", unaffected:make_list(\"ge 5.11.5-r1\"), vulnerable:make_list(\"lt 5.11.5-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"KDE Plasma Workspaces\");\n}\n", "title": "GLSA-201803-09 : KDE Plasma Workspaces: Multiple vulnerabilities", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 5, "lastseen": "2019-01-16T20:33:15"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:plasma-workspace"], "cvelist": ["CVE-2018-6790", "CVE-2018-6791"], "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The remote host is affected by the vulnerability described in GLSA-201803-09 (KDE Plasma Workspaces: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in KDE Plasma Workspaces.\n Please review the referenced CVE identifiers for details.\n Impact :\n\n An attacker could execute arbitrary commands via specially crafted thumb drive’s volume labels or obtain sensitive information via specially crafted notifications.\n Workaround :\n\n Users should mount removable devices with Dolphin instead of the device notifier.\n Users should disable notifications.", "edition": 6, "enchantments": {"dependencies": {"modified": "2019-02-21T01:37:30", "references": [{"idList": ["GLSA-201803-09"], "type": "gentoo"}, {"idList": ["ELSA-2019-2141"], "type": "oraclelinux"}, {"idList": ["DEBIAN_DSA-4116.NASL", "FEDORA_2018-337757E11F.NASL", "FEDORA_2018-FA58E0C507.NASL", "OPENSUSE-2018-147.NASL"], "type": "nessus"}, {"idList": ["OPENVAS:1361412562310704116", "OPENVAS:1361412562310851697", "OPENVAS:1361412562310874134"], "type": "openvas"}, {"idList": ["OPENSUSE-SU-2018:0397-1", "OPENSUSE-SU-2018:0398-1"], "type": "suse"}, {"idList": ["RHSA-2019:2141"], "type": "redhat"}, {"idList": ["DEBIAN:DSA-4116-1:FDDE7"], "type": "debian"}, {"idList": ["CESA-2019:2141"], "type": "centos"}, {"idList": ["CVE-2018-6790", "CVE-2018-6791"], "type": "cve"}]}, "score": {"modified": "2019-02-21T01:37:30", "value": 8.0, "vector": "NONE"}}, "hash": "b68e3e4dd9155a5cdb5e054cf0646085b893d666c8f2ee56e2008c4d3d3899e8", "hashmap": [{"hash": "9ee65a20208b5461753d5ac8a406d9e4", "key": "description"}, {"hash": "cfd16da9581e0c21db590e40dfd9e493", "key": "cvss"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "78b633596d8b6053372735d06553e837", "key": "cpe"}, {"hash": "9aadbfcd7f2ef6f356fc5adf8d37694d", "key": "cvelist"}, {"hash": "febf06d268a1c02357ad9273ac1dd189", "key": "href"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "27ea5e6775ab5a1e9b8e7950add566df", "key": "pluginID"}, {"hash": "e19ad0425a6553a20b362f59124d2f30", "key": "modified"}, {"hash": "dd71e9dbe63a7304db2b6a438056eded", "key": "sourceData"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}, {"hash": "76e8782b29cfd39782ffd31ec97c3583", "key": "published"}, {"hash": "47bd682f4591450ea7eaa9d36e8c125e", "key": "references"}, {"hash": "965cc58a8aa8073e6aaf5db233f25c6d", "key": "title"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=108435", "id": "GENTOO_GLSA-201803-09.NASL", "lastseen": "2019-02-21T01:37:30", "modified": "2018-06-07T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "108435", "published": "2018-03-19T00:00:00", "references": ["https://security.gentoo.org/glsa/201803-09"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201803-09.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108435);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/06/07 13:15:38\");\n\n script_cve_id(\"CVE-2018-6790\", \"CVE-2018-6791\");\n script_xref(name:\"GLSA\", value:\"201803-09\");\n\n script_name(english:\"GLSA-201803-09 : KDE Plasma Workspaces: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201803-09\n(KDE Plasma Workspaces: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in KDE Plasma Workspaces.\n Please review the referenced CVE identifiers for details.\n \nImpact :\n\n An attacker could execute arbitrary commands via specially crafted thumb\n drive’s volume labels or obtain sensitive information via specially\n crafted notifications.\n \nWorkaround :\n\n Users should mount removable devices with Dolphin instead of the device\n notifier.\n Users should disable notifications.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201803-09\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All KDE Plasma Workspace users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=kde-plasma/plasma-workspace-5.11.5-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:plasma-workspace\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"kde-plasma/plasma-workspace\", unaffected:make_list(\"ge 5.11.5-r1\"), vulnerable:make_list(\"lt 5.11.5-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"KDE Plasma Workspaces\");\n}\n", "title": "GLSA-201803-09 : KDE Plasma Workspaces: Multiple vulnerabilities", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss", "description", "reporter", "modified", "href"], "edition": 6, "lastseen": "2019-02-21T01:37:30"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:plasma-workspace"], "cvelist": ["CVE-2018-6790", "CVE-2018-6791"], "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "description": "The remote host is affected by the vulnerability described in GLSA-201803-09\n(KDE Plasma Workspaces: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in KDE Plasma Workspaces.\n Please review the referenced CVE identifiers for details.\n \nImpact :\n\n An attacker could execute arbitrary commands via specially crafted thumb\n drive’s volume labels or obtain sensitive information via specially\n crafted notifications.\n \nWorkaround :\n\n Users should mount removable devices with Dolphin instead of the device\n notifier.\n Users should disable notifications.", "edition": 8, "enchantments": {"dependencies": {"modified": "2019-11-01T02:41:36", "references": [{"idList": ["GLSA-201803-09"], "type": "gentoo"}, {"idList": ["ELSA-2019-2141"], "type": "oraclelinux"}, {"idList": ["OPENVAS:1361412562310704116", "OPENVAS:1361412562310851697", "OPENVAS:1361412562310874134"], "type": "openvas"}, {"idList": ["OPENSUSE-SU-2018:0397-1", "OPENSUSE-SU-2018:0398-1"], "type": "suse"}, {"idList": ["RHSA-2019:2141"], "type": "redhat"}, {"idList": ["DEBIAN:DSA-4116-1:FDDE7"], "type": "debian"}, {"idList": ["CESA-2019:2141"], "type": "centos"}, {"idList": ["CVE-2018-6790", "CVE-2018-6791"], "type": "cve"}, {"idList": ["DEBIAN_DSA-4116.NASL", "CENTOS_RHSA-2019-2141.NASL", "FEDORA_2018-337757E11F.NASL", "FEDORA_2018-FA58E0C507.NASL", "REDHAT-RHSA-2019-2141.NASL", "SL_20190806_KDE_WORKSPACE_ON_SL7_X.NASL", "OPENSUSE-2018-147.NASL"], "type": "nessus"}]}, "score": {"modified": "2019-11-01T02:41:36", "value": 8.0, "vector": "NONE"}}, "hash": "4e3c4e09998ac38deb37d33dde1228b350732737262d292f7f534bfdb3c2106d", "hashmap": [{"hash": "8a023c8f40e1ac111671380c0112460f", "key": "href"}, {"hash": "abcf9266f425f12dda38f529cd4a94bc", "key": "modified"}, {"hash": "34ba8bb8c8715ba1907c4f732100d7a8", "key": "description"}, {"hash": "78b633596d8b6053372735d06553e837", "key": "cpe"}, {"hash": "68acb54a0eb97fdbbfdf108ab8173bac", "key": "reporter"}, {"hash": "9aadbfcd7f2ef6f356fc5adf8d37694d", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "27ea5e6775ab5a1e9b8e7950add566df", "key": "pluginID"}, {"hash": "dd71e9dbe63a7304db2b6a438056eded", "key": "sourceData"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}, {"hash": "76e8782b29cfd39782ffd31ec97c3583", "key": "published"}, {"hash": "47bd682f4591450ea7eaa9d36e8c125e", "key": "references"}, {"hash": "965cc58a8aa8073e6aaf5db233f25c6d", "key": "title"}, {"hash": "f74481c4d3fb2a622ac8c8a438ded811", "key": "cvss"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/108435", "id": "GENTOO_GLSA-201803-09.NASL", "lastseen": "2019-11-01T02:41:36", "modified": "2019-11-02T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "108435", "published": "2018-03-19T00:00:00", "references": ["https://security.gentoo.org/glsa/201803-09"], "reporter": "This script is Copyright (C) 2018 Tenable Network Security, Inc.", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201803-09.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108435);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/06/07 13:15:38\");\n\n script_cve_id(\"CVE-2018-6790\", \"CVE-2018-6791\");\n script_xref(name:\"GLSA\", value:\"201803-09\");\n\n script_name(english:\"GLSA-201803-09 : KDE Plasma Workspaces: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201803-09\n(KDE Plasma Workspaces: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in KDE Plasma Workspaces.\n Please review the referenced CVE identifiers for details.\n \nImpact :\n\n An attacker could execute arbitrary commands via specially crafted thumb\n drive’s volume labels or obtain sensitive information via specially\n crafted notifications.\n \nWorkaround :\n\n Users should mount removable devices with Dolphin instead of the device\n notifier.\n Users should disable notifications.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201803-09\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All KDE Plasma Workspace users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=kde-plasma/plasma-workspace-5.11.5-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:plasma-workspace\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"kde-plasma/plasma-workspace\", unaffected:make_list(\"ge 5.11.5-r1\"), vulnerable:make_list(\"lt 5.11.5-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"KDE Plasma Workspaces\");\n}\n", "title": "GLSA-201803-09 : KDE Plasma Workspaces: Multiple vulnerabilities", "type": "nessus", "viewCount": 0}, "differentElements": ["modified"], "edition": 8, "lastseen": "2019-11-01T02:41:36"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:plasma-workspace"], "cvelist": ["CVE-2018-6790", "CVE-2018-6791"], "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "The remote host is affected by the vulnerability described in GLSA-201803-09 (KDE Plasma Workspaces: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in KDE Plasma Workspaces.\n Please review the referenced CVE identifiers for details.\n Impact :\n\n An attacker could execute arbitrary commands via specially crafted thumb drive’s volume labels or obtain sensitive information via specially crafted notifications.\n Workaround :\n\n Users should mount removable devices with Dolphin instead of the device notifier.\n Users should disable notifications.", "edition": 2, "enchantments": {"score": {"value": 7.5, "vector": "NONE"}}, "hash": "b68e3e4dd9155a5cdb5e054cf0646085b893d666c8f2ee56e2008c4d3d3899e8", "hashmap": [{"hash": "9ee65a20208b5461753d5ac8a406d9e4", "key": "description"}, {"hash": "cfd16da9581e0c21db590e40dfd9e493", "key": "cvss"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "78b633596d8b6053372735d06553e837", "key": "cpe"}, {"hash": "9aadbfcd7f2ef6f356fc5adf8d37694d", "key": "cvelist"}, {"hash": "febf06d268a1c02357ad9273ac1dd189", "key": "href"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "27ea5e6775ab5a1e9b8e7950add566df", "key": "pluginID"}, {"hash": "e19ad0425a6553a20b362f59124d2f30", "key": "modified"}, {"hash": "dd71e9dbe63a7304db2b6a438056eded", "key": "sourceData"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}, {"hash": "76e8782b29cfd39782ffd31ec97c3583", "key": "published"}, {"hash": "47bd682f4591450ea7eaa9d36e8c125e", "key": "references"}, {"hash": "965cc58a8aa8073e6aaf5db233f25c6d", "key": "title"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=108435", "id": "GENTOO_GLSA-201803-09.NASL", "lastseen": "2018-06-08T07:21:08", "modified": "2018-06-07T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "108435", "published": "2018-03-19T00:00:00", "references": ["https://security.gentoo.org/glsa/201803-09"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201803-09.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108435);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/06/07 13:15:38\");\n\n script_cve_id(\"CVE-2018-6790\", \"CVE-2018-6791\");\n script_xref(name:\"GLSA\", value:\"201803-09\");\n\n script_name(english:\"GLSA-201803-09 : KDE Plasma Workspaces: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201803-09\n(KDE Plasma Workspaces: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in KDE Plasma Workspaces.\n Please review the referenced CVE identifiers for details.\n \nImpact :\n\n An attacker could execute arbitrary commands via specially crafted thumb\n drive’s volume labels or obtain sensitive information via specially\n crafted notifications.\n \nWorkaround :\n\n Users should mount removable devices with Dolphin instead of the device\n notifier.\n Users should disable notifications.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201803-09\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All KDE Plasma Workspace users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=kde-plasma/plasma-workspace-5.11.5-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:plasma-workspace\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"kde-plasma/plasma-workspace\", unaffected:make_list(\"ge 5.11.5-r1\"), vulnerable:make_list(\"lt 5.11.5-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"KDE Plasma Workspaces\");\n}\n", "title": "GLSA-201803-09 : KDE Plasma Workspaces: Multiple vulnerabilities", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss"], "edition": 2, "lastseen": "2018-06-08T07:21:08"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:plasma-workspace"], "cvelist": ["CVE-2018-6790", "CVE-2018-6791"], "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "description": "The remote host is affected by the vulnerability described in GLSA-201803-09\n(KDE Plasma Workspaces: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in KDE Plasma Workspaces.\n Please review the referenced CVE identifiers for details.\n \nImpact :\n\n An attacker could execute arbitrary commands via specially crafted thumb\n drive’s volume labels or obtain sensitive information via specially\n crafted notifications.\n \nWorkaround :\n\n Users should mount removable devices with Dolphin instead of the device\n notifier.\n Users should disable notifications.", "edition": 7, "enchantments": {"dependencies": {"modified": "2019-10-28T20:25:07", "references": [{"idList": ["GLSA-201803-09"], "type": "gentoo"}, {"idList": ["ELSA-2019-2141"], "type": "oraclelinux"}, {"idList": ["OPENVAS:1361412562310704116", "OPENVAS:1361412562310851697", "OPENVAS:1361412562310874134"], "type": "openvas"}, {"idList": ["OPENSUSE-SU-2018:0397-1", "OPENSUSE-SU-2018:0398-1"], "type": "suse"}, {"idList": ["RHSA-2019:2141"], "type": "redhat"}, {"idList": ["DEBIAN:DSA-4116-1:FDDE7"], "type": "debian"}, {"idList": ["CESA-2019:2141"], "type": "centos"}, {"idList": ["CVE-2018-6790", "CVE-2018-6791"], "type": "cve"}, {"idList": ["DEBIAN_DSA-4116.NASL", "CENTOS_RHSA-2019-2141.NASL", "FEDORA_2018-337757E11F.NASL", "FEDORA_2018-FA58E0C507.NASL", "REDHAT-RHSA-2019-2141.NASL", "SL_20190806_KDE_WORKSPACE_ON_SL7_X.NASL", "OPENSUSE-2018-147.NASL"], "type": "nessus"}]}, "score": {"modified": "2019-10-28T20:25:07", "value": 8.0, "vector": "NONE"}}, "hash": "0fca6fd6da43e0fe446e2c0ae3c7ae59aa6ce8411953f7274122baff589f2e78", "hashmap": [{"hash": "8a023c8f40e1ac111671380c0112460f", "key": "href"}, {"hash": "34ba8bb8c8715ba1907c4f732100d7a8", "key": "description"}, {"hash": "78b633596d8b6053372735d06553e837", "key": "cpe"}, {"hash": "68acb54a0eb97fdbbfdf108ab8173bac", "key": "reporter"}, {"hash": "9aadbfcd7f2ef6f356fc5adf8d37694d", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0bafb6325bcaf483a25404f785191cc5", "key": "modified"}, {"hash": "27ea5e6775ab5a1e9b8e7950add566df", "key": "pluginID"}, {"hash": "dd71e9dbe63a7304db2b6a438056eded", "key": "sourceData"}, {"hash": "cf18d881f0f76f23f322ed3f861d3616", "key": "naslFamily"}, {"hash": "76e8782b29cfd39782ffd31ec97c3583", "key": "published"}, {"hash": "47bd682f4591450ea7eaa9d36e8c125e", "key": "references"}, {"hash": "965cc58a8aa8073e6aaf5db233f25c6d", "key": "title"}, {"hash": "f74481c4d3fb2a622ac8c8a438ded811", "key": "cvss"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/108435", "id": "GENTOO_GLSA-201803-09.NASL", "lastseen": "2019-10-28T20:25:07", "modified": "2019-10-02T00:00:00", "naslFamily": "Gentoo Local Security Checks", "objectVersion": "1.3", "pluginID": "108435", "published": "2018-03-19T00:00:00", "references": ["https://security.gentoo.org/glsa/201803-09"], "reporter": "This script is Copyright (C) 2018 Tenable Network Security, Inc.", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201803-09.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108435);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/06/07 13:15:38\");\n\n script_cve_id(\"CVE-2018-6790\", \"CVE-2018-6791\");\n script_xref(name:\"GLSA\", value:\"201803-09\");\n\n script_name(english:\"GLSA-201803-09 : KDE Plasma Workspaces: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201803-09\n(KDE Plasma Workspaces: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in KDE Plasma Workspaces.\n Please review the referenced CVE identifiers for details.\n \nImpact :\n\n An attacker could execute arbitrary commands via specially crafted thumb\n drive’s volume labels or obtain sensitive information via specially\n crafted notifications.\n \nWorkaround :\n\n Users should mount removable devices with Dolphin instead of the device\n notifier.\n Users should disable notifications.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201803-09\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All KDE Plasma Workspace users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=kde-plasma/plasma-workspace-5.11.5-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:plasma-workspace\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"kde-plasma/plasma-workspace\", unaffected:make_list(\"ge 5.11.5-r1\"), vulnerable:make_list(\"lt 5.11.5-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"KDE Plasma Workspaces\");\n}\n", "title": "GLSA-201803-09 : KDE Plasma Workspaces: Multiple vulnerabilities", "type": "nessus", "viewCount": 0}, "differentElements": ["modified"], "edition": 7, "lastseen": "2019-10-28T20:25:07"}], "edition": 9, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "78b633596d8b6053372735d06553e837"}, {"key": "cvelist", "hash": "9aadbfcd7f2ef6f356fc5adf8d37694d"}, {"key": "cvss", "hash": "f74481c4d3fb2a622ac8c8a438ded811"}, {"key": "description", "hash": "34ba8bb8c8715ba1907c4f732100d7a8"}, {"key": "href", "hash": "8a023c8f40e1ac111671380c0112460f"}, {"key": "modified", "hash": "5a7504dfe859a7ccbaf560628f6442ad"}, {"key": "naslFamily", "hash": "cf18d881f0f76f23f322ed3f861d3616"}, {"key": "pluginID", "hash": "27ea5e6775ab5a1e9b8e7950add566df"}, {"key": "published", "hash": "76e8782b29cfd39782ffd31ec97c3583"}, {"key": "references", "hash": "47bd682f4591450ea7eaa9d36e8c125e"}, {"key": "reporter", "hash": "68acb54a0eb97fdbbfdf108ab8173bac"}, {"key": "sourceData", "hash": "dd71e9dbe63a7304db2b6a438056eded"}, {"key": "title", "hash": "965cc58a8aa8073e6aaf5db233f25c6d"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "38d496455b5f76aa37da13aff94e6ab07bc59a71dba38bf2a2fb327b85d372c0", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-6791", "CVE-2018-6790"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310874134", "OPENVAS:1361412562310851697", "OPENVAS:1361412562310704116"]}, {"type": "nessus", "idList": ["FEDORA_2018-337757E11F.NASL", "OPENSUSE-2018-147.NASL", "FEDORA_2018-FA58E0C507.NASL", "REDHAT-RHSA-2019-2141.NASL", "DEBIAN_DSA-4116.NASL", "CENTOS_RHSA-2019-2141.NASL", "SL_20190806_KDE_WORKSPACE_ON_SL7_X.NASL"]}, {"type": "gentoo", "idList": ["GLSA-201803-09"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:0398-1", "OPENSUSE-SU-2018:0397-1"]}, {"type": "centos", "idList": ["CESA-2019:2141"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4116-1:FDDE7"]}, {"type": "redhat", "idList": ["RHSA-2019:2141"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-2141"]}], "modified": "2019-12-13T07:36:03"}, "score": {"value": 8.0, "vector": "NONE", "modified": "2019-12-13T07:36:03"}, "vulnersScore": 8.0}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201803-09.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(108435);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2018/06/07 13:15:38\");\n\n script_cve_id(\"CVE-2018-6790\", \"CVE-2018-6791\");\n script_xref(name:\"GLSA\", value:\"201803-09\");\n\n script_name(english:\"GLSA-201803-09 : KDE Plasma Workspaces: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201803-09\n(KDE Plasma Workspaces: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in KDE Plasma Workspaces.\n Please review the referenced CVE identifiers for details.\n \nImpact :\n\n An attacker could execute arbitrary commands via specially crafted thumb\n drive’s volume labels or obtain sensitive information via specially\n crafted notifications.\n \nWorkaround :\n\n Users should mount removable devices with Dolphin instead of the device\n notifier.\n Users should disable notifications.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201803-09\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All KDE Plasma Workspace users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=kde-plasma/plasma-workspace-5.11.5-r1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:plasma-workspace\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"kde-plasma/plasma-workspace\", unaffected:make_list(\"ge 5.11.5-r1\"), vulnerable:make_list(\"lt 5.11.5-r1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"KDE Plasma Workspaces\");\n}\n", "naslFamily": "Gentoo Local Security Checks", "pluginID": "108435", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:plasma-workspace"], "scheme": null}
{"cve": [{"lastseen": "2019-10-10T12:29:27", "bulletinFamily": "NVD", "description": "An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. When a vfat thumbdrive that contains `` or $() in its volume label is plugged in and mounted through the device notifier, it's interpreted as a shell command, leading to a possibility of arbitrary command execution. An example of an offending volume label is \"$(touch b)\" -- this will create a file called b in the home folder.", "modified": "2019-10-03T00:03:00", "id": "CVE-2018-6791", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6791", "published": "2018-02-07T02:29:00", "title": "CVE-2018-6791", "type": "cve", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-10-10T12:29:27", "bulletinFamily": "NVD", "description": "An issue was discovered in KDE Plasma Workspace before 5.12.0. dataengines/notifications/notificationsengine.cpp allows remote attackers to discover client IP addresses via a URL in a notification, as demonstrated by the src attribute of an IMG element.", "modified": "2019-08-06T17:15:00", "id": "CVE-2018-6790", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6790", "published": "2018-02-07T02:29:00", "title": "CVE-2018-6790", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "openvas": [{"lastseen": "2019-05-29T18:33:02", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-02-21T00:00:00", "id": "OPENVAS:1361412562310874134", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310874134", "title": "Fedora Update for plasma-workspace FEDORA-2018-337757e11f", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_337757e11f_plasma-workspace_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for plasma-workspace FEDORA-2018-337757e11f\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.874134\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-02-21 08:52:07 +0100 (Wed, 21 Feb 2018)\");\n script_cve_id(\"CVE-2018-6790\", \"CVE-2018-6791\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for plasma-workspace FEDORA-2018-337757e11f\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'plasma-workspace'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"plasma-workspace on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"FEDORA\", value:\"2018-337757e11f\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FVIFQ4DJ223B3HVTGCUODFPWIOVCEOCB\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"plasma-workspace\", rpm:\"plasma-workspace~5.10.5~6.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:32:46", "bulletinFamily": "scanner", "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2018-02-10T00:00:00", "id": "OPENVAS:1361412562310851697", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851697", "title": "SuSE Update for plasma5-workspace openSUSE-SU-2018:0397-1 (plasma5-workspace)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_suse_2018_0397_1.nasl 12497 2018-11-23 08:28:21Z cfischer $\n#\n# SuSE Update for plasma5-workspace openSUSE-SU-2018:0397-1 (plasma5-workspace)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851697\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2018-02-10 07:53:58 +0100 (Sat, 10 Feb 2018)\");\n script_cve_id(\"CVE-2018-6790\", \"CVE-2018-6791\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SuSE Update for plasma5-workspace openSUSE-SU-2018:0397-1 (plasma5-workspace)\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'plasma5-workspace'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"This update for plasma5-workspace fixes security issues and bugs.\n\n The following vulnerabilities were fixed:\n\n - CVE-2018-6790: Desktop notifications could have been used to load\n arbitrary remote images into Plasma, allowing for client IP discovery\n (boo#1079429)\n\n - CVE-2018-6791: A specially crafted file system label may have allowed\n execution of arbitrary code (boo#1079751)\n\n The following bugs were fixed:\n\n - Plasma could freeze with certain notifications (boo#1013550)\");\n script_tag(name:\"affected\", value:\"plasma5-workspace on openSUSE Leap 42.3\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:0397_1\");\n script_xref(name:\"URL\", value:\"http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00010.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\nres = \"\";\n\nif(release == \"openSUSELeap42.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"drkonqi5\", rpm:\"drkonqi5~5.8.7~11.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"drkonqi5-debuginfo\", rpm:\"drkonqi5-debuginfo~5.8.7~11.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"plasma5-workspace\", rpm:\"plasma5-workspace~5.8.7~11.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"plasma5-workspace-debuginfo\", rpm:\"plasma5-workspace-debuginfo~5.8.7~11.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"plasma5-workspace-debugsource\", rpm:\"plasma5-workspace-debugsource~5.8.7~11.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"plasma5-workspace-devel\", rpm:\"plasma5-workspace-devel~5.8.7~11.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"plasma5-workspace-libs\", rpm:\"plasma5-workspace-libs~5.8.7~11.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"plasma5-workspace-libs-debuginfo\", rpm:\"plasma5-workspace-libs-debuginfo~5.8.7~11.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"plasma5-workspace-lang\", rpm:\"plasma5-workspace-lang~5.8.7~11.1\", rls:\"openSUSELeap42.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-07-04T18:56:09", "bulletinFamily": "scanner", "description": "Krzysztof Sieluzycki discovered that the notifier for removable devices\nin the KDE Plasma workspace performed insufficient sanitisation of\nFAT/VFAT volume labels, which could result in the execution of arbitrary\nshell commands if a removable device with a malformed disk label is\nmounted.", "modified": "2019-07-04T00:00:00", "published": "2018-02-16T00:00:00", "id": "OPENVAS:1361412562310704116", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704116", "title": "Debian Security Advisory DSA 4116-1 (plasma-workspace - security update)", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4116-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704116\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2018-6791\");\n script_name(\"Debian Security Advisory DSA 4116-1 (plasma-workspace - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-02-16 00:00:00 +0100 (Fri, 16 Feb 2018)\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4116.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"plasma-workspace on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), this problem has been fixed in\nversion 4:5.8.6-2.1+deb9u1.\n\nWe recommend that you upgrade your plasma-workspace packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/plasma-workspace\");\n script_tag(name:\"summary\", value:\"Krzysztof Sieluzycki discovered that the notifier for removable devices\nin the KDE Plasma workspace performed insufficient sanitisation of\nFAT/VFAT volume labels, which could result in the execution of arbitrary\nshell commands if a removable device with a malformed disk label is\nmounted.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"libkworkspace5-5\", ver:\"4:5.8.6-2.1+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libplasma-geolocation-interface5\", ver:\"4:5.8.6-2.1+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libtaskmanager6\", ver:\"4:5.8.6-2.1+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libweather-ion7\", ver:\"4:5.8.6-2.1+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"plasma-workspace\", ver:\"4:5.8.6-2.1+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"plasma-workspace-dev\", ver:\"4:5.8.6-2.1+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"plasma-workspace-wayland\", ver:\"4:5.8.6-2.1+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"sddm-theme-breeze\", ver:\"4:5.8.6-2.1+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"sddm-theme-debian-breeze\", ver:\"4:5.8.6-2.1+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2019-12-13T08:20:57", "bulletinFamily": "scanner", "description": "This update for plasma5-workspace fixes security issues and bugs.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2018-6790: Desktop notifications could have been\n used to load arbitrary remote images into Plasma,\n allowing for client IP discovery (boo#1079429)\n\n - CVE-2018-6791: A specially crafted file system label may\n have allowed execution of arbitrary code (boo#1079751)\n\nThe following bugs were fixed :\n\n - Plasma could freeze with certain notifications\n (boo#1013550)", "modified": "2019-12-02T00:00:00", "id": "OPENSUSE-2018-147.NASL", "href": "https://www.tenable.com/plugins/nessus/106702", "published": "2018-02-09T00:00:00", "title": "openSUSE Security Update : plasma5-workspace (openSUSE-2018-147)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-147.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106702);\n script_version(\"3.3\");\n script_cvs_date(\"Date: 2018/03/19 16:26:30\");\n\n script_cve_id(\"CVE-2018-6790\", \"CVE-2018-6791\");\n\n script_name(english:\"openSUSE Security Update : plasma5-workspace (openSUSE-2018-147)\");\n script_summary(english:\"Check for the openSUSE-2018-147 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for plasma5-workspace fixes security issues and bugs.\n\nThe following vulnerabilities were fixed :\n\n - CVE-2018-6790: Desktop notifications could have been\n used to load arbitrary remote images into Plasma,\n allowing for client IP discovery (boo#1079429)\n\n - CVE-2018-6791: A specially crafted file system label may\n have allowed execution of arbitrary code (boo#1079751)\n\nThe following bugs were fixed :\n\n - Plasma could freeze with certain notifications\n (boo#1013550)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013550\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1079429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1079751\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected plasma5-workspace packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:drkonqi5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:drkonqi5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:plasma5-workspace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:plasma5-workspace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:plasma5-workspace-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:plasma5-workspace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:plasma5-workspace-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:plasma5-workspace-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:plasma5-workspace-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"drkonqi5-5.8.7-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"drkonqi5-debuginfo-5.8.7-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"plasma5-workspace-5.8.7-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"plasma5-workspace-debuginfo-5.8.7-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"plasma5-workspace-debugsource-5.8.7-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"plasma5-workspace-devel-5.8.7-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"plasma5-workspace-lang-5.8.7-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"plasma5-workspace-libs-5.8.7-11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"plasma5-workspace-libs-debuginfo-5.8.7-11.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"drkonqi5 / drkonqi5-debuginfo / plasma5-workspace / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T07:10:16", "bulletinFamily": "scanner", "description": "Fix for CVE-2018-6790 CVE-2018-6791, backport crashfix for\nxembedsniproxy\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "modified": "2019-12-02T00:00:00", "id": "FEDORA_2018-337757E11F.NASL", "href": "https://www.tenable.com/plugins/nessus/106907", "published": "2018-02-21T00:00:00", "title": "Fedora 26 : plasma-workspace (2018-337757e11f)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-337757e11f.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106907);\n script_version(\"3.4\");\n script_cvs_date(\"Date: 2019/09/25 17:12:11\");\n\n script_cve_id(\"CVE-2018-6790\", \"CVE-2018-6791\");\n script_xref(name:\"FEDORA\", value:\"2018-337757e11f\");\n\n script_name(english:\"Fedora 26 : plasma-workspace (2018-337757e11f)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for CVE-2018-6790 CVE-2018-6791, backport crashfix for\nxembedsniproxy\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-337757e11f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected plasma-workspace package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:plasma-workspace\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"plasma-workspace-5.10.5-6.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"plasma-workspace\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T07:16:10", "bulletinFamily": "scanner", "description": "Fix for CVE-2018-6790 CVE-2018-6791\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "modified": "2019-12-02T00:00:00", "id": "FEDORA_2018-FA58E0C507.NASL", "href": "https://www.tenable.com/plugins/nessus/106784", "published": "2018-02-13T00:00:00", "title": "Fedora 27 : plasma-workspace (2018-fa58e0c507)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-fa58e0c507.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106784);\n script_version(\"3.4\");\n script_cvs_date(\"Date: 2019/09/23 11:21:09\");\n\n script_cve_id(\"CVE-2018-6790\", \"CVE-2018-6791\");\n script_xref(name:\"FEDORA\", value:\"2018-fa58e0c507\");\n\n script_name(english:\"Fedora 27 : plasma-workspace (2018-fa58e0c507)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Fix for CVE-2018-6790 CVE-2018-6791\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-fa58e0c507\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected plasma-workspace package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:plasma-workspace\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:27\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^27([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 27\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC27\", reference:\"plasma-workspace-5.11.5-3.fc27\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"plasma-workspace\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T09:09:38", "bulletinFamily": "scanner", "description": "An update for kde-workspace, kde-settings, kdelibs, kmag, and\nvirtuoso-opensource is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Low. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link (s) in the References section.\n\nThe K Desktop Environment (KDE) is a graphical desktop environment for\nthe X Window System. The kdelibs packages include core libraries for\nthe K Desktop Environment.\n\nThe kde-workspace packages consist of components providing the KDE\ngraphical desktop environment.\n\nSecurity Fix(es) :\n\n* kde-workspace: Missing sanitization of notifications allows to leak\nclient IP address via IMG element (CVE-2018-6790)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.7 Release Notes linked from the References section.", "modified": "2019-12-02T00:00:00", "id": "REDHAT-RHSA-2019-2141.NASL", "href": "https://www.tenable.com/plugins/nessus/127682", "published": "2019-08-12T00:00:00", "title": "RHEL 7 : kde-workspace (RHSA-2019:2141)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:2141. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127682);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/10/24 15:35:47\");\n\n script_cve_id(\"CVE-2018-6790\");\n script_xref(name:\"RHSA\", value:\"2019:2141\");\n\n script_name(english:\"RHEL 7 : kde-workspace (RHSA-2019:2141)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kde-workspace, kde-settings, kdelibs, kmag, and\nvirtuoso-opensource is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Low. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link (s) in the References section.\n\nThe K Desktop Environment (KDE) is a graphical desktop environment for\nthe X Window System. The kdelibs packages include core libraries for\nthe K Desktop Environment.\n\nThe kde-workspace packages consist of components providing the KDE\ngraphical desktop environment.\n\nSecurity Fix(es) :\n\n* kde-workspace: Missing sanitization of notifications allows to leak\nclient IP address via IMG element (CVE-2018-6790)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.7 Release Notes linked from the References section.\"\n );\n # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3395ff0b\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:2141\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-6790\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kcm_colors\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kde-settings\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kde-settings-ksplash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kde-settings-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kde-settings-plasma\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kde-settings-pulseaudio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kde-style-oxygen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kde-workspace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kde-workspace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kde-workspace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kde-workspace-ksplash-themes\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kde-workspace-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kdeclassic-cursor-theme\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kdelibs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kdelibs-apidocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kdelibs-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kdelibs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kdelibs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kdelibs-ktexteditor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kgreeter-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:khotkeys\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:khotkeys-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kinfocenter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kmag\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kmag-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kmenuedit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ksysguard\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ksysguard-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ksysguardd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kwin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kwin-gles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kwin-gles-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kwin-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libkworkspace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:oxygen-cursor-themes\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:plasma-scriptengine-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:plasma-scriptengine-ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:qt-settings\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:virtuoso-opensource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:virtuoso-opensource-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:virtuoso-opensource-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:2141\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kcm_colors-4.11.19-13.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kcm_colors-4.11.19-13.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kde-settings-19-23.9.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kde-settings-ksplash-19-23.9.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kde-settings-minimal-19-23.9.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kde-settings-plasma-19-23.9.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kde-settings-pulseaudio-19-23.9.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kde-style-oxygen-4.11.19-13.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kde-workspace-4.11.19-13.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kde-workspace-4.11.19-13.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kde-workspace-debuginfo-4.11.19-13.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kde-workspace-devel-4.11.19-13.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kde-workspace-ksplash-themes-4.11.19-13.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kde-workspace-libs-4.11.19-13.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kdeclassic-cursor-theme-4.11.19-13.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kdelibs-4.14.8-10.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kdelibs-apidocs-4.14.8-10.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kdelibs-common-4.14.8-10.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kdelibs-common-4.14.8-10.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kdelibs-debuginfo-4.14.8-10.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kdelibs-devel-4.14.8-10.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kdelibs-ktexteditor-4.14.8-10.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kgreeter-plugins-4.11.19-13.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kgreeter-plugins-4.11.19-13.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"khotkeys-4.11.19-13.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"khotkeys-4.11.19-13.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"khotkeys-libs-4.11.19-13.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kinfocenter-4.11.19-13.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kinfocenter-4.11.19-13.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kmag-4.10.5-4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kmag-debuginfo-4.10.5-4.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kmenuedit-4.11.19-13.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kmenuedit-4.11.19-13.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"ksysguard-4.11.19-13.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ksysguard-4.11.19-13.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"ksysguard-libs-4.11.19-13.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"ksysguardd-4.11.19-13.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"ksysguardd-4.11.19-13.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kwin-4.11.19-13.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kwin-4.11.19-13.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"kwin-gles-4.11.19-13.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"kwin-gles-4.11.19-13.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kwin-gles-libs-4.11.19-13.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"kwin-libs-4.11.19-13.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"libkworkspace-4.11.19-13.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"oxygen-cursor-themes-4.11.19-13.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"plasma-scriptengine-python-4.11.19-13.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"plasma-scriptengine-python-4.11.19-13.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"plasma-scriptengine-ruby-4.11.19-13.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"plasma-scriptengine-ruby-4.11.19-13.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", reference:\"qt-settings-19-23.9.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"virtuoso-opensource-6.1.6-7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"virtuoso-opensource-6.1.6-7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"virtuoso-opensource-debuginfo-6.1.6-7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"virtuoso-opensource-debuginfo-6.1.6-7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"s390x\", reference:\"virtuoso-opensource-utils-6.1.6-7.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"virtuoso-opensource-utils-6.1.6-7.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kcm_colors / kde-settings / kde-settings-ksplash / etc\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-12-13T06:53:16", "bulletinFamily": "scanner", "description": "Krzysztof Sieluzycki discovered that the notifier for removable\ndevices in the KDE Plasma workspace performed insufficient\nsanitisation of FAT/VFAT volume labels, which could result in the\nexecution of arbitrary shell commands if a removable device with a\nmalformed disk label is mounted.", "modified": "2019-12-02T00:00:00", "id": "DEBIAN_DSA-4116.NASL", "href": "https://www.tenable.com/plugins/nessus/106874", "published": "2018-02-20T00:00:00", "title": "Debian DSA-4116-1 : plasma-workspace - security update", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4116. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106874);\n script_version(\"3.5\");\n script_cvs_date(\"Date: 2018/11/13 12:30:46\");\n\n script_cve_id(\"CVE-2018-6791\");\n script_xref(name:\"DSA\", value:\"4116\");\n\n script_name(english:\"Debian DSA-4116-1 : plasma-workspace - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Krzysztof Sieluzycki discovered that the notifier for removable\ndevices in the KDE Plasma workspace performed insufficient\nsanitisation of FAT/VFAT volume labels, which could result in the\nexecution of arbitrary shell commands if a removable device with a\nmalformed disk label is mounted.\"\n );\n # https://security-tracker.debian.org/tracker/source-package/plasma-workspace\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1dd18931\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/plasma-workspace\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4116\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the plasma-workspace packages.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 4:5.8.6-2.1+deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:plasma-workspace\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"libkworkspace5-5\", reference:\"4:5.8.6-2.1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libplasma-geolocation-interface5\", reference:\"4:5.8.6-2.1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libtaskmanager6\", reference:\"4:5.8.6-2.1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libweather-ion7\", reference:\"4:5.8.6-2.1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"plasma-workspace\", reference:\"4:5.8.6-2.1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"plasma-workspace-dev\", reference:\"4:5.8.6-2.1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"plasma-workspace-wayland\", reference:\"4:5.8.6-2.1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"sddm-theme-breeze\", reference:\"4:5.8.6-2.1+deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"sddm-theme-debian-breeze\", reference:\"4:5.8.6-2.1+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T09:17:18", "bulletinFamily": "scanner", "description": "Security Fix(es) :\n\n - kde-workspace: Missing sanitization of notifications\n allows to leak client IP address via IMG element\n (CVE-2018-6790)", "modified": "2019-12-02T00:00:00", "id": "SL_20190806_KDE_WORKSPACE_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/128224", "published": "2019-08-27T00:00:00", "title": "Scientific Linux Security Update : kde-workspace on SL7.x x86_64", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128224);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/08/27 9:41:30\");\n\n script_cve_id(\"CVE-2018-6790\");\n\n script_name(english:\"Scientific Linux Security Update : kde-workspace on SL7.x x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - kde-workspace: Missing sanitization of notifications\n allows to leak client IP address via IMG element\n (CVE-2018-6790)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1908&L=SCIENTIFIC-LINUX-ERRATA&P=24388\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a5d6dacd\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kcm_colors-4.11.19-13.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kde-settings-19-23.9.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kde-settings-19-23.9.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kde-settings-ksplash-19-23.9.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kde-settings-ksplash-19-23.9.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kde-settings-minimal-19-23.9.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kde-settings-minimal-19-23.9.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kde-settings-plasma-19-23.9.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kde-settings-plasma-19-23.9.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kde-settings-pulseaudio-19-23.9.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kde-settings-pulseaudio-19-23.9.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kde-style-oxygen-4.11.19-13.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kde-workspace-4.11.19-13.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kde-workspace-debuginfo-4.11.19-13.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kde-workspace-devel-4.11.19-13.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kde-workspace-ksplash-themes-4.11.19-13.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kde-workspace-ksplash-themes-4.11.19-13.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kde-workspace-libs-4.11.19-13.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kdeclassic-cursor-theme-4.11.19-13.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kdeclassic-cursor-theme-4.11.19-13.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kdelibs-4.14.8-10.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"kdelibs-apidocs-4.14.8-10.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kdelibs-apidocs-4.14.8-10.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kdelibs-common-4.14.8-10.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kdelibs-debuginfo-4.14.8-10.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kdelibs-devel-4.14.8-10.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kdelibs-ktexteditor-4.14.8-10.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kgreeter-plugins-4.11.19-13.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"khotkeys-4.11.19-13.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"khotkeys-libs-4.11.19-13.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kinfocenter-4.11.19-13.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kmag-4.10.5-4.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kmag-debuginfo-4.10.5-4.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kmenuedit-4.11.19-13.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ksysguard-4.11.19-13.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ksysguard-libs-4.11.19-13.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"ksysguardd-4.11.19-13.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kwin-4.11.19-13.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kwin-gles-4.11.19-13.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kwin-gles-libs-4.11.19-13.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"kwin-libs-4.11.19-13.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"libkworkspace-4.11.19-13.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"oxygen-cursor-themes-4.11.19-13.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"oxygen-cursor-themes-4.11.19-13.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"plasma-scriptengine-python-4.11.19-13.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"plasma-scriptengine-ruby-4.11.19-13.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"qt-settings-19-23.9.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"qt-settings-19-23.9.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"virtuoso-opensource-6.1.6-7.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"virtuoso-opensource-debuginfo-6.1.6-7.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"virtuoso-opensource-utils-6.1.6-7.el7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-12-13T06:45:37", "bulletinFamily": "scanner", "description": "An update for kde-workspace, kde-settings, kdelibs, kmag, and\nvirtuoso-opensource is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Low. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link (s) in the References section.\n\nThe K Desktop Environment (KDE) is a graphical desktop environment for\nthe X Window System. The kdelibs packages include core libraries for\nthe K Desktop Environment.\n\nThe kde-workspace packages consist of components providing the KDE\ngraphical desktop environment.\n\nSecurity Fix(es) :\n\n* kde-workspace: Missing sanitization of notifications allows to leak\nclient IP address via IMG element (CVE-2018-6790)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.7 Release Notes linked from the References section.", "modified": "2019-12-02T00:00:00", "id": "CENTOS_RHSA-2019-2141.NASL", "href": "https://www.tenable.com/plugins/nessus/128362", "published": "2019-08-30T00:00:00", "title": "CentOS 7 : kde-settings / kde-workspace / kdelibs / kmag / virtuoso-opensource (CESA-2019:2141)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:2141 and \n# CentOS Errata and Security Advisory 2019:2141 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128362);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/10/02 15:30:22\");\n\n script_cve_id(\"CVE-2018-6790\");\n script_xref(name:\"RHSA\", value:\"2019:2141\");\n\n script_name(english:\"CentOS 7 : kde-settings / kde-workspace / kdelibs / kmag / virtuoso-opensource (CESA-2019:2141)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kde-workspace, kde-settings, kdelibs, kmag, and\nvirtuoso-opensource is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Low. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link (s) in the References section.\n\nThe K Desktop Environment (KDE) is a graphical desktop environment for\nthe X Window System. The kdelibs packages include core libraries for\nthe K Desktop Environment.\n\nThe kde-workspace packages consist of components providing the KDE\ngraphical desktop environment.\n\nSecurity Fix(es) :\n\n* kde-workspace: Missing sanitization of notifications allows to leak\nclient IP address via IMG element (CVE-2018-6790)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nAdditional Changes :\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.7 Release Notes linked from the References section.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2019-August/005925.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0ed4c873\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2019-August/005926.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8dc65282\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2019-August/005927.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?459daa4c\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2019-August/005931.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?3fd23ca6\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2019-August/006178.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0d610d3e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kcm_colors\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kde-settings\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kde-settings-ksplash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kde-settings-minimal\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kde-settings-plasma\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kde-settings-pulseaudio\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kde-style-oxygen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kde-workspace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kde-workspace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kde-workspace-ksplash-themes\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kde-workspace-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kdeclassic-cursor-theme\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kdelibs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kdelibs-apidocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kdelibs-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kdelibs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kdelibs-ktexteditor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kgreeter-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:khotkeys\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:khotkeys-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kinfocenter\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kmag\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kmenuedit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ksysguard\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ksysguard-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:ksysguardd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kwin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kwin-gles\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kwin-gles-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kwin-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:libkworkspace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:oxygen-cursor-themes\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:plasma-scriptengine-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:plasma-scriptengine-ruby\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:qt-settings\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:virtuoso-opensource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:virtuoso-opensource-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/02/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kcm_colors-4.11.19-13.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kde-settings-19-23.9.el7.centos\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kde-settings-ksplash-19-23.9.el7.centos\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kde-settings-minimal-19-23.9.el7.centos\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kde-settings-plasma-19-23.9.el7.centos\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kde-settings-pulseaudio-19-23.9.el7.centos\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kde-style-oxygen-4.11.19-13.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kde-workspace-4.11.19-13.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kde-workspace-devel-4.11.19-13.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kde-workspace-ksplash-themes-4.11.19-13.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kde-workspace-libs-4.11.19-13.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kdeclassic-cursor-theme-4.11.19-13.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kdelibs-4.14.8-10.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kdelibs-apidocs-4.14.8-10.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kdelibs-common-4.14.8-10.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kdelibs-devel-4.14.8-10.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kdelibs-ktexteditor-4.14.8-10.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kgreeter-plugins-4.11.19-13.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"khotkeys-4.11.19-13.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"khotkeys-libs-4.11.19-13.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kinfocenter-4.11.19-13.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kmag-4.10.5-4.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kmenuedit-4.11.19-13.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ksysguard-4.11.19-13.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ksysguard-libs-4.11.19-13.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"ksysguardd-4.11.19-13.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kwin-4.11.19-13.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kwin-gles-4.11.19-13.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kwin-gles-libs-4.11.19-13.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"kwin-libs-4.11.19-13.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"libkworkspace-4.11.19-13.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"oxygen-cursor-themes-4.11.19-13.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"plasma-scriptengine-python-4.11.19-13.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"plasma-scriptengine-ruby-4.11.19-13.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"qt-settings-19-23.9.el7.centos\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"virtuoso-opensource-6.1.6-7.el7\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"virtuoso-opensource-utils-6.1.6-7.el7\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kcm_colors / kde-settings / kde-settings-ksplash / etc\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "suse": [{"lastseen": "2018-02-08T14:54:39", "bulletinFamily": "unix", "description": "This update for plasma5-workspace fixes security issues and bugs.\n\n The following vulnerabilities were fixed:\n\n - CVE-2018-6790: Desktop notifications could have been used to load\n arbitrary remote images into Plasma, allowing for client IP discovery\n (boo#1079429)\n - CVE-2018-6791: A specially crafted file system label may have allowed\n execution of arbitrary code (boo#1079751)\n\n The following bugs were fixed:\n\n - Plasma could freeze with certain notifications (boo#1013550)\n\n", "modified": "2018-02-08T12:17:28", "published": "2018-02-08T12:17:28", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00010.html", "id": "OPENSUSE-SU-2018:0397-1", "title": "Security update for plasma5-workspace (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2018-02-08T14:54:39", "bulletinFamily": "unix", "description": "This update for plasma5-workspace fixes security issues and bugs.\n\n The following vulnerabilities were fixed:\n\n - CVE-2018-6790: Desktop notifications could have been used to load\n arbitrary remote images into Plasma, allowing for client IP discovery\n (boo#1079429)\n - CVE-2018-6791: A specially crafted file system label may have allowed\n execution of arbitrary code (boo#1079751)\n\n The following bugs were fixed:\n\n - Plasma could freeze with certain notifications (boo#1013550)\n\n", "modified": "2018-02-08T12:18:05", "published": "2018-02-08T12:18:05", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00011.html", "id": "OPENSUSE-SU-2018:0398-1", "title": "Security update for plasma5-workspace (important)", "type": "suse", "cvss": {"score": 0.0, "vector": "NONE"}}], "gentoo": [{"lastseen": "2018-03-19T05:26:19", "bulletinFamily": "unix", "description": "### Background\n\nKDE Plasma workspace is a widget based desktop environment designed to be fast and efficient. \n\n### Description\n\nMultiple vulnerabilities have been discovered in KDE Plasma Workspaces. Please review the referenced CVE identifiers for details. \n\n### Impact\n\nAn attacker could execute arbitrary commands via specially crafted thumb drive\u2019s volume labels or obtain sensitive information via specially crafted notifications. \n\n### Workaround\n\nUsers should mount removable devices with Dolphin instead of the device notifier. \n\nUsers should disable notifications.\n\n### Resolution\n\nAll KDE Plasma Workspace users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=kde-plasma/plasma-workspace-5.11.5-r1\"", "modified": "2018-03-19T00:00:00", "published": "2018-03-19T00:00:00", "href": "https://security.gentoo.org/glsa/201803-09", "id": "GLSA-201803-09", "type": "gentoo", "title": "KDE Plasma Workspaces: Multiple vulnerabilities", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2019-08-30T10:40:20", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2019:2141\n\n\nThe K Desktop Environment (KDE) is a graphical desktop environment for the X Window System. The kdelibs packages include core libraries for the K Desktop Environment. \n\nThe kde-workspace packages consist of components providing the KDE graphical desktop environment.\n\nSecurity Fix(es):\n\n* kde-workspace: Missing sanitization of notifications allows to leak client IP address via IMG element (CVE-2018-6790)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2019-August/005925.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2019-August/005926.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2019-August/005927.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2019-August/005931.html\nhttp://lists.centos.org/pipermail/centos-cr-announce/2019-August/006178.html\n\n**Affected packages:**\nkcm_colors\nkde-settings\nkde-settings-ksplash\nkde-settings-minimal\nkde-settings-plasma\nkde-settings-pulseaudio\nkde-style-oxygen\nkde-workspace\nkde-workspace-devel\nkde-workspace-ksplash-themes\nkde-workspace-libs\nkdeclassic-cursor-theme\nkdelibs\nkdelibs-apidocs\nkdelibs-common\nkdelibs-devel\nkdelibs-ktexteditor\nkgreeter-plugins\nkhotkeys\nkhotkeys-libs\nkinfocenter\nkmag\nkmenuedit\nksysguard\nksysguard-libs\nksysguardd\nkwin\nkwin-gles\nkwin-gles-libs\nkwin-libs\nlibkworkspace\noxygen-cursor-themes\nplasma-scriptengine-python\nplasma-scriptengine-ruby\nqt-settings\nvirtuoso-opensource\nvirtuoso-opensource-utils\n\n**Upstream details at:**\n", "modified": "2019-08-30T04:33:05", "published": "2019-08-30T03:07:33", "id": "CESA-2019:2141", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2019-August/005925.html", "title": "kcm_colors, kde, kdeclassic, kdelibs, kgreeter, khotkeys, kinfocenter, kmag, kmenuedit, ksysguard, ksysguardd, kwin, libkworkspace, oxygen, plasma, qt, virtuoso security update", "type": "centos", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "debian": [{"lastseen": "2019-10-24T22:42:01", "bulletinFamily": "unix", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4116-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nFebruary 16, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : plasma-workspace\nCVE ID : CVE-2018-6791\n\nKrzysztof Sieluzycki discovered that the notifier for removable devices\nin the KDE Plasma workspace performed insufficient sanitisation of\nFAT/VFAT volume labels, which could result in the execution of arbitrary\nshell commands if a removable device with a malformed disk label is\nmounted.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 4:5.8.6-2.1+deb9u1.\n\nWe recommend that you upgrade your plasma-workspace packages.\n\nFor the detailed security status of plasma-workspace please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/plasma-workspace\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "modified": "2018-02-16T20:46:54", "published": "2018-02-16T20:46:54", "id": "DEBIAN:DSA-4116-1:FDDE7", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2018/msg00041.html", "title": "[SECURITY] [DSA 4116-1] plasma-workspace security update", "type": "debian", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-15T00:46:36", "bulletinFamily": "unix", "description": "The K Desktop Environment (KDE) is a graphical desktop environment for the X Window System. The kdelibs packages include core libraries for the K Desktop Environment. \n\nThe kde-workspace packages consist of components providing the KDE graphical desktop environment.\n\nSecurity Fix(es):\n\n* kde-workspace: Missing sanitization of notifications allows to leak client IP address via IMG element (CVE-2018-6790)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.", "modified": "2019-08-06T13:46:42", "published": "2019-08-06T12:05:47", "id": "RHSA-2019:2141", "href": "https://access.redhat.com/errata/RHSA-2019:2141", "type": "redhat", "title": "(RHSA-2019:2141) Low: kde-workspace security and bug fix update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "oraclelinux": [{"lastseen": "2019-08-14T08:38:35", "bulletinFamily": "unix", "description": "kdelibs\n[6:4.14.8-10]\n- Do not fork konsole process when opening terminal from apps using dolphin-part\n Resolves: bz#1710362\n[6:4.14.8-9]\n- Do not fork konsole process when opening terminal from apps using dolphin-part\n Resolves: bz#1710362\n[6:4.14.8-8]\n- Disable JAR repack script to avoid multilib regression\n Resolves: bz#1542864\n[6:4.14.8-7]\n- Handle case-sensitive mime types\n Resolves: bz#1542864\nkde-settings\n[19-23.9.0.1]\n- Change GreetString [bug 11710280]\n[19-23.9]\n- Check if we have write access to home directory before creating default folders\n Resolves: bz#1579764\nkde-workspace\n[4.11-19-13]\n- Sanitise notification HTML\n Resolves: bz#1568853\n- Increase cpu buffer size in ksysguard\n Resolves: bz#1611762\nkmag\n[4.10.5-4]\n- Make border around arrow cursor bright\n Resolves: bz#1619362\nvirtuoso-opensource\n[1:6.1.6-7]\n- Fix URL\n Resolves: bz#1583962", "modified": "2019-08-13T00:00:00", "published": "2019-08-13T00:00:00", "id": "ELSA-2019-2141", "href": "http://linux.oracle.com/errata/ELSA-2019-2141.html", "title": "kde-workspace security and bug fix update", "type": "oraclelinux", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}]}