SUSE CVE-2018-6791

An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. When a vfat thumbdrive that contains or $ in its volume label is plugged in and mounted through the device notifier, it's interpreted as a shell command, leading to a possibility of arbitrary...

Fedora Update for plasma-workspace FEDORA-2018-337757e11f

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 26 : plasma-workspace (2018-337757e11f)

Fix for CVE-2018-6790 CVE-2018-6791, backport crashfix for xembedsniproxy Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...

Debian DSA-4116-1 : plasma-workspace - security update

Krzysztof Sieluzycki discovered that the notifier for removable devices in the KDE Plasma workspace performed insufficient sanitisation of FAT/VFAT volume labels, which could result in the execution of arbitrary shell commands if a removable device with a malformed disk label is mounted. C Tenabl...

[SECURITY] [DSA 4116-1] plasma-workspace security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4116-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 16, 2018 https://www.debian.org/security/faq -...

Debian: Security Advisory (DSA-4116-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 27 : plasma-workspace (2018-fa58e0c507)

Fix for CVE-2018-6790 CVE-2018-6791 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...

CVE-2018-6791

creationtimestamp| type| source ---|---|--- 2018-02-12 12:53:46+00:00| seen| https://t.me/SecLabNews/1515...

openSUSE: Security Advisory for plasma5-workspace (openSUSE-SU-2018:0397-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[ASA-201802-4] plasma-workspace: arbitrary command execution

Arch Linux Security Advisory ASA-201802-4 ========================================= Severity: High Date : 2018-02-09 CVE-ID : CVE-2018-6791 Package : plasma-workspace Type : arbitrary command execution Remote : No Link : https://security.archlinux.org/AVG-607 Summary ======= The package...

openSUSE Security Update : plasma5-workspace (openSUSE-2018-147)

This update for plasma5-workspace fixes security issues and bugs. The following vulnerabilities were fixed : - CVE-2018-6790: Desktop notifications could have been used to load arbitrary remote images into Plasma, allowing for client IP discovery boo1079429 - CVE-2018-6791: A specially crafted fi...

CVE-2018-6791

An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. When a vfat thumbdrive that contains or $ in its volume label is plugged in and mounted through the device notifier, it's interpreted as a shell command, leading to a possibility of arbitrary...

OPENSUSE-SU-2018:0398-1 Security update for plasma5-workspace

This update for plasma5-workspace fixes security issues and bugs. The following vulnerabilities were fixed: - CVE-2018-6790: Desktop notifications could have been used to load arbitrary remote images into Plasma, allowing for client IP discovery boo1079429 - CVE-2018-6791: A specially crafted fil...

CVE-2018-6791

An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. When a vfat thumbdrive that contains or $ in its volume label is plugged in and mounted through the device notifier, it's interpreted as a shell command, leading to a possibility of arbitrary...

CVE-2018-6791

CVE-2018-6791 affects KDE Plasma Workspaces; the vulnerability exists in soliduiserver/deviceserviceaction.cpp and is triggered when a VFAT thumbdrive with volume labels like "$(touch b)" or labels containing `` or $() is mounted via the device notifier, causing arbitrary command execution. Upstr...