Security update for kauth, kdelibs4 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:1254-1 Final 1 1 2017-05-15T11:40:03Z current 2017-05-15T11:40:03Z 2017-05-15T11:40:03Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for kauth, kdelibs4 This update for kauth and kdelibs4 fixes the following issues: - CVE-2017-8422: logic flaw in the KAuth framework allowed privilege escalation (boo#1036244). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2017-575 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OXWF5MZST53JVOUBYO7BZCE4XWZDCW4W/#OXWF5MZST53JVOUBYO7BZCE4XWZDCW4W E-Mail link for openSUSE-SU-2017:1254-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1036244 SUSE Bug 1036244 https://www.suse.com/security/cve/CVE-2017-8422/ SUSE CVE CVE-2017-8422 page SUSE Package Hub 12 SP1 SUSE Package Hub 12 SP2 kauth-devel-5.26.0-6.1 kdelibs4-4.14.25-8.2 kdelibs4-apidocs-4.14.25-8.2 kdelibs4-branding-upstream-4.14.25-8.2 kdelibs4-core-4.14.25-8.2 kdelibs4-doc-4.14.25-8.2 libKF5Auth5-5.26.0-6.1 libKF5Auth5-lang-5.26.0-6.1 libkde4-4.14.25-8.2 libkde4-devel-4.14.25-8.2 libkdecore4-4.14.25-8.2 libkdecore4-devel-4.14.25-8.2 libksuseinstall-devel-4.14.25-8.2 libksuseinstall1-4.14.25-8.2 kauth-devel-5.26.0-6.1 as a component of SUSE Package Hub 12 SP1 kdelibs4-4.14.25-8.2 as a component of SUSE Package Hub 12 SP1 kdelibs4-apidocs-4.14.25-8.2 as a component of SUSE Package Hub 12 SP1 kdelibs4-branding-upstream-4.14.25-8.2 as a component of SUSE Package Hub 12 SP1 kdelibs4-core-4.14.25-8.2 as a component of SUSE Package Hub 12 SP1 kdelibs4-doc-4.14.25-8.2 as a component of SUSE Package Hub 12 SP1 libKF5Auth5-5.26.0-6.1 as a component of SUSE Package Hub 12 SP1 libKF5Auth5-lang-5.26.0-6.1 as a component of SUSE Package Hub 12 SP1 libkde4-4.14.25-8.2 as a component of SUSE Package Hub 12 SP1 libkde4-devel-4.14.25-8.2 as a component of SUSE Package Hub 12 SP1 libkdecore4-4.14.25-8.2 as a component of SUSE Package Hub 12 SP1 libkdecore4-devel-4.14.25-8.2 as a component of SUSE Package Hub 12 SP1 libksuseinstall-devel-4.14.25-8.2 as a component of SUSE Package Hub 12 SP1 libksuseinstall1-4.14.25-8.2 as a component of SUSE Package Hub 12 SP1 kauth-devel-5.26.0-6.1 as a component of SUSE Package Hub 12 SP2 kdelibs4-4.14.25-8.2 as a component of SUSE Package Hub 12 SP2 kdelibs4-apidocs-4.14.25-8.2 as a component of SUSE Package Hub 12 SP2 kdelibs4-branding-upstream-4.14.25-8.2 as a component of SUSE Package Hub 12 SP2 kdelibs4-core-4.14.25-8.2 as a component of SUSE Package Hub 12 SP2 kdelibs4-doc-4.14.25-8.2 as a component of SUSE Package Hub 12 SP2 libKF5Auth5-5.26.0-6.1 as a component of SUSE Package Hub 12 SP2 libKF5Auth5-lang-5.26.0-6.1 as a component of SUSE Package Hub 12 SP2 libkde4-4.14.25-8.2 as a component of SUSE Package Hub 12 SP2 libkde4-devel-4.14.25-8.2 as a component of SUSE Package Hub 12 SP2 libkdecore4-4.14.25-8.2 as a component of SUSE Package Hub 12 SP2 libkdecore4-devel-4.14.25-8.2 as a component of SUSE Package Hub 12 SP2 libksuseinstall-devel-4.14.25-8.2 as a component of SUSE Package Hub 12 SP2 libksuseinstall1-4.14.25-8.2 as a component of SUSE Package Hub 12 SP2 KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to gain root privileges by spoofing a callerID and leveraging a privileged helper app. CVE-2017-8422 SUSE Package Hub 12 SP1:kauth-devel-5.26.0-6.1 SUSE Package Hub 12 SP1:kdelibs4-4.14.25-8.2 SUSE Package Hub 12 SP1:kdelibs4-apidocs-4.14.25-8.2 SUSE Package Hub 12 SP1:kdelibs4-branding-upstream-4.14.25-8.2 SUSE Package Hub 12 SP1:kdelibs4-core-4.14.25-8.2 SUSE Package Hub 12 SP1:kdelibs4-doc-4.14.25-8.2 SUSE Package Hub 12 SP1:libKF5Auth5-5.26.0-6.1 SUSE Package Hub 12 SP1:libKF5Auth5-lang-5.26.0-6.1 SUSE Package Hub 12 SP1:libkde4-4.14.25-8.2 SUSE Package Hub 12 SP1:libkde4-devel-4.14.25-8.2 SUSE Package Hub 12 SP1:libkdecore4-4.14.25-8.2 SUSE Package Hub 12 SP1:libkdecore4-devel-4.14.25-8.2 SUSE Package Hub 12 SP1:libksuseinstall-devel-4.14.25-8.2 SUSE Package Hub 12 SP1:libksuseinstall1-4.14.25-8.2 SUSE Package Hub 12 SP2:kauth-devel-5.26.0-6.1 SUSE Package Hub 12 SP2:kdelibs4-4.14.25-8.2 SUSE Package Hub 12 SP2:kdelibs4-apidocs-4.14.25-8.2 SUSE Package Hub 12 SP2:kdelibs4-branding-upstream-4.14.25-8.2 SUSE Package Hub 12 SP2:kdelibs4-core-4.14.25-8.2 SUSE Package Hub 12 SP2:kdelibs4-doc-4.14.25-8.2 SUSE Package Hub 12 SP2:libKF5Auth5-5.26.0-6.1 SUSE Package Hub 12 SP2:libKF5Auth5-lang-5.26.0-6.1 SUSE Package Hub 12 SP2:libkde4-4.14.25-8.2 SUSE Package Hub 12 SP2:libkde4-devel-4.14.25-8.2 SUSE Package Hub 12 SP2:libkdecore4-4.14.25-8.2 SUSE Package Hub 12 SP2:libkdecore4-devel-4.14.25-8.2 SUSE Package Hub 12 SP2:libksuseinstall-devel-4.14.25-8.2 SUSE Package Hub 12 SP2:libksuseinstall1-4.14.25-8.2 important 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OXWF5MZST53JVOUBYO7BZCE4XWZDCW4W/#OXWF5MZST53JVOUBYO7BZCE4XWZDCW4W https://www.suse.com/security/cve/CVE-2017-8422.html CVE-2017-8422 https://bugzilla.suse.com/1033300 SUSE Bug 1033300 https://bugzilla.suse.com/1036244 SUSE Bug 1036244 https://bugzilla.suse.com/1041511 SUSE Bug 1041511 https://bugzilla.suse.com/749065 SUSE Bug 749065 https://bugzilla.suse.com/869959 SUSE Bug 869959