|
|
Subscribe / Log in / New account

Ubuntu alert USN-6843-1 (plasma-workspace)



From:
              Marc Deslauriers <marc.deslauriers@canonical.com>


To:
              "ubuntu-security-announce@lists.ubuntu.com" <ubuntu-security-announce@lists.ubuntu.com>


Subject:
              [USN-6843-1] Plasma Workspace vulnerability


Date:
              Wed, 26 Jun 2024 11:14:49 -0400


Message-ID:
              <963edfab-3e7c-4a52-996e-41c994ff6ce2@canonical.com>


==========================================================================
Ubuntu Security Notice USN-6843-1
June 26, 2024

plasma-workspace vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

plasma-workspace would allow unintended access to the session manager.

Software Description:
- plasma-workspace: Plasma Workspace for KF5

Details:

Fabian Vogt discovered that Plasma Workspace incorrectly handled
connections via ICE. A local attacker could possibly use this issue to
gain access to another user's session manager and execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
   plasma-workspace                4:5.27.11-0ubuntu4.1

Ubuntu 23.10
   plasma-workspace                4:5.27.8-0ubuntu1.1

Ubuntu 22.04 LTS
   plasma-workspace                4:5.24.7-0ubuntu0.2

Ubuntu 20.04 LTS
   plasma-workspace                4:5.18.8-0ubuntu0.2

After a standard system update you need to reboot your computer to make all
the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-6843-1
   CVE-2024-36041

Package Information:
   https://launchpad.net/ubuntu/+source/plasma-workspace/4:5...
   https://launchpad.net/ubuntu/+source/plasma-workspace/4:5...
   https://launchpad.net/ubuntu/+source/plasma-workspace/4:5...
   https://launchpad.net/ubuntu/+source/plasma-workspace/4:5...





Attachment: OpenPGP_signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmZ8MGoACgkQZWnYVadE
vpN3Jg//amSVyTv5nLK8xRqRfmCa581aPDo68HkvLAg+dLRw/guLZfgoV4SyWmJ4
uNSibVSbEdXj5PTPsPK48YFTkZJrloQZvQiLqX1Y3foeoceDOsQpBKbVQ7ANs+df
dTmkaMIiOR41ZqxMYxU866hmVg5lCJL95Cwjy+qm9rCiCw7kzfsaNdSiuAQrpxR1
3CoTqdS7/k43kOPrGiZbMUqfZR03bTSz/3nrh+rJy6JpHFjOzWY2SUD919zVTeVr
gp/zovrR5TY4fBbVsUWfrwqHLoFJ0pmhckFHnDqv5OXZKNAFHbW8LpSd2VaNTRCV
G+bqGOZz1ug2qxTIOgge0Kl4W1g5bIQBOP/EQI35i4M76VR3Y5G+Lr8EYHs0ffsh
cAef0rMqucClsUCtLUuU+oanxuqS1jmhTeEdlTqK607+fFsJhvOQ721CyH5+lDc0
rSNfs0XhHBqFndbljKGafZZ+X+IAyPlRsJV7rRg7L9sdJuW74FQ/wByCISyHo0Tq
TSYn5OacZm20TwqQDK7rrvKTcFkV1iah0CB+YMpowMJzKJppTzZQOqgLJSwOCcVl
SNln3eapDMBPExTmbbHhOCMVYg+8KnR8kpB8InRQiN0Np/uxgBUTxhm2VHWs3o2K
aWL1b6eWqIUXWLwDi8hEbCGI++79pn2z9gHcq9C+17HkOTLZckQ=
=dwWM
-----END PGP SIGNATURE-----




Attachment: None (type=text/plain)
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds