SUSE Package Hub - openSUSE-2018-147

Update Info

openSUSE-2018-147

Security update for plasma5-workspace

Type: security

Severity: important

Issued: 2018-02-08

Description:

This update for plasma5-workspace fixes security issues and bugs.

The following vulnerabilities were fixed:

- CVE-2018-6790: Desktop notifications could have been used to load arbitrary remote images into Plasma,
                 allowing for client IP discovery (boo#1079429)
- CVE-2018-6791: A specially crafted file system label may have allowed execution of arbitrary code (boo#1079751)

The following bugs were fixed:

- Plasma could freeze with certain notifications (boo#1013550)

References

CVE: CVE-2018-6791
CVE: CVE-2018-6790
Bugzilla: 1079751 VUL-0: CVE-2018-6791: plasma5-workspace: a specially crafted file system label may execute arbitrary code
Bugzilla: 1079429 VUL-0: CVE-2018-6790: plasma5-workspace: notifications may log arbitrary remote images into Plasma
Bugzilla: 1013550 plasmashell freezing

Packages

plasma5-workspace-5.8.7-8.1