KDE Plasma Workspaces: Multiple vulnerabilities

KDE Plasma Workspaces: Multiple vulnerabilities Multiple vulnerabilities have been found in KDE Plasma Workspaces, the worst of which allows local attackers to execute arbitrary commands. plasma-workspace 2018-03-19 2018-03-19 647106 local, remote 5.11.5-r1 5.11.5-r1

KDE Plasma workspace is a widget based desktop environment designed to be fast and efficient.

Multiple vulnerabilities have been discovered in KDE Plasma Workspaces. Please review the referenced CVE identifiers for details.

An attacker could execute arbitrary commands via specially crafted thumb drive’s volume labels or obtain sensitive information via specially crafted notifications.

Users should mount removable devices with Dolphin instead of the device notifier.

Users should disable notifications.

All KDE Plasma Workspace users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose
      ">=kde-plasma/plasma-workspace-5.11.5-r1"

CVE-2018-6790 CVE-2018-6791 chrisadr chrisadr