Upstream information
CVE-2019-7443 at MITRE
Description
KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability.
SUSE information
Overall state of this security issue: Does not affect SUSE products
CVSS v2 Scores
| National Vulnerability Database |
Base Score | 9.3 |
Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Access Vector | Network |
Access Complexity | Medium |
Authentication | None |
Confidentiality Impact | Complete |
Integrity Impact | Complete |
Availability Impact | Complete |
CVSS v3 Scores
| National Vulnerability Database |
Base Score | 8.1 |
Vector | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Attack Vector | Network |
Attack Complexity | High |
Privileges Required | None |
User Interaction | None |
Scope | Unchanged |
Confidentiality Impact | High |
Integrity Impact | High |
Availability Impact | High |
CVSSv3 Version | 3 |
SUSE Bugzilla entries:
1124863 [REOPENED],
1170293 [RESOLVED / FIXED]
SUSE Security Advisories:
List of released packages
Product(s) | Fixed package version(s) | References |
SUSE Package Hub 12 SP1 | kauth-devel >= 5.20.0-11.2
kauth-devel-32bit >= 5.45.0-lp150.5.2
kcoreaddons >= 5.20.0-9.2
kcoreaddons-devel >= 5.20.0-9.2
kcoreaddons-lang >= 5.20.0-9.1
libKF5Auth5 >= 5.20.0-11.2
libKF5Auth5-32bit >= 5.45.0-lp150.5.2
libKF5Auth5-lang >= 5.20.0-11.2
libKF5CoreAddons5 >= 5.20.0-9.2
libpolkit-qt5-1-1 >= 0.112.0-6.2
libpolkit-qt5-1-devel >= 0.112.0-6.2
| Patchnames: openSUSE-2019-242 |
SUSE Package Hub 12 SP2 | kauth-devel >= 5.26.0-10.2
kauth-devel-32bit >= 5.45.0-lp150.5.2
kauth-devel-64bit >= 5.26.0-10.2
kcoreaddons >= 5.26.0-6.4
kcoreaddons-devel >= 5.26.0-6.4
kcoreaddons-devel-64bit >= 5.26.0-6.4
kcoreaddons-lang >= 5.26.0-6.4
libKF5Auth5 >= 5.26.0-10.2
libKF5Auth5-32bit >= 5.45.0-lp150.5.2
libKF5Auth5-64bit >= 5.26.0-10.2
libKF5Auth5-lang >= 5.26.0-10.2
libKF5CoreAddons5 >= 5.26.0-6.4
libKF5CoreAddons5-64bit >= 5.26.0-6.4
libpolkit-qt5-1-1 >= 0.112.0-3.4
libpolkit-qt5-1-1-64bit >= 0.112.0-3.6
libpolkit-qt5-1-devel >= 0.112.0-3.4
libpolkit-qt5-1-devel-64bit >= 0.112.0-3.6
| Patchnames: openSUSE-2019-242 |
SUSE Package Hub 12 SP3 | extra-cmake-modules >= 5.32.0-7.2
kauth-devel >= 5.32.0-6.2
kauth-devel-32bit >= 5.45.0-lp150.5.2
kauth-devel-64bit >= 5.32.0-6.2
kcoreaddons >= 5.32.0-8.2
kcoreaddons-devel >= 5.32.0-8.2
kcoreaddons-devel-64bit >= 5.32.0-8.2
kcoreaddons-lang >= 5.32.0-8.2
libKF5Auth5 >= 5.32.0-6.2
libKF5Auth5-32bit >= 5.45.0-lp150.5.2
libKF5Auth5-64bit >= 5.32.0-6.2
libKF5Auth5-lang >= 5.32.0-6.2
libKF5CoreAddons5 >= 5.32.0-8.2
libKF5CoreAddons5-64bit >= 5.32.0-8.2
libpolkit-qt5-1-1 >= 0.112.0-5.2
libpolkit-qt5-1-1-64bit >= 0.112.0-5.2
libpolkit-qt5-1-devel >= 0.112.0-5.2
libpolkit-qt5-1-devel-64bit >= 0.112.0-5.2
| Patchnames: openSUSE-2019-242 |
SUSE Package Hub 15 | extra-cmake-modules >= 5.32.0-7.2
kauth-devel >= 5.45.0-bp150.8.2
kauth-devel-32bit >= 5.45.0-lp150.5.2
kauth-devel-64bit >= 5.45.0-bp150.8.2
kcoreaddons >= 5.45.0-bp150.3.6.2
kcoreaddons-devel >= 5.45.0-bp150.3.6.2
kcoreaddons-devel-64bit >= 5.45.0-bp150.3.6.2
kcoreaddons-lang >= 5.45.0-bp150.3.6.2
libKF5Auth5 >= 5.45.0-bp150.8.2
libKF5Auth5-32bit >= 5.45.0-lp150.5.2
libKF5Auth5-64bit >= 5.45.0-bp150.8.2
libKF5Auth5-lang >= 5.45.0-bp150.8.2
libKF5CoreAddons5 >= 5.45.0-bp150.3.6.2
libKF5CoreAddons5-64bit >= 5.45.0-bp150.3.6.2
libpolkit-qt5-1-1 >= 0.112.0-5.2
libpolkit-qt5-1-1-64bit >= 0.112.0-5.2
libpolkit-qt5-1-devel >= 0.112.0-5.2
libpolkit-qt5-1-devel-64bit >= 0.112.0-5.2
| Patchnames: openSUSE-2019-1051 openSUSE-2019-1277 openSUSE-2019-242 openSUSE-2019-247 |
openSUSE Leap 15.0 | kauth-devel >= 5.45.0-lp150.5.2
kauth-devel-32bit >= 5.45.0-lp150.5.2
libKF5Auth5 >= 5.45.0-lp150.5.2
libKF5Auth5-32bit >= 5.45.0-lp150.5.2
libKF5Auth5-lang >= 5.45.0-lp150.5.2
| Patchnames: openSUSE-2019-242 |
openSUSE Leap 15.2 | libKF5Auth5 >= 5.71.0-lp152.1.1
libKF5Auth5-lang >= 5.71.0-lp152.1.1
libKF5AuthCore5 >= 5.71.0-lp152.1.1
| Patchnames: openSUSE Leap 15.2 GA libKF5Auth5-5.71.0-lp152.1.1 |
openSUSE Leap 15.3 | libKF5Auth5 >= 5.76.0-bp153.1.16
libKF5Auth5-lang >= 5.76.0-bp153.1.16
libKF5AuthCore5 >= 5.76.0-bp153.1.16
| Patchnames: openSUSE Leap 15.3 GA libKF5Auth5-5.76.0-bp153.1.16 |
openSUSE Leap 15.4 | libKF5Auth5 >= 5.90.0-150400.1.4
libKF5Auth5-lang >= 5.90.0-150400.1.4
libKF5AuthCore5 >= 5.90.0-150400.1.4
| Patchnames: openSUSE Leap 15.4 GA libKF5Auth5-5.90.0-150400.1.4 |
openSUSE Tumbleweed | kauth-devel >= 5.86.0-1.2
libKF5Auth5 >= 5.86.0-1.2
libKF5Auth5-lang >= 5.86.0-1.2
libKF5AuthCore5 >= 5.86.0-1.2
| Patchnames: openSUSE Tumbleweed GA kauth-devel-5.86.0-1.2 |
SUSE Timeline for this CVE
CVE page created: Fri Oct 7 12:49:48 2022
CVE page last modified: Wed Apr 17 17:11:37 2024