Upstream information

CVE-2018-10380 at MITRE

Description

kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ownership of arbitrary files via a symlink attack.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 7.2
Vector AV:L/AC:L/Au:N/C:C/I:C/A:C
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
SUSE Bugzilla entry: 1090863 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE Leap 42.3
  • pam_kwallet >= 5.7.1-4.3.1
  • pam_kwallet-debuginfo >= 5.7.1-4.3.1
  • pam_kwallet-debugsource >= 5.7.1-4.3.1
Patchnames:
openSUSE-2018-423