{"id":"MGASA-2017-0274","summary":"Updated kauth and kdelibs4 packages fix security vulnerability","details":"Sebastian Krahmer from SUSE discovered that the KAuth framework contains a\nlogic flaw in which the service invoking dbus is not properly checked. This\nflaw allows spoofing the identity of the caller and gaining root privileges\nfrom an unprivileged account (CVE-2017-8422).\n","modified":"2026-02-04T03:21:17.468591Z","published":"2017-08-16T22:32:05Z","related":["CVE-2017-8422"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0274.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=20843"},{"type":"REPORT","url":"https://www.kde.org/info/security/advisory-20170510-1.txt"},{"type":"REPORT","url":"https://www.debian.org/security/2017/dsa-3849"}],"affected":[{"package":{"name":"kauth","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/kauth?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.5.0-1.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0274.json"}},{"package":{"name":"kdelibs4","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/kdelibs4?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.14.30-1.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0274.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}