{"id":"MGASA-2024-0214","summary":"Updated plasma-workspace packages fix security vulnerability","details":"KSmserver, KDE's XSMP manager, incorrectly allows connections via ICE\nbased purely on the host, allowing all local connections. This allows\nanother user on the same machine to gain access to the session\nmanager.\nA well crafted client could use the session restore feature to execute\narbitrary code as the user on the next boot.\n","modified":"2026-04-16T04:42:38.684496983Z","published":"2024-06-07T17:31:41Z","upstream":["CVE-2024-36041"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2024-0214.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=33272"},{"type":"ADVISORY","url":"https://kde.org/info/security/advisory-20240531-1.txt"}],"affected":[{"package":{"name":"plasma-workspace","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/plasma-workspace?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.27.10-1.1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2024-0214.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}