Debian Security Advisory 5723-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

---

Debian Security Advisory DSA-5723-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
June 27, 2024 https://www.debian.org/security/faq

---

Package : plasma-workspace
CVE ID : CVE-2024-36041

Fabian Vogt discovered that the KDE session management server
insufficiently restricted ICE connections from localhost, which could
allow a local attacker to execute arbitrary code as another user on
next boot.

For the oldstable distribution (bullseye), this problem has been fixed
in version 4:5.20.5-6+deb11u1.

For the stable distribution (bookworm), this problem has been fixed in
version 4:5.27.5-2+deb12u2.

We recommend that you upgrade your plasma-workspace packages.

For the detailed security status of plasma-workspace please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/plasma-workspace

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZ9r5gACgkQEMKTtsN8
TjZUrRAAped6yEardsWDFEJgGZPtJzGItPSo1cS4u5J+DxNSOs5F0YWYpfgYk9Vq
Ud92pF/ORYH4IVVUjKKDye6hVPufY1mu0Bibgl5OyZxgkrXLnnTRg69PAwqT1IZi
3L4ge8g+6zG3Y4j+e4kVOcgStvLnKXz8URQVCYvQB+VJWWfIJXl0YDJnHlX7hYhn
Th2X1aUIryZs0reokkrofRIkcuPWZqth1Dgy1xmGBC2voCfrJ5g3Qu05nVFvnBFe
QMV737XZxShKMbiV7oE7BXAZ3DuYU4OOXm14SvqTTwdNe/7zhhyz4GCmlIJHQu1u
rTMPVODckBBAhc3dBjEPpAV5LJpEmoIoINsfp/ulArZkXifTl7sIBLcgodNsTPrE
W6q5MU7u51XUDd4yYaa2PVT2U3xpPHaj4C5opbp7EwvoCN0Gj6m7BRhSWKl74joO
QkWjRBxHcmv0zJPH0ttekpyjcwxPmGSSshVEbPYeG6Sw0Zwn9r6fT5749DP+iESf
7gDJhIxyxVG9o/p5sJOuGo9G43reGleQMigWwhfVt74Ing05o4sSIcqJkkmPNoIT
MhkKHXRmKtDQOMsT74T/NX7zUGGZBpsmtZZq4Ze0zEvnVfMnxJc+n0WXIRLW+gid
YFFHRXUY4T1vkcJKSLZpI3Kdp5xzMRPAVAn1sGrmnqkwZfcrWiA=
=hKop
-----END PGP SIGNATURE-----