SUSE: CVE-2019-7443: SUSE Linux Security Advisory
Description
KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In other words, KAuth unintentionally causes this plugin code to run as root, which increases the severity of any possible exploitation of a plugin vulnerability.
Solution(s)
- suse-upgrade-extra-cmake-modules
- suse-upgrade-kauth-devel
- suse-upgrade-kauth-devel-32bit
- suse-upgrade-kauth-devel-64bit
- suse-upgrade-kcoreaddons
- suse-upgrade-kcoreaddons-devel
- suse-upgrade-kcoreaddons-devel-64bit
- suse-upgrade-kcoreaddons-lang
- suse-upgrade-libkf5auth5
- suse-upgrade-libkf5auth5-32bit
- suse-upgrade-libkf5auth5-64bit
- suse-upgrade-libkf5auth5-lang
- suse-upgrade-libkf5coreaddons5
- suse-upgrade-libkf5coreaddons5-64bit
- suse-upgrade-libpolkit-qt5-1-1
- suse-upgrade-libpolkit-qt5-1-1-64bit
- suse-upgrade-libpolkit-qt5-1-devel
- suse-upgrade-libpolkit-qt5-1-devel-64bit
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center