Ubuntu Security Notice 6843-1 - Fabian Vogt discovered that Plasma Workspace incorrectly handled connections via ICE. A local attacker could possibly use this issue to gain access to another user's session manager and execute arbitrary code.
97661a7e43fcf7ecb7dc0ddf1916f2aea306704c896c12c2f769151b0bde431e
==========================================================================
Ubuntu Security Notice USN-6843-1
June 26, 2024
plasma-workspace vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
plasma-workspace would allow unintended access to the session manager.
Software Description:
- plasma-workspace: Plasma Workspace for KF5
Details:
Fabian Vogt discovered that Plasma Workspace incorrectly handled
connections via ICE. A local attacker could possibly use this issue to
gain access to another user's session manager and execute arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
plasma-workspace 4:5.27.11-0ubuntu4.1
Ubuntu 23.10
plasma-workspace 4:5.27.8-0ubuntu1.1
Ubuntu 22.04 LTS
plasma-workspace 4:5.24.7-0ubuntu0.2
Ubuntu 20.04 LTS
plasma-workspace 4:5.18.8-0ubuntu0.2
After a standard system update you need to reboot your computer to make all
the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6843-1
CVE-2024-36041
Package Information:
https://launchpad.net/ubuntu/+source/plasma-workspace/4:5.27.11-0ubuntu4.1
https://launchpad.net/ubuntu/+source/plasma-workspace/4:5.27.8-0ubuntu1.1
https://launchpad.net/ubuntu/+source/plasma-workspace/4:5.24.7-0ubuntu0.2
https://launchpad.net/ubuntu/+source/plasma-workspace/4:5.18.8-0ubuntu0.2