CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
New plasma-workspace packages are available for Slackware 15.0 to fix
a security issue.
Here are the details from the Slackware 15.0 ChangeLog:
patches/packages/plasma-workspace-5.23.5-i586-4_slack15.0.txz: Rebuilt.
This update patches a security issue:
ksmserver: Unauthorized users can access session manager.
Thanks to pbslxw for the heads-up.
For more information, see:
https://kde.org/info/security/advisory-20240531-1.txt
https://vulners.com/cve/CVE-2024-36041
(* Security fix *)
Where to find the new packages:
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/plasma-workspace-5.23.5-i586-4_slack15.0.txz
Updated package for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/plasma-workspace-5.23.5-x86_64-4_slack15.0.txz
MD5 signatures:
Slackware 15.0 package:
75db0fae92f3534d307a0c3493485b42 plasma-workspace-5.23.5-i586-4_slack15.0.txz
Slackware x86_64 15.0 package:
33c25145a5e9c3f68784688f1a823cda plasma-workspace-5.23.5-x86_64-4_slack15.0.txz
Installation instructions:
Upgrade the package as root:
> upgradepkg plasma-workspace-5.23.5-i586-4_slack15.0.txz
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Slackware | 15.0 | i586 | plasma-workspace | < 5.23.5 | plasma-workspace-5.23.5-i586-4_slack15.0.txz |
Slackware | 15.0 | x86_64 | plasma-workspace | < 5.23.5 | plasma-workspace-5.23.5-x86_64-4_slack15.0.txz |