CVE-2017-8422 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	No
Type	Privilege escalation
Description	KAuth <= 5.33.0 contains a logic flaw in which the service invoking dbus is not properly checked. This allows spoofing the identity of the caller and with some carefully crafted calls can lead to gaining root from an unprivileged account.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-270	kdelibs	4.14.31-1	4.14.32-1	High	Fixed
AVG-269	kauth	5.33.0-1	5.33.0-2	High	Fixed

Date	Advisory	Group	Package	Severity	Type
10 May 2017	ASA-201705-13	AVG-270	kdelibs	High	privilege escalation
10 May 2017	ASA-201705-12	AVG-269	kauth	High	privilege escalation

References
https://www.kde.org/info/security/advisory-20170510-1.txt http://seclists.org/oss-sec/2017/q2/240 https://commits.kde.org/kauth/df875f725293af53399f5146362eb158b4f9216a https://commits.kde.org/kdelibs/264e97625abe2e0334f97de17f6ffb52582888ab

References

https://www.kde.org/info/security/advisory-20170510-1.txt
http://seclists.org/oss-sec/2017/q2/240
https://commits.kde.org/kauth/df875f725293af53399f5146362eb158b4f9216a
https://commits.kde.org/kdelibs/264e97625abe2e0334f97de17f6ffb52582888ab