CVE-2020-26164 - log back

CVE-2020-26164 edited at 14 Oct 2020 15:37:09
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Arbitrary code execution
Description
+ Several issues have been found in kdeconnect <= 20.08.1 where a remote, unauthenticated attacker on the local network can access sensitive information, crash the daemon or possibly execute arbitrary code via a use-after-free.
References
+ https://www.openwall.com/lists/oss-security/2020/10/13/4
+ https://kde.org/info/security/advisory-20201002-1.txt
Notes
+ Workaround
+ ==========
+
+ We advise you to stop KDE Connect when on untrusted networks like those on airports or conferences.
+
+ Since kdeconnect is dbus activated it is relatively hard to make sure it stays stopped so the brute
+ force approach is to uninstall the kdeconnect package from your system and then run
+ kquitapp5 kdeconnectd
+ Just install the package again once you're back in a trusted network.
CVE-2020-26164 created at 14 Oct 2020 15:33:10