CVE-2020-26164 - log back

CVE-2020-26164 edited at 14 Oct 2020 15:37:09
- Unknown
+ High
- Unknown
+ Remote
- Unknown
+ Arbitrary code execution
+ Several issues have been found in kdeconnect <= 20.08.1 where a remote, unauthenticated attacker on the local network can access sensitive information, crash the daemon or possibly execute arbitrary code via a use-after-free.
+ Workaround
+ ==========
+ We advise you to stop KDE Connect when on untrusted networks like those on airports or conferences.
+ Since kdeconnect is dbus activated it is relatively hard to make sure it stays stopped so the brute
+ force approach is to uninstall the kdeconnect package from your system and then run
+ kquitapp5 kdeconnectd
+ Just install the package again once you're back in a trusted network.
CVE-2020-26164 created at 14 Oct 2020 15:33:10