An update for plasma-workspace is now available for openEuler-24.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-1937 Final 1.0 1.0 2024-08-02 Initial 2024-08-02 2024-08-02 openEuler SA Tool V1.0 2024-08-02 plasma-workspace security update An update for plasma-workspace is now available for openEuler-24.03-LTS. Plasma 5 libraries and runtime components Security Fix(es): KSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This allows another user on the same machine to gain access to the session manager, e.g., use the session-restore feature to execute arbitrary code as the victim (on the next boot) via earlier use of the /tmp directory.(CVE-2024-36041) An update for plasma-workspace is now available for openEuler-24.03-LTS. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High plasma-workspace https://www.openeuler.org/en/security/security-bulletins/detail?id=openEuler-SA-2024-1937 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-36041 https://nvd.nist.gov/vuln/detail/CVE-2024-36041 openEuler-24.03-LTS plasma-workspace-geolocation-libs-5.27.10-2.oe2403.aarch64.rpm plasma-workspace-debuginfo-5.27.10-2.oe2403.aarch64.rpm libkworkspace5-5.27.10-2.oe2403.aarch64.rpm plasma-workspace-common-5.27.10-2.oe2403.aarch64.rpm plasma-workspace-wayland-5.27.10-2.oe2403.aarch64.rpm plasma-workspace-libs-5.27.10-2.oe2403.aarch64.rpm plasma-workspace-geolocation-5.27.10-2.oe2403.aarch64.rpm plasma-workspace-debugsource-5.27.10-2.oe2403.aarch64.rpm plasma-workspace-5.27.10-2.oe2403.aarch64.rpm plasma-workspace-devel-5.27.10-2.oe2403.aarch64.rpm plasma-workspace-x11-5.27.10-2.oe2403.aarch64.rpm plasma-workspace-doc-5.27.10-2.oe2403.noarch.rpm plasma-workspace-5.27.10-2.oe2403.src.rpm plasma-workspace-5.27.10-2.oe2403.x86_64.rpm plasma-workspace-wayland-5.27.10-2.oe2403.x86_64.rpm plasma-workspace-libs-5.27.10-2.oe2403.x86_64.rpm plasma-workspace-geolocation-libs-5.27.10-2.oe2403.x86_64.rpm plasma-workspace-geolocation-5.27.10-2.oe2403.x86_64.rpm plasma-workspace-debuginfo-5.27.10-2.oe2403.x86_64.rpm plasma-workspace-common-5.27.10-2.oe2403.x86_64.rpm plasma-workspace-debugsource-5.27.10-2.oe2403.x86_64.rpm plasma-workspace-x11-5.27.10-2.oe2403.x86_64.rpm plasma-workspace-devel-5.27.10-2.oe2403.x86_64.rpm libkworkspace5-5.27.10-2.oe2403.x86_64.rpm KSmserver in KDE Plasma Workspace (aka plasma-workspace) before 5.27.11.1 and 6.x before 6.0.5.1 allows connections via ICE based purely on the host, i.e., all local connections are accepted. This allows another user on the same machine to gain access to the session manager, e.g., use the session-restore feature to execute arbitrary code as the victim (on the next boot) via earlier use of the /tmp directory. 2024-08-02 CVE-2024-36041 openEuler-24.03-LTS High 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H plasma-workspace security update 2024-08-02 https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1937