Security update for plasma5-workspace
This update for plasma5-workspace fixes security issues and bugs.
The following vulnerabilities were fixed:
- CVE-2018-6790: Desktop notifications could have been used to load arbitrary remote images into Plasma,
allowing for client IP discovery (boo#1079429)
- CVE-2018-6791: A specially crafted file system label may have allowed execution of arbitrary code (boo#1079751)
The following bugs were fixed:
- Plasma could freeze with certain notifications (boo#1013550)
-
Submitted by
Fabian Vogt (Vogtinator)
- Relogin is suggested
Fixed bugs
bnc#1013550
plasmashell freezing
bnc#1079751
VUL-0: CVE-2018-6791: plasma5-workspace: a specially crafted file system label may execute arbitrary code
bnc#1079429
VUL-0: CVE-2018-6790: plasma5-workspace: notifications may log arbitrary remote images into Plasma
