Overview

File _patchinfo of Package patchinfo.7768

<patchinfo incident="7768">
  <packager>Vogtinator</packager>
  <issue tracker="bnc" id="1013550">plasmashell freezing</issue>
  <issue tracker="cve" id="2018-6790"></issue>
  <issue tracker="cve" id="2018-6791"></issue>
  <issue tracker="bnc" id="1079751">VUL-0: CVE-2018-6791: plasma5-workspace: a specially crafted file system label may execute arbitrary code</issue>
  <issue tracker="bnc" id="1079429">VUL-0: CVE-2018-6790: plasma5-workspace: notifications may log arbitrary remote images into Plasma</issue>
  <category>security</category>
  <rating>important</rating>
  <summary>Security update for plasma5-workspace</summary>
  <description>This update for plasma5-workspace fixes security issues and bugs.

The following vulnerabilities were fixed:

- CVE-2018-6790: Desktop notifications could have been used to load arbitrary remote images into Plasma,
                 allowing for client IP discovery (boo#1079429)
- CVE-2018-6791: A specially crafted file system label may have allowed execution of arbitrary code (boo#1079751)

The following bugs were fixed:

- Plasma could freeze with certain notifications (boo#1013550)
</description>
  <relogin_needed/>
</patchinfo>
openSUSE Build Service is sponsored by
Places