Bug 22949

Summary: ktexteditor new symlink attack security issue (CVE-2018-10361)
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: KDE maintainers <kde>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: mhrambo3501
Version: 6   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: ktexteditor-5.42.0-1.mga6.src.rpm CVE:
Status comment:

Description David Walser 2018-04-25 04:34:20 CEST 
A security issue in ktexteditor has been announced today (April 24):
http://openwall.com/lists/oss-security/2018/04/24/1

A patch for the issue is attached to the message above.

Mageia 6 wasn't vulnerable originally, but the version we're updating to is.

However, the report doesn't mention whether the protected_symlinks feature in the kernel mitigates the issue; if so, we're not vulnerable.
Comment 1 David Walser 2018-04-25 14:06:02 CEST 
CVE assignment:
http://openwall.com/lists/oss-security/2018/04/25/2

Summary: ktexteditor new symlink attack security issue => ktexteditor new symlink attack security issue (CVE-2018-10361)

Comment 2 Mike Rambo 2019-11-06 13:24:39 CET 
Mageia 6 is EOL.

Status: NEW => RESOLVED
Resolution: (none) => OLD
CC: (none) => mrambo