KDE has issued an advsiory today (February 9): https://www.kde.org/info/security/advisory-20190209-1.txt The issue is fixed upstream in 5.55 and in the commit linked from the advisory. Mageia 6 is also affected.
Whiteboard: (none) => MGA6TOO
src.rpm: kauth-5.42.0-1.1.mga6 rpms: kauth-5.42.0-1.1.mga6 lib{64}kf5auth5-5.42.0-1.1.mga6 lib{64}kf5auth-devel-5.42.0-1.1.mga6 kauth-debuginfo-5.42.0-1.1.mga6 Advisory: KAuth allows to pass parameters with arbitrary types to helpers running as root over DBus. Certain types can cause crashes and trigger decoding arbitrary images with dynamically loaded plugins.
CC: (none) => mageia
Assignee: kde => qa-bugs
Version: Cauldron => 6Whiteboard: MGA6TOO => (none)CC: (none) => tmb
MGA6-32 MATE on IBM Thinkpad R50e No installation issues Found bug 20843 as previous update, but "Tested a wide variety of applications." is not really much info. # urpmq --whatrequires kauth kauth kwallet kwallet kwallet So I installed kwallet and kwalletmanager5, but running this GUI with strace nor $ strace -o kauth.txt kwallet-query -lv kauthtest timer event standby opening wallet "kauthtest" org.kde.kwindowsystem: Could not find any platform plugin testkauth (this is an item I created in the wallet) created any usage of kauth apart from references to the messages. Giving up, I don't want to run a full Plasma install on this old slow laptop.
CC: (none) => herman.viaene
It's used by any kde program that requires root authority to run. Tested by selecting Tools/System Tools/KDE Partition Manager. Advisory committed to svn. Validating the update.
Keywords: (none) => advisory, validated_updateWhiteboard: (none) => MGA6-64-OKCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0083.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED