We don't ship "kdesu" bu default. We only ship "kdesudo", which currently is at Qt: 4.8.7; KDE Development Platform: 4.14.22; KdeSudo: 3.4.2.3 in Yakety.
AFAIK "kdesu" != "kdesudo". Ovidiu - Florin BOGDAN GeekAliens.com Kubuntu România 2016-09-30 7:31 GMT+03:00 Simon Quigley <[email protected]>: > Hello everyone, > > In case you don't know me, my name is Simon, and I'm a Kubuntu Ninja. > > About 5 hours ago, someone pasted a link to the CVE report for > CVE-2016-7787 on the KDE website[1]. Here is the vulnerability: > > Overview > ======== > > A maliciously crafted command line for kdesu can result in the user > only seeing part of the commands that will actually get executed as > super user. > > Impact > ====== > > Users can unwillingly run commands as root. > > Workaround > ========== > > Users should be careful when running kdesu with a command line they have > not written themselves. > > Solution > ======== > > kde-cli-tools 5.7.5, released as part of KDE Plasma does not allow the > execution of commands with such characters. > > Alternatively, commit 5eda179a099ba68a20dc21dc0da63e85a565a171 in > kde-cli-tools.git > can be applied to previous releases. > > Thanks to Fabian Vogt for reporting this issue. > Thanks to Martin Sandsmark for fixing this issue. > > Since, I've filed a bug[2] and worked with a member of the Ubuntu > Security team to get the bug fixed and the aforementioned commit backported. > > This security vulnerability has been fixed in Xenial (and is in > xenial-security now) and the Backports PPA (only for Xenial as Wily is > not supported any more). We're waiting on kde-cli-tools to migrate from > proposed in Yakkety, and that will happen within the next few days. > > You should update your computer as soon as possible to get this patch. > > Let me know if you have any questions. > > [1] https://www.kde.org/info/security/advisory-20160930-1.txt > [2] https://pad.lv/1629145 > > -- > Simon Quigley > [email protected] > tsimonq2 on freenode and OFTC > 5C7A BEA2 0F86 3045 9CC8 > C8B5 E27F 2CF8 458C 2FA4 > > -- > kubuntu-devel mailing list > [email protected] > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/kubuntu-devel -- kubuntu-devel mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-devel
