-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4200-1 security@xxxxxxxxxx https://www.debian.org/security/ Moritz Muehlenhoff May 14, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : kwallet-pam CVE ID : CVE-2018-10380 Fabian Vogt discovered that incorrect permission handling in the PAM module of the KDE Wallet could allow an unprivileged local user to gain ownership of arbitrary files. For the stable distribution (stretch), this problem has been fixed in version 5.8.4-1+deb9u2. We recommend that you upgrade your kwallet-pam packages. For the detailed security status of kwallet-pam please refer to its security tracker page at: https://security-tracker.debian.org/tracker/kwallet-pam Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlr55XkACgkQEMKTtsN8 TjYueg/+IYNbIJ2dpV2ZezwiLLpP+oCRx7ETNcUskgntnrT69WELvUhhqgoKzbAU NEWJr8lqrZYWPw8oQ1JsOEP0ENI4W1wOL4nP3HEYlS+Er+5wlFXSm32A2qqeukKi QsBR3/QZ8O07iPJYSdlcvomOyONmgW30x/vRn/0RenAV4+pi0slSHp1Lvw3twZST KRZy20X6fMI3cf1nNA+z9H50RPV0lXOZfnszXRZ0rnpK8vdCrInKzMjEm/FXQORQ dsUIny2sntG6jJvsQkA222nCGxNlJEVxNxOiPW0Vc5LFSmtUV6HpE6MmEeZ89JlA T314bppsAQqZc3Bu+MMKR3leslbJtHU35XLQeCnG0EzaLzg1d3m5z9XDqmxuLpJw 4V0UXcEo4L+ReL16QZdjHbh1SEBD5yssGA2j73tN+RYn1lo6wrrfZejnQcULSFVz MR0+B3w69Z/E/yzmejRfV2+gqF7xDNjjrqVmrHvymtQe/MwC2gI8zF4BxYCMnWUa kAXUZC/WguKB1FbUwvAv6QXOJ2DgWc/82xJ/D7gevlxWZoWLqjdx8zGeneclsRhb 7ccBgZRsxrQfA5+uQ1nPchKkmZKXu9d3i/BFZfxd12/4mmz8lHiA8dLM4vh4tt2B dkuGU/8HyZCFcj94+YQtEM35+brfIec8rH2z61UigMZdp5d+P5I= =Z+7M -----END PGP SIGNATURE-----