1
PublicDateAtUSN: 2014-07-23
2
Candidate: CVE-2014-5033
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5033
6
https://usn.ubuntu.com/usn/usn-2304-1
8
KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus
9
for communication with a polkit authority, which allows local users to
10
bypass intended access restrictions by leveraging a PolkitUnixProcess
11
PolkitSubject race condition via a (1) setuid process or (2) pkexec
12
process, related to CVE-2013-4288 and "PID reuse race conditions."
16
https://bugzilla.novell.com/show_bug.cgi?id=864716
17
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755814
18
https://bugs.launchpad.net/ubuntu/+source/kde4libs/+bug/1350019
24
upstream: http://quickgit.kde.org/?p=kdelibs.git&a=commit&h=e4e7b53b71e2659adaf52691d4accc3594203b23
25
upstream_kde4libs: needed
26
lucid_kde4libs: ignored (reached end-of-life)
27
precise_kde4libs: released (4:4.8.5-0ubuntu0.4)
28
trusty_kde4libs: released (4:4.13.2a-0ubuntu0.3)
29
devel_kde4libs: not-affected (4:4.13.95-0ubuntu3)