Main Vulnerability Database SB2021031634

SB2021031634 - Fedora 34 update for bluedevil, breeze-gtk, grub2-breeze-theme, kactivitymanagerd, kde-cli-tools, kde-gtk-config, kdecoration, kdeplasma-addons, kgamma, khotkeys, kinfocenter, kmenuedit, kscreen, kscreenlocker, ksshaskpass, ksysguard, kwayland-integration

Published: March 16, 2021

Security Bulletin ID SB2021031634

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2021-28117)

The vulnerability allows a remote attacker to bypass security restrictions.

The vulnerability exists due to missing URI scheme validation. A remote attacker can pass specially crafted link to an SMB or NFS share and potentially bypass implemented security restrictions by tricking the Discover to follow such links.

Remediation

Install update from vendor's website.

References

https://bodhi.fedoraproject.org/updates/FEDORA-2021-85c9774673

Vulnerable Software

Fedora: 34
xdg-desktop-portal-kde: before 5.21.3-1.fc34
sddm-kcm: before 5.21.3-1.fc34
qqc2-breeze-style: before 5.21.3-1.fc34
powerdevil: before 5.21.3-1.fc34
polkit-kde: before 5.21.3-1.fc34
plymouth-theme-breeze: before 5.21.3-1.fc34
plymouth-kcm: before 5.21.3-1.fc34
plasma-workspace-wallpapers: before 5.21.3-1.fc34
plasma-workspace: before 5.21.3-1.fc34
plasma-vault: before 5.21.3-1.fc34
plasma-thunderbolt: before 5.21.3-1.fc34
plasma-systemsettings: before 5.21.3-1.fc34
plasma-systemmonitor: before 5.21.3-1.fc34
plasma-sdk: before 5.21.3-1.fc34
plasma-pa: before 5.21.3-1.fc34
plasma-oxygen: before 5.21.3-1.fc34
plasma-nm: before 5.21.3-1.fc34
plasma-milou: before 5.21.3-1.fc34
plasma-integration: before 5.21.3-1.fc34
plasma-firewall: before 5.21.3-1.fc34
plasma-drkonqi: before 5.21.3-1.fc34
plasma-disks: before 5.21.3-1.fc34
plasma-discover: before 5.21.3-1.fc34
plasma-desktop: before 5.21.3-1.fc34
plasma-browser-integration: before 5.21.3-1.fc34
plasma-breeze: before 5.21.3-1.fc34
pam-kwallet: before 5.21.3-1.fc34
libksysguard: before 5.21.3.1-1.fc34
libkscreen-qt5: before 5.21.3-1.fc34
kwrited: before 5.21.3-1.fc34
kwin: before 5.21.3-1.fc34
kwayland-server: before 5.21.3-1.fc34
kwayland-integration: before 5.21.3-1.fc34
ksysguard: before 5.21.3-1.fc34
ksshaskpass: before 5.21.3-1.fc34
kscreenlocker: before 5.21.3-1.fc34
kscreen: before 5.21.3-1.fc34
kmenuedit: before 5.21.3-1.fc34
kinfocenter: before 5.21.3-1.fc34
khotkeys: before 5.21.3-1.fc34
kgamma: before 5.21.3-1.fc34
kdeplasma-addons: before 5.21.3-1.fc34
kdecoration: before 5.21.3-1.fc34
kde-gtk-config: before 5.21.3-1.fc34
kde-cli-tools: before 5.21.3-1.fc34
kactivitymanagerd: before 5.21.3-1.fc34
grub2-breeze-theme: before 5.21.3-1.fc34
breeze-gtk: before 5.21.3-1.fc34
bluedevil: before 5.21.3-1.fc34

SB2021031634 - Fedora 34 update for bluedevil, breeze-gtk, grub2-breeze-theme, kactivitymanagerd, kde-cli-tools, kde-gtk-config, kdecoration, kdeplasma-addons, kgamma, khotkeys, kinfocenter, kmenuedit, kscreen, kscreenlocker, ksshaskpass, ksysguard, kwayland-integration

Breakdown by Severity

Description

Remediation

References

Please verify you're human