Ubuntu
kwallet-pam package

Activity log for bug #1768649

Date	Who	What changed	Old value	New value	Message
2018-05-02 20:13:25	Simon Quigley	bug			added bug
2018-05-02 20:13:41	Simon Quigley	nominated for series		Ubuntu Trusty
2018-05-02 20:13:41	Simon Quigley	bug task added		kwallet-pam (Ubuntu Trusty)
2018-05-02 20:13:41	Simon Quigley	nominated for series		Ubuntu Artful
2018-05-02 20:13:41	Simon Quigley	bug task added		kwallet-pam (Ubuntu Artful)
2018-05-02 20:13:41	Simon Quigley	nominated for series		Ubuntu Xenial
2018-05-02 20:13:41	Simon Quigley	bug task added		kwallet-pam (Ubuntu Xenial)
2018-05-02 20:13:41	Simon Quigley	nominated for series		Ubuntu Cosmic
2018-05-02 20:13:41	Simon Quigley	bug task added		kwallet-pam (Ubuntu Cosmic)
2018-05-02 20:13:41	Simon Quigley	nominated for series		Ubuntu Bionic
2018-05-02 20:13:41	Simon Quigley	bug task added		kwallet-pam (Ubuntu Bionic)
2018-05-02 20:14:43	Simon Quigley	bug			added subscriber Rik Mills
2018-05-02 20:15:45	Simon Quigley	bug			added subscriber Ubuntu Security Team
2018-05-02 20:16:09	Simon Quigley	kwallet-pam (Ubuntu Trusty): importance	Undecided	High
2018-05-02 20:16:11	Simon Quigley	kwallet-pam (Ubuntu Xenial): importance	Undecided	High
2018-05-02 20:16:12	Simon Quigley	kwallet-pam (Ubuntu Artful): importance	Undecided	High
2018-05-02 20:16:14	Simon Quigley	kwallet-pam (Ubuntu Bionic): importance	Undecided	High
2018-05-02 20:16:16	Simon Quigley	kwallet-pam (Ubuntu Cosmic): importance	Undecided	High
2018-05-02 20:16:19	Simon Quigley	kwallet-pam (Ubuntu Trusty): assignee		Simon Quigley (tsimonq2)
2018-05-02 20:16:23	Simon Quigley	kwallet-pam (Ubuntu Artful): assignee		Simon Quigley (tsimonq2)
2018-05-02 20:16:25	Rik Mills	description	KDE Project Security Advisory ============================= Title: kWallet-pam: Access to privileged files Risk Rating: High CVE: CVE-2018-10380 Versions: Plasma < 5.12.6 Date: 4 May 2018 That's all the information I have at this time.	KDE Project Security Advisory ============================= Title: kWallet-pam: Access to privileged files Risk Rating: High CVE: CVE-2018-10380 Versions: Plasma < 5.12.6 Date: 4 May 2018 Overview ======== kwallet-pam was doing file writing and permission changing as root that if timed correctly and with the use of carefully crafted symbolic links could allow a non privileged user to become the owner of privileged files on the system. Workaround ========== None (other than not using kwallet-pam) Solution ======== Update to Plasma >= 5.12.6 or Plasma >= 5.13.0 Or apply the following patches: TODO Credits ======= Thanks to Fabian Vogt for the report and to Albert Astals Cid for the fix.
2018-05-02 20:16:26	Simon Quigley	kwallet-pam (Ubuntu Xenial): assignee		Simon Quigley (tsimonq2)
2018-05-02 20:16:30	Simon Quigley	kwallet-pam (Ubuntu Cosmic): assignee		Simon Quigley (tsimonq2)
2018-05-02 20:16:32	Simon Quigley	kwallet-pam (Ubuntu Bionic): assignee		Simon Quigley (tsimonq2)
2018-05-02 20:39:50	Steve Beattie	bug task added		pam-kwallet (Ubuntu)
2018-05-02 20:40:08	Steve Beattie	kwallet-pam (Ubuntu Trusty): status	New	Invalid
2018-05-02 20:40:32	Steve Beattie	pam-kwallet (Ubuntu Xenial): status	New	Invalid
2018-05-02 20:40:50	Steve Beattie	pam-kwallet (Ubuntu Artful): status	New	Invalid
2018-05-02 20:41:08	Steve Beattie	pam-kwallet (Ubuntu Bionic): status	New	Invalid
2018-05-02 20:41:27	Steve Beattie	pam-kwallet (Ubuntu Cosmic): status	New	Invalid
2018-05-03 03:07:56	Simon Quigley	pam-kwallet (Ubuntu Trusty): importance	Undecided	High
2018-05-03 03:07:56	Simon Quigley	pam-kwallet (Ubuntu Trusty): assignee		Simon Quigley (tsimonq2)
2018-05-03 03:08:20	Simon Quigley	kwallet-pam (Ubuntu Trusty): importance	High	Undecided
2018-05-03 03:08:20	Simon Quigley	kwallet-pam (Ubuntu Trusty): assignee	Simon Quigley (tsimonq2)
2018-05-03 12:05:04	Rik Mills	description	KDE Project Security Advisory ============================= Title: kWallet-pam: Access to privileged files Risk Rating: High CVE: CVE-2018-10380 Versions: Plasma < 5.12.6 Date: 4 May 2018 Overview ======== kwallet-pam was doing file writing and permission changing as root that if timed correctly and with the use of carefully crafted symbolic links could allow a non privileged user to become the owner of privileged files on the system. Workaround ========== None (other than not using kwallet-pam) Solution ======== Update to Plasma >= 5.12.6 or Plasma >= 5.13.0 Or apply the following patches: TODO Credits ======= Thanks to Fabian Vogt for the report and to Albert Astals Cid for the fix.	KDE Project Security Advisory ============================= Title: kwallet-pam: Access to privileged files Risk Rating: High CVE: CVE-2018-10380 Versions: Plasma < 5.12.6 Date: 4 May 2018 Overview ======== kwallet-pam was doing file writing and permission changing as root that with correct timing and use of carefully crafted symbolic links could allow a non privileged user to become the owner of any file on the system. Workaround ========== None (other than not using kwallet-pam) Solution ======== Update to Plasma >= 5.12.6 or Plasma >= 5.13.0 Or apply the following patches: Plasma 5.12 https://commits.kde.org/kwallet-pam/2134dec85ce19d6378d03cddfae9e5e464cb24c0 https://commits.kde.org/kwallet-pam/01d4143fda5bddb6dca37b23304dc239a5fb38b5 Plasma 5.8 https://commits.kde.org/kwallet-pam/99abc7fde21f40cc6da5feb6ee766cc46fcca1f8 https://commits.kde.org/kwallet-pam/802f305d81f8771c4f4a8bd7fd0e368ffc6f9b3b Credits ======= Thanks to Fabian Vogt for the report and to Albert Astals Cid for the fix.
2018-05-03 12:09:42	Rik Mills	cve linked		2018-10380
2018-05-03 20:00:30	Rik Mills	kwallet-pam (Ubuntu Cosmic): status	New	Fix Committed
2018-05-03 20:03:38	Simon Quigley	information type	Private Security	Public Security
2018-05-03 20:18:23	Simon Quigley	kwallet-pam (Ubuntu Cosmic): assignee	Simon Quigley (tsimonq2)	Rik Mills (rikmills)
2018-05-03 20:19:04	Simon Quigley	kwallet-pam (Ubuntu Bionic): status	New	In Progress
2018-05-04 00:16:11	Launchpad Janitor	kwallet-pam (Ubuntu Cosmic): status	Fix Committed	Fix Released
2018-05-04 01:09:16	Simon Quigley	bug			added subscriber Ubuntu Security Sponsors Team
2018-05-04 01:12:21	Simon Quigley	kwallet-pam (Ubuntu Artful): status	New	Fix Committed
2018-05-04 01:12:30	Simon Quigley	kwallet-pam (Ubuntu Bionic): status	In Progress	Fix Committed
2018-05-04 01:12:41	Simon Quigley	kwallet-pam (Ubuntu Xenial): status	New	Fix Committed
2018-05-04 01:12:52	Simon Quigley	bug task deleted	kwallet-pam (Ubuntu Trusty)
2018-05-04 01:13:00	Simon Quigley	bug task deleted	pam-kwallet (Ubuntu Xenial)
2018-05-04 01:13:30	Simon Quigley	bug task deleted	pam-kwallet (Ubuntu Artful)
2018-05-04 01:13:38	Simon Quigley	bug task deleted	pam-kwallet (Ubuntu Bionic)
2018-05-04 01:13:41	Simon Quigley	bug task deleted	pam-kwallet (Ubuntu Cosmic)
2018-05-04 05:38:18	Launchpad Janitor	kwallet-pam (Ubuntu Artful): status	Fix Committed	Fix Released
2018-05-04 05:38:20	Launchpad Janitor	kwallet-pam (Ubuntu Bionic): status	Fix Committed	Fix Released
2018-05-04 05:38:22	Launchpad Janitor	kwallet-pam (Ubuntu Xenial): status	Fix Committed	Fix Released
2018-05-24 12:11:08	Marc Deslauriers	removed subscriber Ubuntu Security Sponsors Team
2018-05-28 22:24:14	Rik Mills	kwallet-pam (Ubuntu Bionic): status	Fix Released	Triaged
2018-05-28 22:24:19	Rik Mills	kwallet-pam (Ubuntu Artful): status	Fix Released	Triaged
2018-05-28 22:24:27	Rik Mills	kwallet-pam (Ubuntu Xenial): status	Fix Released	Triaged
2018-06-19 05:05:32	Simon Quigley	tags		community-security
2018-07-09 19:06:08	Launchpad Janitor	kwallet-pam (Ubuntu Xenial): status	Triaged	Fix Released
2018-07-09 19:16:12	Launchpad Janitor	kwallet-pam (Ubuntu Artful): status	Triaged	Fix Released
2018-07-09 19:26:16	Launchpad Janitor	kwallet-pam (Ubuntu Bionic): status	Triaged	Fix Released
2018-07-20 06:36:58	Simon Quigley	pam-kwallet (Ubuntu Trusty): assignee	Simon Quigley (tsimonq2)

Ubuntukwallet-pam package

Activity log for bug #1768649

Ubuntu
kwallet-pam package