Smb4k contains a logic flaw in which mount helper binary does not properly verify the mount command it is being asked to run. This allows calling any other binary as root since the mount helper is typically installed as suid. Affected versions: smb4k <= 2.0.0 Upstream fixes: smb4k 2.0.0: https://commits.kde.org/smb4k/a90289b0962663bc1d247bbbd31b9e65b2ca000e smb4k 1.2.3: https://commits.kde.org/smb4k/71554140bdaede27b95dbe4c9b5a028a83c83cce External References: https://www.kde.org/info/security/advisory-20170510-2.txt
Acknowledgments: Name: Sebastian Krahmer (SUSE)
Created smb4k tracking bugs for this issue: Affects: fedora-all [bug 1449658]
Hello , I saw that than took some actions, before update smb4k to major version 2.0.1 in F26+ , I'd like update smb4k to 1.2.3 . Seems that source now is also available on github so : https://github.com/KDE/smb4k/commits/1.2 with https://github.com/KDE/smb4k/commit/71554140bdaede27b95dbe4c9b5a028a83c83cce looks good to me , may I update smb4k again ? @than what do you think ?
As long as it's fixed, I see there no problem.
Sergio, feel free to update to 1.2.3 if you think there's no regression in new version.
(In reply to Ngo Than from comment #5) > Sergio, feel free to update to 1.2.3 if you think there's no regression in > new version. Done