Arch Linux 811 Published by

A kdeconnect security update has been released for Arch Linux.



ASA-202010-7: kdeconnect: arbitrary code execution


Arch Linux Security Advisory ASA-202010-7
========================================
Severity: High
Date : 2020-10-18
CVE-ID : CVE-2020-26164
Package : kdeconnect
Type : arbitrary code execution
Remote : Yes
Link :   https://security.archlinux.org/AVG-1241

Summary
======
The package kdeconnect before version 20.08.2-1 is vulnerable to
arbitrary code execution.

Resolution
=========
Upgrade to 20.08.2-1.

# pacman -Syu "kdeconnect> .08.2-1"

The problem has been fixed upstream in version 20.08.2.

Workaround
=========
None.

Description
==========
Several issues have been found in kdeconnect