CVE-2018-10361

Name of the Vulnerable Software and Affected Versions: KTextEditor versions 5.34.0 through 5.45.0

Description: An issue in KTextEditor's kauth ktexteditor helper service, used in the Kate text editor, allows other unprivileged users on the local system to gain root privileges due to insecure handling of temporary files. This can occur when one user writes a text file using Kate into a directory owned by another unprivileged user, who then conducts a symlink attack to achieve privilege escalation.

Recommendations: For KTextEditor versions 5.34.0 through 5.45.0, consider restricting access to the kauth ktexteditor helper service until a patch is available. As a temporary workaround, avoid using the Kate text editor to write files into directories owned by other unprivileged users. Restrict the ability of unprivileged users to conduct symlink attacks on temporary files created by KTextEditor.