关键信息总结 漏洞标题 KAuth PID Reuse Flaw 风险等级 Low 漏洞编号 CVE-2014-5033 影响平台 All 影响版本 kdelibs < 4.14, kauth < 5.1 描述 The KAuth framework uses polkit-1 API which tries to authenticate using the requestor's PID. This is prone to PID reuse race conditions. 影响 This potentially allows a malicious application to pose as another for authentication purposes when executing privileged actions. 临时解决办法 Disable polkit-1 integration. 解决方案 Upgrade to kdelibs 4.14, kauth 5.1 or apply the patches at: kdelibs: http://quickgit.kde.org/?p=kdelibs.git&a=commit&h=e4e7b53b7le2659adaf52691d4acc3594203b23 kauth: http://quickgit.kde.org/?p=kauth.git&a=commit&h=341b7d84b6d9c03cf56905cb277b47e11c81482a 致谢 Thanks to the SuSE security team and packagers for discovery and notification.