14 DAY TRIAL // The KDE Project released a new major version of their widely-used Plasma desktop environment for GNU/Linux distributions, a release that adds numerous new features and fixes security vulnerabilities.
One important security vulnerability fixed in the KDE Plasma 5.12 LTS desktop environment is a USB exploit that could allow a local attacker with physical access to the unpatched computer to execute arbitrary commands if the malicious USB flash drive was mounted via the removable device notifier function and contained certain characters in its volume label.
"When a vfat thumbdrive which contains `` or $() in its volume label is plugged and mounted trough the device notifier, it's interpreted as a shell command, leaving a possibility of arbitrary commands execution. an example of offending volume label is "$(touch b)" which will create a file called b in the home folder," reads the security advisory.
Update to KDE Plasma 5.12 LTS as soon as possible
All KDE Plasma users running a previous version of the desktop environment should update their installations to the latest KDE Plasma 5.12 LTS release as soon as possible. The new version is already available in the software repositories of popular GNU/Linux distributions like Kubuntu/Ubuntu, Arch Linux, OpenSuSE, and others, so there's nothing holding you back to update it right now.
If you can't update your KDE Plasma desktop to version 5.12, there's a workaround for the USB bug, as you'll have to mount all removable USB devices with the Dolphin file manager instead of using the device notifier. Previous LTS users using Plasma 5.8 can update to KDE Plasma 5.8.9 LTS, which also addresses this security flaw. Other Plasma users can apply the patches in the advisory.
KDE Plasma 5.12 LTS is a major release that's smoother and faster than any previous version of the acclaimed desktop environment. It features a unified look for the Breeze theme, infinite customization possibilities, Android smartphone integration for transferring files or receiving notifications of text messages, Global Menu improvements, a slimmer Kickoff application menu layout, and much more.