Fabian Vogt discovered that the KDE session management server
insufficiently restricted ICE connections from localhost, which could
allow a local attacker to execute arbitrary code as another user on
next boot.

https://security-tracker.debian.org/tracker/DSA-5723-1

Read More