_______________________________________________________________________
Package : kdebase
Date : April 15, 2010
Affected: 2008.0, 2009.1, 2010.0, Corporate 4.0
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in kdm
(kdebase/kdebase4-workspace):
KDM contains a race condition that allows local attackers to make
arbitrary files on the system world-writeable. This can happen
while KDM tries to create its control socket during user login. This
vulnerability has been discovered by Sebastian Krahmer from the SUSE
Security Team (CVE-2010-0436).
It is adviced to reboot the computer after applying the updated
packages in order to the security fix to take full effect.
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cg ... -2010-0436
http://www.kde.org/info/security/adviso ... 0413-1.txt
_______________________________________________________________________
[ MDVSA-2010:074 ] kdebase
Ensimmäinen lukematon viesti • 1 viesti
• Sivu 1/1
[ MDVSA-2010:074 ] kdebase
Kirjoittaja dude67 » 21 Huhti 2010, 19:26
1. Mageia-1 KDE4 x86_64 (& Win7 Pro) | desktop
2. Mageia-2 KDE4 (& Win7 Home Premium) | laptop Acer 7530
3. Mageia-1 KDE4 (& Win7 Starter) | Samsung NC-10 miniläppäri
4. Mageia-1 KDE4 | serverinä toimiva desktop
Luotettavaa Linux käyttöä jo Mandriva 2006.0:sta lähtien
-
dude67 - Site Admin
- Viestit: 2256
- Liittynyt: 27 Syys 2007, 16:58
- Paikkakunta: Espoo
1 viesti
• Sivu 1/1
Paluu Mandrivan turvallisuustiedotteet
Paikallaolijat
Käyttäjiä lukemassa tätä aluetta: Ei rekisteröityneitä käyttäjiä ja 3 vierailijaa