lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1Ib3h5-0001PF-GW@artemis.annvix.ca>
Date: Thu, 27 Sep 2007 18:26:59 -0600
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDKSA-2007:190 ] - Updated kdebase packages fix KDM vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:190
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : kdebase
 Date    : September 27, 2007
 Affected: 2007.0, 2007.1, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 A vulnerability was discovered in KDM by Kees Huijgen where under
 certain circumstances and in particular configurations, KDM could be
 tricked into allowing users to login without a password.
 
 Updated packages have been patched to prevent this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4569
 http://www.kde.org/info/security/advisory-20070919-1.txt
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 ed95f0866adcc9061a1be7cc2f71732a  2007.0/i586/kdebase-3.5.4-35.5mdv2007.0.i586.rpm
 20fbdefc98bb62fae257342950774cd8  2007.0/i586/kdebase-common-3.5.4-35.5mdv2007.0.i586.rpm
 9156ef220fd56e3a30870c488402eba3  2007.0/i586/kdebase-kate-3.5.4-35.5mdv2007.0.i586.rpm
 ca1197ce8ec9810f802c8c715faf249c  2007.0/i586/kdebase-kdeprintfax-3.5.4-35.5mdv2007.0.i586.rpm
 86b4fb370db6503dd493682a0554b053  2007.0/i586/kdebase-kdm-3.5.4-35.5mdv2007.0.i586.rpm
 35e68ba7b6e36bc8067f1fa3f454e4ff  2007.0/i586/kdebase-kmenuedit-3.5.4-35.5mdv2007.0.i586.rpm
 74fd4ca948278dfcf6fc6877c68ce919  2007.0/i586/kdebase-konsole-3.5.4-35.5mdv2007.0.i586.rpm
 17b6947e93cdaa7e6729a22f7a871bda  2007.0/i586/kdebase-nsplugins-3.5.4-35.5mdv2007.0.i586.rpm
 47cee3a1165a9dd5dbbd0c0140b44057  2007.0/i586/kdebase-progs-3.5.4-35.5mdv2007.0.i586.rpm
 ddc5c70cab92ee7d60dd93fdec81973d  2007.0/i586/libkdebase4-3.5.4-35.5mdv2007.0.i586.rpm
 cf92676be0c9794d498d79a6eeebd294  2007.0/i586/libkdebase4-devel-3.5.4-35.5mdv2007.0.i586.rpm
 e384a2390808db44e10f8c9b2c98b957  2007.0/i586/libkdebase4-kate-3.5.4-35.5mdv2007.0.i586.rpm
 2d3f673d5a57ed2af65715df9562ef6b  2007.0/i586/libkdebase4-kate-devel-3.5.4-35.5mdv2007.0.i586.rpm
 6f751d5864a2f8b02d2fcb457baa389c  2007.0/i586/libkdebase4-kmenuedit-3.5.4-35.5mdv2007.0.i586.rpm
 826a238be86d001596bb496809bbc97f  2007.0/i586/libkdebase4-konsole-3.5.4-35.5mdv2007.0.i586.rpm 
 99a81ef71314ea78da17d61dff80573c  2007.0/SRPMS/kdebase-3.5.4-35.5mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 44790cfa5b08b21e8576af4ff3d060d0  2007.0/x86_64/kdebase-3.5.4-35.5mdv2007.0.x86_64.rpm
 357266037580782f76eadcb43ba7534f  2007.0/x86_64/kdebase-common-3.5.4-35.5mdv2007.0.x86_64.rpm
 bcc05ade84a36836d1b9b572637fccfb  2007.0/x86_64/kdebase-kate-3.5.4-35.5mdv2007.0.x86_64.rpm
 1891d558ff46fec886f2d6a3e31bc297  2007.0/x86_64/kdebase-kdeprintfax-3.5.4-35.5mdv2007.0.x86_64.rpm
 fd1ca3c7ded0401852da46e09432a758  2007.0/x86_64/kdebase-kdm-3.5.4-35.5mdv2007.0.x86_64.rpm
 64c2bd60c19df0ea5a18176d7b59a5a6  2007.0/x86_64/kdebase-kmenuedit-3.5.4-35.5mdv2007.0.x86_64.rpm
 b4179a132b796afebfd3ffa7d07aca3f  2007.0/x86_64/kdebase-konsole-3.5.4-35.5mdv2007.0.x86_64.rpm
 87928d82fc35349e692207f12947ddfd  2007.0/x86_64/kdebase-nsplugins-3.5.4-35.5mdv2007.0.x86_64.rpm
 9ab48e9c1003415981f2b7b53ffb6873  2007.0/x86_64/kdebase-progs-3.5.4-35.5mdv2007.0.x86_64.rpm
 da0f202940d03b8bc49accdb2a51b060  2007.0/x86_64/lib64kdebase4-3.5.4-35.5mdv2007.0.x86_64.rpm
 d9998a998d77cdac73729787beea7550  2007.0/x86_64/lib64kdebase4-devel-3.5.4-35.5mdv2007.0.x86_64.rpm
 227442038377db2587454c6a1a5ec462  2007.0/x86_64/lib64kdebase4-kate-3.5.4-35.5mdv2007.0.x86_64.rpm
 11303b19dc729c00cdb47e8b873787ec  2007.0/x86_64/lib64kdebase4-kate-devel-3.5.4-35.5mdv2007.0.x86_64.rpm
 178acb8477c40e6d225825d23e7745bc  2007.0/x86_64/lib64kdebase4-kmenuedit-3.5.4-35.5mdv2007.0.x86_64.rpm
 090a8fd1c95df07eb5f41335da0746a6  2007.0/x86_64/lib64kdebase4-konsole-3.5.4-35.5mdv2007.0.x86_64.rpm 
 99a81ef71314ea78da17d61dff80573c  2007.0/SRPMS/kdebase-3.5.4-35.5mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 8570bdbd596afad0fcb120ee69bb40f6  2007.1/i586/kdebase-3.5.6-34.3mdv2007.1.i586.rpm
 55b13622f79a80442b87ec2cb32e6a8b  2007.1/i586/kdebase-common-3.5.6-34.3mdv2007.1.i586.rpm
 7b9710bde1db41c31c738b86e481b1fa  2007.1/i586/kdebase-kate-3.5.6-34.3mdv2007.1.i586.rpm
 41d7cb9e34c04c2916dd8b454fff4ae9  2007.1/i586/kdebase-kdeprintfax-3.5.6-34.3mdv2007.1.i586.rpm
 68fd96ed003fa22e4919aae076c4c661  2007.1/i586/kdebase-kdm-3.5.6-34.3mdv2007.1.i586.rpm
 6662e4110708a8e1d1c69f2100382f77  2007.1/i586/kdebase-kmenuedit-3.5.6-34.3mdv2007.1.i586.rpm
 fbca676bc342ed4fe5cf8642d00b7eb8  2007.1/i586/kdebase-konsole-3.5.6-34.3mdv2007.1.i586.rpm
 eaddbe9aa50009574704c82876340576  2007.1/i586/kdebase-nsplugins-3.5.6-34.3mdv2007.1.i586.rpm
 3a44eecace6c628c099efd19e1194113  2007.1/i586/kdebase-progs-3.5.6-34.3mdv2007.1.i586.rpm
 0e605122c5f0d38bacbc376f61fb0341  2007.1/i586/kdebase-session-plugins-3.5.6-34.3mdv2007.1.i586.rpm
 50c364322f1cd4713ecf67ccd8a7c192  2007.1/i586/libkdebase4-3.5.6-34.3mdv2007.1.i586.rpm
 2edf674d57423e6df9374b519bf18808  2007.1/i586/libkdebase4-devel-3.5.6-34.3mdv2007.1.i586.rpm
 7807d001580be0f4cde6e3e954ef8fd3  2007.1/i586/libkdebase4-kate-3.5.6-34.3mdv2007.1.i586.rpm
 40176badae237cb2cc6477077d9d7088  2007.1/i586/libkdebase4-kate-devel-3.5.6-34.3mdv2007.1.i586.rpm
 e04c5c1468ff18bceb047b61a8a7f96d  2007.1/i586/libkdebase4-kmenuedit-3.5.6-34.3mdv2007.1.i586.rpm
 8b1c2e0c2e3d8f0aca3635eeb9ec3d35  2007.1/i586/libkdebase4-konsole-3.5.6-34.3mdv2007.1.i586.rpm 
 028518676322663bd4ad61935a9e72cb  2007.1/SRPMS/kdebase-3.5.6-34.3mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 34642fa29185029b24f68197cf1468b4  2007.1/x86_64/kdebase-3.5.6-34.3mdv2007.1.x86_64.rpm
 06f51c23a6f4619b8985de15d3043272  2007.1/x86_64/kdebase-common-3.5.6-34.3mdv2007.1.x86_64.rpm
 6a2ad46a1c59302216ec71a1b3edf5fa  2007.1/x86_64/kdebase-kate-3.5.6-34.3mdv2007.1.x86_64.rpm
 aeb87442ccba0738ff0ad975466e51ca  2007.1/x86_64/kdebase-kdeprintfax-3.5.6-34.3mdv2007.1.x86_64.rpm
 c59500b0003980b4e96b439852437652  2007.1/x86_64/kdebase-kdm-3.5.6-34.3mdv2007.1.x86_64.rpm
 28389bd38aefb859c91013a978bea693  2007.1/x86_64/kdebase-kmenuedit-3.5.6-34.3mdv2007.1.x86_64.rpm
 34300209de24263ba6b2c77baf6444b2  2007.1/x86_64/kdebase-konsole-3.5.6-34.3mdv2007.1.x86_64.rpm
 6b9489d5e352680282e9b57967144125  2007.1/x86_64/kdebase-nsplugins-3.5.6-34.3mdv2007.1.x86_64.rpm
 55e8f8e8cb9df9e1e97e724741dca1e0  2007.1/x86_64/kdebase-progs-3.5.6-34.3mdv2007.1.x86_64.rpm
 8592b9188f17d9633c9b184ddd48b75a  2007.1/x86_64/kdebase-session-plugins-3.5.6-34.3mdv2007.1.x86_64.rpm
 e4094a182056a8c50f141e098cbba506  2007.1/x86_64/lib64kdebase4-3.5.6-34.3mdv2007.1.x86_64.rpm
 808bf44ba3a913961b1de89bacec0a1e  2007.1/x86_64/lib64kdebase4-devel-3.5.6-34.3mdv2007.1.x86_64.rpm
 98b8141c3b72e3be73661fce521bdd58  2007.1/x86_64/lib64kdebase4-kate-3.5.6-34.3mdv2007.1.x86_64.rpm
 caea50bca498b129641c21e67fd2b44c  2007.1/x86_64/lib64kdebase4-kate-devel-3.5.6-34.3mdv2007.1.x86_64.rpm
 8b96380674a977765095b19df4696375  2007.1/x86_64/lib64kdebase4-kmenuedit-3.5.6-34.3mdv2007.1.x86_64.rpm
 bdb396aac7942d37fdc2620280eea506  2007.1/x86_64/lib64kdebase4-konsole-3.5.6-34.3mdv2007.1.x86_64.rpm 
 028518676322663bd4ad61935a9e72cb  2007.1/SRPMS/kdebase-3.5.6-34.3mdv2007.1.src.rpm

 Corporate 4.0:
 c7fe691344561a9d3fad121a50fecce8  corporate/4.0/i586/kdebase-3.5.4-2.4.20060mlcs4.i586.rpm
 3531db617d9b49375b7167d4631f9c38  corporate/4.0/i586/kdebase-common-3.5.4-2.4.20060mlcs4.i586.rpm
 bd10d5f02a48b9295ef2f285f4cbe694  corporate/4.0/i586/kdebase-common-doc-3.5.4-2.4.20060mlcs4.i586.rpm
 574bbcc82244ffe1cfda704d8f335a2d  corporate/4.0/i586/kdebase-kate-3.5.4-2.4.20060mlcs4.i586.rpm
 fd8cd8a69b796f68cef2ee506aea1db4  corporate/4.0/i586/kdebase-kcontrol-data-3.5.4-2.4.20060mlcs4.i586.rpm
 87c3aeff7708c4ab011ef86b9dc29c57  corporate/4.0/i586/kdebase-kcontrol-doc-3.5.4-2.4.20060mlcs4.i586.rpm
 64c6062f5ea464b32dec94942603456b  corporate/4.0/i586/kdebase-kdeprintfax-3.5.4-2.4.20060mlcs4.i586.rpm
 4a68cbf9abf272020941badd2d584025  corporate/4.0/i586/kdebase-kdm-3.5.4-2.4.20060mlcs4.i586.rpm
 d38f8d34341106480e267162c0b0a787  corporate/4.0/i586/kdebase-kmenuedit-3.5.4-2.4.20060mlcs4.i586.rpm
 99e845a8ff90975532e68efd5e1609e3  corporate/4.0/i586/kdebase-konsole-3.5.4-2.4.20060mlcs4.i586.rpm
 1b5bf8769c9e5c1756585ad798f9128b  corporate/4.0/i586/kdebase-nsplugins-3.5.4-2.4.20060mlcs4.i586.rpm
 0cb074efaefa7e149f5e16aa65dd4ee4  corporate/4.0/i586/kdebase-progs-3.5.4-2.4.20060mlcs4.i586.rpm
 a7fba48adc843bb7e89aa768d074cbbc  corporate/4.0/i586/libkateinterfaces0-3.5.4-2.4.20060mlcs4.i586.rpm
 ce7c884d12dd5137124a4e3675c79c1f  corporate/4.0/i586/libkateutils0-3.5.4-2.4.20060mlcs4.i586.rpm
 02f60950cd81be961760f4c05b0ab2d3  corporate/4.0/i586/libkdebase4-3.5.4-2.4.20060mlcs4.i586.rpm
 8151a4b8be5b354b35ee3d56ee07f82b  corporate/4.0/i586/libkdebase4-devel-3.5.4-2.4.20060mlcs4.i586.rpm
 b66295552d0876cde589805b93277a36  corporate/4.0/i586/libkdebase4-devel-doc-3.5.4-2.4.20060mlcs4.i586.rpm
 4062acd024322e9b58948710975cb242  corporate/4.0/i586/libkdebase4-kate-3.5.4-2.4.20060mlcs4.i586.rpm 
 85294d3ee142838c305bddf91fde4471  corporate/4.0/SRPMS/kdebase-3.5.4-2.4.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 b05d046a6a961cfd60e004e225837aee  corporate/4.0/x86_64/kdebase-3.5.4-2.4.20060mlcs4.x86_64.rpm
 1adea59c76d96204f602d4d42f97a8b4  corporate/4.0/x86_64/kdebase-common-3.5.4-2.4.20060mlcs4.x86_64.rpm
 baceb707c3717ed2094ade54810ff7cb  corporate/4.0/x86_64/kdebase-common-doc-3.5.4-2.4.20060mlcs4.x86_64.rpm
 49180fdcb34022e128acca27f1d4f6e2  corporate/4.0/x86_64/kdebase-kate-3.5.4-2.4.20060mlcs4.x86_64.rpm
 38f49a61fc2818cdcedebcb6711b3596  corporate/4.0/x86_64/kdebase-kcontrol-data-3.5.4-2.4.20060mlcs4.x86_64.rpm
 2417c26a4d23341f5136b368689fafea  corporate/4.0/x86_64/kdebase-kcontrol-doc-3.5.4-2.4.20060mlcs4.x86_64.rpm
 95072cb3edd90cef5824a731a48b408b  corporate/4.0/x86_64/kdebase-kdeprintfax-3.5.4-2.4.20060mlcs4.x86_64.rpm
 066ab63a703c5a9093a896a97cf939a9  corporate/4.0/x86_64/kdebase-kdm-3.5.4-2.4.20060mlcs4.x86_64.rpm
 f19040eb8576d8f73650d6306c955415  corporate/4.0/x86_64/kdebase-kmenuedit-3.5.4-2.4.20060mlcs4.x86_64.rpm
 50dac506cb177863ee89a91ab918b873  corporate/4.0/x86_64/kdebase-konsole-3.5.4-2.4.20060mlcs4.x86_64.rpm
 4a54828acba2624e1df65fd0bab21061  corporate/4.0/x86_64/kdebase-nsplugins-3.5.4-2.4.20060mlcs4.x86_64.rpm
 9e90a92b42129e217c4ed5b20d9d374d  corporate/4.0/x86_64/kdebase-progs-3.5.4-2.4.20060mlcs4.x86_64.rpm
 2df9ab43233fc2f4f789a369f7c0a379  corporate/4.0/x86_64/lib64kateinterfaces0-3.5.4-2.4.20060mlcs4.x86_64.rpm
 4a932f9f50a88821d01de44f28b6d6d8  corporate/4.0/x86_64/lib64kateutils0-3.5.4-2.4.20060mlcs4.x86_64.rpm
 9ba935c3f519346daab79b8ec87ecd71  corporate/4.0/x86_64/lib64kdebase4-3.5.4-2.4.20060mlcs4.x86_64.rpm
 501d00ca9863d9f615c499564d762f37  corporate/4.0/x86_64/lib64kdebase4-devel-3.5.4-2.4.20060mlcs4.x86_64.rpm
 3f83b049d6611c3541fcee2864888a9d  corporate/4.0/x86_64/lib64kdebase4-devel-doc-3.5.4-2.4.20060mlcs4.x86_64.rpm
 0aae3b142252ca6f3a5119619aebbed7  corporate/4.0/x86_64/lib64kdebase4-kate-3.5.4-2.4.20060mlcs4.x86_64.rpm 
 85294d3ee142838c305bddf91fde4471  corporate/4.0/SRPMS/kdebase-3.5.4-2.4.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFG/B8nmqjQ0CJFipgRAlVuAJ43SNJWbMRm2doGh/z+s0AEKGCOtQCg7nCc
P+NtOREVL74abWCAEw5fotk=
=OlcG
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ