lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1JtX6e-0007NN-8K@titan.mandriva.com>
Date: Tue, 06 May 2008 18:02:00 -0600
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2008:097 ] - Updated kdelibs packages fix
 vulnerability in start_kdeinit


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDVSA-2008:097
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : kdelibs
 Date    : May 6, 2008
 Affected: 2008.0, 2008.1
 _______________________________________________________________________
 
 Problem Description:
 
 A vulnerability was found in start_kdeinit in KDE 3.5.5 through
 3.5.9 where, if it was installed setuid root, it could allow local
 users to cause a denial of service or possibly execute arbitrary code
 (CVE-2008-1671).
 
 By default, start_kdeinit is not installed setuid root on Mandriva
 Linux, however updated packages have been patched to correct this
 issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1671
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2008.0:
 6e9ec4d86831c1de8d97b1143e412094  2008.0/i586/kdelibs-common-3.5.7-43.8mdv2008.0.i586.rpm
 13c4540bad80e97dea7d4f0ae0b85e48  2008.0/i586/kdelibs-devel-doc-3.5.7-43.8mdv2008.0.i586.rpm
 e37ee088e281f3ac22aaa9a2cf967bff  2008.0/i586/libkdecore4-3.5.7-43.8mdv2008.0.i586.rpm
 68de2c2c0c4aefaae88598329c4ae842  2008.0/i586/libkdecore4-devel-3.5.7-43.8mdv2008.0.i586.rpm 
 f88003b0ee66bf4bcb456b7352972507  2008.0/SRPMS/kdelibs-3.5.7-43.8mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 f22003b71a01cde99bbec436462d8b89  2008.0/x86_64/kdelibs-common-3.5.7-43.8mdv2008.0.x86_64.rpm
 d22e1bbc15d300768f58c75d810bb799  2008.0/x86_64/kdelibs-devel-doc-3.5.7-43.8mdv2008.0.x86_64.rpm
 d52a94a110cd8ccf0611f1c199f0ee91  2008.0/x86_64/lib64kdecore4-3.5.7-43.8mdv2008.0.x86_64.rpm
 7fd7f380efa11735eb0b4a174f5c7ade  2008.0/x86_64/lib64kdecore4-devel-3.5.7-43.8mdv2008.0.x86_64.rpm 
 f88003b0ee66bf4bcb456b7352972507  2008.0/SRPMS/kdelibs-3.5.7-43.8mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 3fdded980feeb40749c9fbef31c8274d  2008.1/i586/kdelibs-common-3.5.9-10.1mdv2008.1.i586.rpm
 c0bba005dbc4013ff8cbe933ff9e5584  2008.1/i586/kdelibs-devel-doc-3.5.9-10.1mdv2008.1.i586.rpm
 8867c7c83437e532b632a3a8f578e39d  2008.1/i586/libkdecore4-3.5.9-10.1mdv2008.1.i586.rpm
 eec45645cada33b83c4394cdfca05af8  2008.1/i586/libkdecore4-devel-3.5.9-10.1mdv2008.1.i586.rpm 
 5d6b90aaf30b609c801e6d41727be2a4  2008.1/SRPMS/kdelibs-3.5.9-10.1mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 880a8c5c0efe5688bbbcacda27866b32  2008.1/x86_64/kdelibs-common-3.5.9-10.1mdv2008.1.x86_64.rpm
 e217bf386a48838736364332c9919639  2008.1/x86_64/kdelibs-devel-doc-3.5.9-10.1mdv2008.1.x86_64.rpm
 cd18170a8fe9c90e577e2a322f6e6146  2008.1/x86_64/lib64kdecore4-3.5.9-10.1mdv2008.1.x86_64.rpm
 c28603d515c0d86f5ac782541c5b24a9  2008.1/x86_64/lib64kdecore4-devel-3.5.9-10.1mdv2008.1.x86_64.rpm 
 5d6b90aaf30b609c801e6d41727be2a4  2008.1/SRPMS/kdelibs-3.5.9-10.1mdv2008.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIIMdZmqjQ0CJFipgRAsGVAKCYNxo0aNExSN2XAHUD+ifw8ha+SACg3wfA
/edYIt1LNstGmZtHW0hMW2g=
=mQaN
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ