To: [email protected]Subject: [ MDKSA-2006:105 ] - Updated kdebase packages fix local vulnerability in kdm
Date: Thu, 15 Jun 2006 17:34:00 -0600
From: [email protected]
Reply-To: <xsecurity@mandriva.com.>
Message-Id: <E1Fr1Ld-00073y-2A@mercury.mandriva.com.>
Sender: QATeam User <qateam@mercury.mandriva.com.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDKSA-2006:105
http://www.mandriva.com/security/
_______________________________________________________________________
Package : kdebase
Date : June 15, 2006
Affected: 2006.0, Corporate 3.0
_______________________________________________________________________
Problem Description:
A problem with how kdm manages the ~/.dmrc file was discovered by
Ludwig Nussel. By using a symlink attack, a local user could get kdm
to read arbitrary files on the system, including privileged system
files and those belonging to other users.
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2449
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2006.0:
726ebca14ef5a2d3bb16b8c5cd586356 2006.0/RPMS/kdebase-3.4.2-55.5.20060mdk.i586.rpm
67258d27916b2f1094daec6a72cc5a36 2006.0/RPMS/kdebase-common-3.4.2-55.5.20060mdk.i586.rpm
00c0d00a72f143b7f81ca0f5b2274dc7 2006.0/RPMS/kdebase-kate-3.4.2-55.5.20060mdk.i586.rpm
8d42b7e78e69cf213be098241a9e8598 2006.0/RPMS/kdebase-kcontrol-data-3.4.2-55.5.20060mdk.i586.rpm
d672219a07c7bbcc49397ea266f038a0 2006.0/RPMS/kdebase-kcontrol-nsplugins-3.4.2-55.5.20060mdk.i586.rpm
e9954cab45c6e1d131b46041d4bcce0f 2006.0/RPMS/kdebase-kdeprintfax-3.4.2-55.5.20060mdk.i586.rpm
d03fadff36a0a9b004348847fa18c927 2006.0/RPMS/kdebase-kdm-3.4.2-55.5.20060mdk.i586.rpm
3648f9f109ee067dae7508dff745071c 2006.0/RPMS/kdebase-kdm-config-file-3.4.2-55.5.20060mdk.i586.rpm
2cfc8867c6a00ebe570c288065161901 2006.0/RPMS/kdebase-kmenuedit-3.4.2-55.5.20060mdk.i586.rpm
fe43cec32fc283385dbfb6f1eda7b69b 2006.0/RPMS/kdebase-konsole-3.4.2-55.5.20060mdk.i586.rpm
6b187d1d14878e7910141b14055ba53f 2006.0/RPMS/kdebase-nsplugins-3.4.2-55.5.20060mdk.i586.rpm
2fc45a4e8002ff458d950f3a6f9e25c4 2006.0/RPMS/kdebase-progs-3.4.2-55.5.20060mdk.i586.rpm
dfb5094f0df1b1cdd28a23b61da3a06f 2006.0/RPMS/libkdebase4-3.4.2-55.5.20060mdk.i586.rpm
7561375483fcbfcd29df293a0ded800a 2006.0/RPMS/libkdebase4-devel-3.4.2-55.5.20060mdk.i586.rpm
2b999ec3ca33a8665f6887999d67145f 2006.0/RPMS/libkdebase4-kate-3.4.2-55.5.20060mdk.i586.rpm
22ffce36b1e6d3c0518bf6c3d209d636 2006.0/RPMS/libkdebase4-kate-devel-3.4.2-55.5.20060mdk.i586.rpm
17d13b30f1a98c10561a54c90e846120 2006.0/RPMS/libkdebase4-kmenuedit-3.4.2-55.5.20060mdk.i586.rpm
947d66c0dd9cdb7a9f7e42fffa98b962 2006.0/RPMS/libkdebase4-konsole-3.4.2-55.5.20060mdk.i586.rpm
d96c8c54b11b12febaa623ef7706773f 2006.0/SRPMS/kdebase-3.4.2-55.5.20060mdk.src.rpm
Mandriva Linux 2006.0/X86_64:
9445b9aa2f63f0954eaf8fe8de0cea2d x86_64/2006.0/RPMS/kdebase-3.4.2-55.5.20060mdk.x86_64.rpm
9f38a7226f9ffa9cf4d3e54491c395b4 x86_64/2006.0/RPMS/kdebase-common-3.4.2-55.5.20060mdk.x86_64.rpm
0b8630897380a181df39a2aafe61429f x86_64/2006.0/RPMS/kdebase-kate-3.4.2-55.5.20060mdk.x86_64.rpm
1b3cb9ee7e6ad29efe96fa401c66c06a x86_64/2006.0/RPMS/kdebase-kcontrol-data-3.4.2-55.5.20060mdk.x86_64.rpm
4abaa902c27a1c48f66c07b9d15592c5 x86_64/2006.0/RPMS/kdebase-kcontrol-nsplugins-3.4.2-55.5.20060mdk.x86_64.rpm
f6a797e354ab5e61056e9a6c874361b0 x86_64/2006.0/RPMS/kdebase-kdeprintfax-3.4.2-55.5.20060mdk.x86_64.rpm
52aefd9b732993a2a38b576623754364 x86_64/2006.0/RPMS/kdebase-kdm-3.4.2-55.5.20060mdk.x86_64.rpm
d785e9c02f2eabcd814d139472acaede x86_64/2006.0/RPMS/kdebase-kdm-config-file-3.4.2-55.5.20060mdk.x86_64.rpm
0d7081df83b791dac816444af85ad2ea x86_64/2006.0/RPMS/kdebase-kmenuedit-3.4.2-55.5.20060mdk.x86_64.rpm
26e53b61879d3c2f25452cff9f5eb766 x86_64/2006.0/RPMS/kdebase-konsole-3.4.2-55.5.20060mdk.x86_64.rpm
7e899e5d166f2bbc2ed83668579281e8 x86_64/2006.0/RPMS/kdebase-nsplugins-3.4.2-55.5.20060mdk.x86_64.rpm
70c2d41960ad53dd8af05cabd2cfe113 x86_64/2006.0/RPMS/kdebase-progs-3.4.2-55.5.20060mdk.x86_64.rpm
b7b012c632ba73983474ba6d0b85f3cd x86_64/2006.0/RPMS/lib64kdebase4-3.4.2-55.5.20060mdk.x86_64.rpm
6d6a9a5c9695b3168115773214cd5b5d x86_64/2006.0/RPMS/lib64kdebase4-devel-3.4.2-55.5.20060mdk.x86_64.rpm
b87ae3232e723ccceba364b26d08ff8b x86_64/2006.0/RPMS/lib64kdebase4-kate-3.4.2-55.5.20060mdk.x86_64.rpm
dc0c9a6dee46458bde36960da267f7c3 x86_64/2006.0/RPMS/lib64kdebase4-kate-devel-3.4.2-55.5.20060mdk.x86_64.rpm
9fc2e0f1146a6c11bde9d839bf42de3a x86_64/2006.0/RPMS/lib64kdebase4-kmenuedit-3.4.2-55.5.20060mdk.x86_64.rpm
5fda3b2cd68127accd88dabcbc8d35e9 x86_64/2006.0/RPMS/lib64kdebase4-konsole-3.4.2-55.5.20060mdk.x86_64.rpm
d96c8c54b11b12febaa623ef7706773f x86_64/2006.0/SRPMS/kdebase-3.4.2-55.5.20060mdk.src.rpm
Corporate 3.0:
ef3b48418d1d820c5e77289e5e13eb51 corporate/3.0/RPMS/kdebase-3.2-79.16.C30mdk.i586.rpm
7a11e9bdecb4d77155ae20b6ac70e7ca corporate/3.0/RPMS/kdebase-common-3.2-79.16.C30mdk.i586.rpm
8f4884ab14d2f4ea1513c2aaba4db23a corporate/3.0/RPMS/kdebase-kate-3.2-79.16.C30mdk.i586.rpm
d9ede34c2fc22189fbff4cb6d9142f77 corporate/3.0/RPMS/kdebase-kcontrol-data-3.2-79.16.C30mdk.i586.rpm
a479eaa99cf9aa9e48ae6ebdec049f46 corporate/3.0/RPMS/kdebase-kdeprintfax-3.2-79.16.C30mdk.i586.rpm
e76eb27bf6e194353ff1620979bd75bc corporate/3.0/RPMS/kdebase-kdm-3.2-79.16.C30mdk.i586.rpm
d9871f5abf93901c53985173e7daa7f1 corporate/3.0/RPMS/kdebase-kdm-config-file-3.2-79.16.C30mdk.i586.rpm
a50ab9efa112240601053c89921a246e corporate/3.0/RPMS/kdebase-kmenuedit-3.2-79.16.C30mdk.i586.rpm
fb27cc11388706d3ff1503a53aef9fd7 corporate/3.0/RPMS/kdebase-konsole-3.2-79.16.C30mdk.i586.rpm
5d2c5d750aab6d938e0ba2977c1e3e94 corporate/3.0/RPMS/kdebase-nsplugins-3.2-79.16.C30mdk.i586.rpm
0b08427948257b69d387d2cb8ef84e24 corporate/3.0/RPMS/kdebase-progs-3.2-79.16.C30mdk.i586.rpm
2dd212d67fefe8e08a6a1bcec4c8872c corporate/3.0/RPMS/libkdebase4-3.2-79.16.C30mdk.i586.rpm
5aece054b5eb7615f55d79f8beff81e8 corporate/3.0/RPMS/libkdebase4-devel-3.2-79.16.C30mdk.i586.rpm
8e690cad1ced882f2705058b7cf1e029 corporate/3.0/RPMS/libkdebase4-kate-3.2-79.16.C30mdk.i586.rpm
9fed5c34ec8dfcf1a16c085641920e08 corporate/3.0/RPMS/libkdebase4-kate-devel-3.2-79.16.C30mdk.i586.rpm
f3dcfab1dfba92511bbfc0f6f2da6b30 corporate/3.0/RPMS/libkdebase4-kmenuedit-3.2-79.16.C30mdk.i586.rpm
b9f199e99430a55b6d20476d1a71af05 corporate/3.0/RPMS/libkdebase4-konsole-3.2-79.16.C30mdk.i586.rpm
bd1e5da137831c0ed7dfe490109da83e corporate/3.0/RPMS/libkdebase4-nsplugins-3.2-79.16.C30mdk.i586.rpm
fee4d611492e726bd8331f5c41885e82 corporate/3.0/RPMS/libkdebase4-nsplugins-devel-3.2-79.16.C30mdk.i586.rpm
a07f41acf5e23f73458caea242b17df7 corporate/3.0/SRPMS/kdebase-3.2-79.16.C30mdk.src.rpm
Corporate 3.0/X86_64:
c6c8cdd25d44d7ec8ce846f3cf200a59 x86_64/corporate/3.0/RPMS/kdebase-3.2-79.16.C30mdk.x86_64.rpm
90e827dc3f1466d8bf8a1d93b6fe5274 x86_64/corporate/3.0/RPMS/kdebase-common-3.2-79.16.C30mdk.x86_64.rpm
7994f4858992febb3476e74bdef18c78 x86_64/corporate/3.0/RPMS/kdebase-kate-3.2-79.16.C30mdk.x86_64.rpm
6370d0bbc319e459e2f57b76afa5d8ca x86_64/corporate/3.0/RPMS/kdebase-kcontrol-data-3.2-79.16.C30mdk.x86_64.rpm
ea4a3e76df7385c1e822de4b5ebd1b74 x86_64/corporate/3.0/RPMS/kdebase-kdeprintfax-3.2-79.16.C30mdk.x86_64.rpm
ae72ad4feb487c5e140a37481d0b9ed1 x86_64/corporate/3.0/RPMS/kdebase-kdm-3.2-79.16.C30mdk.x86_64.rpm
32d7826318e11489a1920cee6b546328 x86_64/corporate/3.0/RPMS/kdebase-kdm-config-file-3.2-79.16.C30mdk.x86_64.rpm
0eb3518324296234429c450eba0034c8 x86_64/corporate/3.0/RPMS/kdebase-kmenuedit-3.2-79.16.C30mdk.x86_64.rpm
bb6ccf30e34f5814b32887b99a9469a8 x86_64/corporate/3.0/RPMS/kdebase-konsole-3.2-79.16.C30mdk.x86_64.rpm
16d283884747b1fe328146c61caae36c x86_64/corporate/3.0/RPMS/kdebase-nsplugins-3.2-79.16.C30mdk.x86_64.rpm
d678ca184d5b2a46bb271d69a4cdbabe x86_64/corporate/3.0/RPMS/kdebase-progs-3.2-79.16.C30mdk.x86_64.rpm
c2fc2aee9289b43f2ee501e5592e199d x86_64/corporate/3.0/RPMS/lib64kdebase4-3.2-79.16.C30mdk.x86_64.rpm
1967f8b2a1dc08ce6492cf8a5d066f49 x86_64/corporate/3.0/RPMS/lib64kdebase4-devel-3.2-79.16.C30mdk.x86_64.rpm
f0780b73632275d602d1f72ced0a83cc x86_64/corporate/3.0/RPMS/lib64kdebase4-kate-3.2-79.16.C30mdk.x86_64.rpm
0551d850ad5ef4868238a23b4b2d4361 x86_64/corporate/3.0/RPMS/lib64kdebase4-kate-devel-3.2-79.16.C30mdk.x86_64.rpm
3b1cd784425760243654923bce43a838 x86_64/corporate/3.0/RPMS/lib64kdebase4-kmenuedit-3.2-79.16.C30mdk.x86_64.rpm
397953a52f385954f0108cb86b69ba62 x86_64/corporate/3.0/RPMS/lib64kdebase4-konsole-3.2-79.16.C30mdk.x86_64.rpm
c72de4cb208b6f08a332295fd78f9438 x86_64/corporate/3.0/RPMS/lib64kdebase4-nsplugins-3.2-79.16.C30mdk.x86_64.rpm
0f545f5f9bde740c50000d5c373bfd11 x86_64/corporate/3.0/RPMS/lib64kdebase4-nsplugins-devel-3.2-79.16.C30mdk.x86_64.rpm
a07f41acf5e23f73458caea242b17df7 x86_64/corporate/3.0/SRPMS/kdebase-3.2-79.16.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFEkcIjmqjQ0CJFipgRArzBAJ9Mo70yiJi66DQdJzv8DrtsURPp7QCfd3tJ
iehgJbnn4Z83wR9MRrNl3GE=
=NX9g
-----END PGP SIGNATURE-----