Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in kde
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in kde
ID: 200311-01
Distribution: Gentoo
Plattformen: Keine Angabe
Datum: Fr, 21. November 2003, 12:00
Referenzen: Keine Angabe
Applikationen: KDE Software Compilation

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


---------------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200311-01
---------------------------------------------------------------------------

GLSA: 200311-01
package: kde-base/kdebase
summary: KDM vulnerabilities
severity: normal
Gentoo bug: 29406
date: 2003-11-15
CVE: CAN-2003-0690 CAN-2003-0692
exploit: local / remote
affected: <=3.1.3
fixed: >=3.1.4

DESCRIPTION:

Firstly, versions of KDM <= 3.1.3 are vulnerable to a privilege escalation
bug with a specific configuration of PAM modules. Users who do not use PAM
with KDM and users who use PAM with regular Unix crypt/MD5 based
authentication methods are not affected.

Secondly, KDM uses a weak cookie generation algorithm. It is advised that
users upgrade to KDE 3.1.4, which uses /dev/urandom as a non-predictable
source of entropy to improve security.

Please look at http://www.kde.org/info/security/advisory-20030916-1.txt for
the KDE Security Advisory and source patch locations for older versions of
KDE.

SOLUTION:

Users are encouraged to perform an 'emerge --sync' and upgrade the
package to
the latest available version. KDE 3.1.4 is recommended and should be marked
stable for most architectures. Specific steps to upgrade:

emerge --sync
emerge '>=kde-base/kde-3.1.4'
emerge clean

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (Darwin)

iD8DBQE/vG2Wnt0v0zAqOHYRAr5xAKCedNRDPeH8sbW3EyX6OOSHJOL6VQCgr0ul
fnlFstGhIw3hMdoQIp07/SI=
=QD6a
-----END PGP SIGNATURE-----
Pro-Linux
Pro-Linux @Twitter
Neue Nachrichten
Werbung