[rock-user] [Security Announcement] kdebase (RLSA-20060620-0…

ROCK Mailing List Archives

Entire message
+ (text/plain)
Author: Daniel Jahre
To: rock-user
Subject: [rock-user] [Security Announcement] kdebase (RLSA-20060620-01)
This is a ROCK Linux Security Announcement.

Package: kdebase
Announcement ID: RLSA-20060620-01
Date: 2006-03-22
Affected Distributions: Crystal, LiveCD
Affected Releases: Crystal ROCK CLT
Cross References: CVE-2006-2449
Fixed at trunk revision: 7676

Content of this advisory:
1) Problem Description
2) Solution or Work-Around
3) Special instructions and notes
4) Updateing your source tree
5) Source package update
6) Binary package update


1) Problem Description

KDM allows the user to select the session type for login. This setting is
permanently stored in the user home directory. By using a symlink attack, KDM
can be tricked into allowing the user to read file content that would
otherwise be unreadable to this particular user.

2) Solution or Workaround
There is no known Work-Around. Please rebuild the package with the patch from
kde.org that is now supplied in the repository.

3) Special instruction and notes
Please restart kdm after the update.

4) Updateing your source tree
If you are using a subversion checkout of trunk, run:
 svn up

If you are using submaster run,
 sm sync
to merge the update from trunk into your tree

5) Source package update
As a user of an affected distribution you can update this package by
rebuilding it on your machine
 rocket updsrc
to update your local sources and
 rocket emerge kdebase
to install the updated package

6) Binary package update
there are no new binary packages available for this package yet.
rock-user mailing list