-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2006:105 http://www.mandriva.com/security/ _______________________________________________________________________ Package : kdebase Date : June 15, 2006 Affected: 2006.0, Corporate 3.0 _______________________________________________________________________ Problem Description: A problem with how kdm manages the ~/.dmrc file was discovered by Ludwig Nussel. By using a symlink attack, a local user could get kdm to read arbitrary files on the system, including privileged system files and those belonging to other users. The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2449 _______________________________________________________________________ Updated Packages: Mandriva Linux 2006.0: 726ebca14ef5a2d3bb16b8c5cd586356 2006.0/RPMS/kdebase-3.4.2-55.5.20060mdk.i586.rpm 67258d27916b2f1094daec6a72cc5a36 2006.0/RPMS/kdebase-common-3.4.2-55.5.20060mdk.i586.rpm 00c0d00a72f143b7f81ca0f5b2274dc7 2006.0/RPMS/kdebase-kate-3.4.2-55.5.20060mdk.i586.rpm 8d42b7e78e69cf213be098241a9e8598 2006.0/RPMS/kdebase-kcontrol-data-3.4.2-55.5.20060mdk.i586.rpm d672219a07c7bbcc49397ea266f038a0 2006.0/RPMS/kdebase-kcontrol-nsplugins-3.4.2-55.5.20060mdk.i586.rpm e9954cab45c6e1d131b46041d4bcce0f 2006.0/RPMS/kdebase-kdeprintfax-3.4.2-55.5.20060mdk.i586.rpm d03fadff36a0a9b004348847fa18c927 2006.0/RPMS/kdebase-kdm-3.4.2-55.5.20060mdk.i586.rpm 3648f9f109ee067dae7508dff745071c 2006.0/RPMS/kdebase-kdm-config-file-3.4.2-55.5.20060mdk.i586.rpm 2cfc8867c6a00ebe570c288065161901 2006.0/RPMS/kdebase-kmenuedit-3.4.2-55.5.20060mdk.i586.rpm fe43cec32fc283385dbfb6f1eda7b69b 2006.0/RPMS/kdebase-konsole-3.4.2-55.5.20060mdk.i586.rpm 6b187d1d14878e7910141b14055ba53f 2006.0/RPMS/kdebase-nsplugins-3.4.2-55.5.20060mdk.i586.rpm 2fc45a4e8002ff458d950f3a6f9e25c4 2006.0/RPMS/kdebase-progs-3.4.2-55.5.20060mdk.i586.rpm dfb5094f0df1b1cdd28a23b61da3a06f 2006.0/RPMS/libkdebase4-3.4.2-55.5.20060mdk.i586.rpm 7561375483fcbfcd29df293a0ded800a 2006.0/RPMS/libkdebase4-devel-3.4.2-55.5.20060mdk.i586.rpm 2b999ec3ca33a8665f6887999d67145f 2006.0/RPMS/libkdebase4-kate-3.4.2-55.5.20060mdk.i586.rpm 22ffce36b1e6d3c0518bf6c3d209d636 2006.0/RPMS/libkdebase4-kate-devel-3.4.2-55.5.20060mdk.i586.rpm 17d13b30f1a98c10561a54c90e846120 2006.0/RPMS/libkdebase4-kmenuedit-3.4.2-55.5.20060mdk.i586.rpm 947d66c0dd9cdb7a9f7e42fffa98b962 2006.0/RPMS/libkdebase4-konsole-3.4.2-55.5.20060mdk.i586.rpm d96c8c54b11b12febaa623ef7706773f 2006.0/SRPMS/kdebase-3.4.2-55.5.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 9445b9aa2f63f0954eaf8fe8de0cea2d x86_64/2006.0/RPMS/kdebase-3.4.2-55.5.20060mdk.x86_64.rpm 9f38a7226f9ffa9cf4d3e54491c395b4 x86_64/2006.0/RPMS/kdebase-common-3.4.2-55.5.20060mdk.x86_64.rpm 0b8630897380a181df39a2aafe61429f x86_64/2006.0/RPMS/kdebase-kate-3.4.2-55.5.20060mdk.x86_64.rpm 1b3cb9ee7e6ad29efe96fa401c66c06a x86_64/2006.0/RPMS/kdebase-kcontrol-data-3.4.2-55.5.20060mdk.x86_64.rpm 4abaa902c27a1c48f66c07b9d15592c5 x86_64/2006.0/RPMS/kdebase-kcontrol-nsplugins-3.4.2-55.5.20060mdk.x86_64.rpm f6a797e354ab5e61056e9a6c874361b0 x86_64/2006.0/RPMS/kdebase-kdeprintfax-3.4.2-55.5.20060mdk.x86_64.rpm 52aefd9b732993a2a38b576623754364 x86_64/2006.0/RPMS/kdebase-kdm-3.4.2-55.5.20060mdk.x86_64.rpm d785e9c02f2eabcd814d139472acaede x86_64/2006.0/RPMS/kdebase-kdm-config-file-3.4.2-55.5.20060mdk.x86_64.rpm 0d7081df83b791dac816444af85ad2ea x86_64/2006.0/RPMS/kdebase-kmenuedit-3.4.2-55.5.20060mdk.x86_64.rpm 26e53b61879d3c2f25452cff9f5eb766 x86_64/2006.0/RPMS/kdebase-konsole-3.4.2-55.5.20060mdk.x86_64.rpm 7e899e5d166f2bbc2ed83668579281e8 x86_64/2006.0/RPMS/kdebase-nsplugins-3.4.2-55.5.20060mdk.x86_64.rpm 70c2d41960ad53dd8af05cabd2cfe113 x86_64/2006.0/RPMS/kdebase-progs-3.4.2-55.5.20060mdk.x86_64.rpm b7b012c632ba73983474ba6d0b85f3cd x86_64/2006.0/RPMS/lib64kdebase4-3.4.2-55.5.20060mdk.x86_64.rpm 6d6a9a5c9695b3168115773214cd5b5d x86_64/2006.0/RPMS/lib64kdebase4-devel-3.4.2-55.5.20060mdk.x86_64.rpm b87ae3232e723ccceba364b26d08ff8b x86_64/2006.0/RPMS/lib64kdebase4-kate-3.4.2-55.5.20060mdk.x86_64.rpm dc0c9a6dee46458bde36960da267f7c3 x86_64/2006.0/RPMS/lib64kdebase4-kate-devel-3.4.2-55.5.20060mdk.x86_64.rpm 9fc2e0f1146a6c11bde9d839bf42de3a x86_64/2006.0/RPMS/lib64kdebase4-kmenuedit-3.4.2-55.5.20060mdk.x86_64.rpm 5fda3b2cd68127accd88dabcbc8d35e9 x86_64/2006.0/RPMS/lib64kdebase4-konsole-3.4.2-55.5.20060mdk.x86_64.rpm d96c8c54b11b12febaa623ef7706773f x86_64/2006.0/SRPMS/kdebase-3.4.2-55.5.20060mdk.src.rpm Corporate 3.0: ef3b48418d1d820c5e77289e5e13eb51 corporate/3.0/RPMS/kdebase-3.2-79.16.C30mdk.i586.rpm 7a11e9bdecb4d77155ae20b6ac70e7ca corporate/3.0/RPMS/kdebase-common-3.2-79.16.C30mdk.i586.rpm 8f4884ab14d2f4ea1513c2aaba4db23a corporate/3.0/RPMS/kdebase-kate-3.2-79.16.C30mdk.i586.rpm d9ede34c2fc22189fbff4cb6d9142f77 corporate/3.0/RPMS/kdebase-kcontrol-data-3.2-79.16.C30mdk.i586.rpm a479eaa99cf9aa9e48ae6ebdec049f46 corporate/3.0/RPMS/kdebase-kdeprintfax-3.2-79.16.C30mdk.i586.rpm e76eb27bf6e194353ff1620979bd75bc corporate/3.0/RPMS/kdebase-kdm-3.2-79.16.C30mdk.i586.rpm d9871f5abf93901c53985173e7daa7f1 corporate/3.0/RPMS/kdebase-kdm-config-file-3.2-79.16.C30mdk.i586.rpm a50ab9efa112240601053c89921a246e corporate/3.0/RPMS/kdebase-kmenuedit-3.2-79.16.C30mdk.i586.rpm fb27cc11388706d3ff1503a53aef9fd7 corporate/3.0/RPMS/kdebase-konsole-3.2-79.16.C30mdk.i586.rpm 5d2c5d750aab6d938e0ba2977c1e3e94 corporate/3.0/RPMS/kdebase-nsplugins-3.2-79.16.C30mdk.i586.rpm 0b08427948257b69d387d2cb8ef84e24 corporate/3.0/RPMS/kdebase-progs-3.2-79.16.C30mdk.i586.rpm 2dd212d67fefe8e08a6a1bcec4c8872c corporate/3.0/RPMS/libkdebase4-3.2-79.16.C30mdk.i586.rpm 5aece054b5eb7615f55d79f8beff81e8 corporate/3.0/RPMS/libkdebase4-devel-3.2-79.16.C30mdk.i586.rpm 8e690cad1ced882f2705058b7cf1e029 corporate/3.0/RPMS/libkdebase4-kate-3.2-79.16.C30mdk.i586.rpm 9fed5c34ec8dfcf1a16c085641920e08 corporate/3.0/RPMS/libkdebase4-kate-devel-3.2-79.16.C30mdk.i586.rpm f3dcfab1dfba92511bbfc0f6f2da6b30 corporate/3.0/RPMS/libkdebase4-kmenuedit-3.2-79.16.C30mdk.i586.rpm b9f199e99430a55b6d20476d1a71af05 corporate/3.0/RPMS/libkdebase4-konsole-3.2-79.16.C30mdk.i586.rpm bd1e5da137831c0ed7dfe490109da83e corporate/3.0/RPMS/libkdebase4-nsplugins-3.2-79.16.C30mdk.i586.rpm fee4d611492e726bd8331f5c41885e82 corporate/3.0/RPMS/libkdebase4-nsplugins-devel-3.2-79.16.C30mdk.i586.rpm a07f41acf5e23f73458caea242b17df7 corporate/3.0/SRPMS/kdebase-3.2-79.16.C30mdk.src.rpm Corporate 3.0/X86_64: c6c8cdd25d44d7ec8ce846f3cf200a59 x86_64/corporate/3.0/RPMS/kdebase-3.2-79.16.C30mdk.x86_64.rpm 90e827dc3f1466d8bf8a1d93b6fe5274 x86_64/corporate/3.0/RPMS/kdebase-common-3.2-79.16.C30mdk.x86_64.rpm 7994f4858992febb3476e74bdef18c78 x86_64/corporate/3.0/RPMS/kdebase-kate-3.2-79.16.C30mdk.x86_64.rpm 6370d0bbc319e459e2f57b76afa5d8ca x86_64/corporate/3.0/RPMS/kdebase-kcontrol-data-3.2-79.16.C30mdk.x86_64.rpm ea4a3e76df7385c1e822de4b5ebd1b74 x86_64/corporate/3.0/RPMS/kdebase-kdeprintfax-3.2-79.16.C30mdk.x86_64.rpm ae72ad4feb487c5e140a37481d0b9ed1 x86_64/corporate/3.0/RPMS/kdebase-kdm-3.2-79.16.C30mdk.x86_64.rpm 32d7826318e11489a1920cee6b546328 x86_64/corporate/3.0/RPMS/kdebase-kdm-config-file-3.2-79.16.C30mdk.x86_64.rpm 0eb3518324296234429c450eba0034c8 x86_64/corporate/3.0/RPMS/kdebase-kmenuedit-3.2-79.16.C30mdk.x86_64.rpm bb6ccf30e34f5814b32887b99a9469a8 x86_64/corporate/3.0/RPMS/kdebase-konsole-3.2-79.16.C30mdk.x86_64.rpm 16d283884747b1fe328146c61caae36c x86_64/corporate/3.0/RPMS/kdebase-nsplugins-3.2-79.16.C30mdk.x86_64.rpm d678ca184d5b2a46bb271d69a4cdbabe x86_64/corporate/3.0/RPMS/kdebase-progs-3.2-79.16.C30mdk.x86_64.rpm c2fc2aee9289b43f2ee501e5592e199d x86_64/corporate/3.0/RPMS/lib64kdebase4-3.2-79.16.C30mdk.x86_64.rpm 1967f8b2a1dc08ce6492cf8a5d066f49 x86_64/corporate/3.0/RPMS/lib64kdebase4-devel-3.2-79.16.C30mdk.x86_64.rpm f0780b73632275d602d1f72ced0a83cc x86_64/corporate/3.0/RPMS/lib64kdebase4-kate-3.2-79.16.C30mdk.x86_64.rpm 0551d850ad5ef4868238a23b4b2d4361 x86_64/corporate/3.0/RPMS/lib64kdebase4-kate-devel-3.2-79.16.C30mdk.x86_64.rpm 3b1cd784425760243654923bce43a838 x86_64/corporate/3.0/RPMS/lib64kdebase4-kmenuedit-3.2-79.16.C30mdk.x86_64.rpm 397953a52f385954f0108cb86b69ba62 x86_64/corporate/3.0/RPMS/lib64kdebase4-konsole-3.2-79.16.C30mdk.x86_64.rpm c72de4cb208b6f08a332295fd78f9438 x86_64/corporate/3.0/RPMS/lib64kdebase4-nsplugins-3.2-79.16.C30mdk.x86_64.rpm 0f545f5f9bde740c50000d5c373bfd11 x86_64/corporate/3.0/RPMS/lib64kdebase4-nsplugins-devel-3.2-79.16.C30mdk.x86_64.rpm a07f41acf5e23f73458caea242b17df7 x86_64/corporate/3.0/SRPMS/kdebase-3.2-79.16.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFEkcIjmqjQ0CJFipgRArzBAJ9Mo70yiJi66DQdJzv8DrtsURPp7QCfd3tJ iehgJbnn4Z83wR9MRrNl3GE= =NX9g -----END PGP SIGNATURE-----