what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2008-097

Mandriva Linux Security Advisory 2008-097
Posted May 7, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A vulnerability was found in start_kdeinit in KDE 3.5.5 through 3.5.9 where, if it was installed setuid root, it could allow local users to cause a denial of service or possibly execute arbitrary code. By default, start_kdeinit is not installed setuid root on Mandriva Linux, however updated packages have been patched to correct this issue.

tags | advisory, denial of service, arbitrary, local, root
systems | linux, mandriva
advisories | CVE-2008-1671
SHA-256 | 90328bccffe3f3110bfdc3dc25d2e176105bd89c61a4d863d2c8ea4513d4ec86

Mandriva Linux Security Advisory 2008-097

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2008:097
http://www.mandriva.com/security/
_______________________________________________________________________

Package : kdelibs
Date : May 6, 2008
Affected: 2008.0, 2008.1
_______________________________________________________________________

Problem Description:

A vulnerability was found in start_kdeinit in KDE 3.5.5 through
3.5.9 where, if it was installed setuid root, it could allow local
users to cause a denial of service or possibly execute arbitrary code
(CVE-2008-1671).

By default, start_kdeinit is not installed setuid root on Mandriva
Linux, however updated packages have been patched to correct this
issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1671
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.0:
6e9ec4d86831c1de8d97b1143e412094 2008.0/i586/kdelibs-common-3.5.7-43.8mdv2008.0.i586.rpm
13c4540bad80e97dea7d4f0ae0b85e48 2008.0/i586/kdelibs-devel-doc-3.5.7-43.8mdv2008.0.i586.rpm
e37ee088e281f3ac22aaa9a2cf967bff 2008.0/i586/libkdecore4-3.5.7-43.8mdv2008.0.i586.rpm
68de2c2c0c4aefaae88598329c4ae842 2008.0/i586/libkdecore4-devel-3.5.7-43.8mdv2008.0.i586.rpm
f88003b0ee66bf4bcb456b7352972507 2008.0/SRPMS/kdelibs-3.5.7-43.8mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
f22003b71a01cde99bbec436462d8b89 2008.0/x86_64/kdelibs-common-3.5.7-43.8mdv2008.0.x86_64.rpm
d22e1bbc15d300768f58c75d810bb799 2008.0/x86_64/kdelibs-devel-doc-3.5.7-43.8mdv2008.0.x86_64.rpm
d52a94a110cd8ccf0611f1c199f0ee91 2008.0/x86_64/lib64kdecore4-3.5.7-43.8mdv2008.0.x86_64.rpm
7fd7f380efa11735eb0b4a174f5c7ade 2008.0/x86_64/lib64kdecore4-devel-3.5.7-43.8mdv2008.0.x86_64.rpm
f88003b0ee66bf4bcb456b7352972507 2008.0/SRPMS/kdelibs-3.5.7-43.8mdv2008.0.src.rpm

Mandriva Linux 2008.1:
3fdded980feeb40749c9fbef31c8274d 2008.1/i586/kdelibs-common-3.5.9-10.1mdv2008.1.i586.rpm
c0bba005dbc4013ff8cbe933ff9e5584 2008.1/i586/kdelibs-devel-doc-3.5.9-10.1mdv2008.1.i586.rpm
8867c7c83437e532b632a3a8f578e39d 2008.1/i586/libkdecore4-3.5.9-10.1mdv2008.1.i586.rpm
eec45645cada33b83c4394cdfca05af8 2008.1/i586/libkdecore4-devel-3.5.9-10.1mdv2008.1.i586.rpm
5d6b90aaf30b609c801e6d41727be2a4 2008.1/SRPMS/kdelibs-3.5.9-10.1mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64:
880a8c5c0efe5688bbbcacda27866b32 2008.1/x86_64/kdelibs-common-3.5.9-10.1mdv2008.1.x86_64.rpm
e217bf386a48838736364332c9919639 2008.1/x86_64/kdelibs-devel-doc-3.5.9-10.1mdv2008.1.x86_64.rpm
cd18170a8fe9c90e577e2a322f6e6146 2008.1/x86_64/lib64kdecore4-3.5.9-10.1mdv2008.1.x86_64.rpm
c28603d515c0d86f5ac782541c5b24a9 2008.1/x86_64/lib64kdecore4-devel-3.5.9-10.1mdv2008.1.x86_64.rpm
5d6b90aaf30b609c801e6d41727be2a4 2008.1/SRPMS/kdelibs-3.5.9-10.1mdv2008.1.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFIIMdZmqjQ0CJFipgRAsGVAKCYNxo0aNExSN2XAHUD+ifw8ha+SACg3wfA
/edYIt1LNstGmZtHW0hMW2g=
=mQaN
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close