BugTraq
[SECURITY] [DSA 3004-1] kde4libs security update Aug 10 2014 10:34PM
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3004-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
August 11, 2014 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
-

Package : kde4libs
CVE ID : CVE-2014-5033

Sebastian Krahmer discovered that Kauth used Policykit insecurely by
relying on the process ID. This could result in privilege escalation.

For the stable distribution (wheezy), this problem has been fixed in
version 4:4.8.4-4+deb7u1.

For the testing distribution (jessie), this problem has been fixed in
version 4:4.13.3-2.

For the unstable distribution (sid), this problem has been fixed in
version 4:4.13.3-2.

We recommend that you upgrade your kde4libs packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce (at) lists.debian (dot) org [email concealed]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJT5/MsAAoJEBDCk7bDfE42nboQAJZW9L917Mk2+VyVxFRTpeAj
g53q+jJUwlRFJznPzgd/UI5G1B3Sqd2I4qmugzqbQKo0JPocLnxMscgQezSmSlVB
LnWbNbDx5Aun46Np6LS23sYHzoXhj7cmL4WkXoKsx83L1Mmnu2b+NFs6YQWwhW6U
cCG9ut7jwX0yvgCfBLr2hPIrmYT3jJ9btePrYjDCVYGRSBsVHFlqGDBnJn1OVmx2
kg9aMFIFdimj6XkQqvnNrs06LpJR7nz2+VuN46ZKRMu1PwVPmsbUofYXgUNBoNc/
nocsfFHnoe1NF6pv+bIGBTU5ZmNV3h8VzzRpXVcHNwaFU7ZQtqvEJXySK5RZRh2m
ccgCSUrCrt92x5ULOCs93dk7ko9NiF48wjFHFZQJaGMPVJ0PF2U+hUWQ6SxqdkXu
+lZYHcEH5UbVqH5A/75ykrAxf2c4gRFY8YCHeXSkFhAnrBZysvmNYg3h+vbgF6ya
UPSn3oLbIku3QogFsTBz0eZYlbFquQBGEbLUT/46BgnyCdY/imYREGx18dHzKiCo
PJUu1rdfrgRh0ilUTZpujYGThmFhYxH9UQfQZIkhD0v0FKWGrPFYOoM7O/6K5Kni
ARi4xR02XBJl/i05R76uGmqrel0dqv16YzLce95btXGlntcv6sNrcjdYZAcOVmM0
LsABjA2n+B+zDfn5ueYZ
=GMoV
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus