linux, säkerhet

5172650 2000-06-07  17:32  /103 rader/ Postmaster
Mottagare: Red Hat Announce (import) <1509>
Ärende: [RHSA-2000:032-02] kdelibs vulnerability for suid-root KDE applications
------------------------------------------------------------
MBOX-Line: From redhat-announce-list-request@redhat.com  Wed Jun  7 11:05:17 2000
Resent-Date: 7 Jun 2000 15:05:06 -0000
Resent-Cc: recipient list not shown: ;
MBOX-Line: From redhat-watch-list-request@redhat.com  Wed Jun  7 11:04:43 2000
Message-Id: <200006071504.LAA10284@lacrosse.corp.redhat.com>
Content-transfer-encoding: 8bit
To: redhat-watch-list@redhat.com
From: bugzilla@redhat.com
Cc: linux-security@redhat.com
Content-type: text/plain; charset="iso-8859-1"
Mime-version: 1.0
Date: Wed, 7 Jun 2000 11:04 -0400
Resent-Message-ID: <"bgenK3.0.m74.AIcFv"@lists.redhat.com>
Resent-From: redhat-watch-list@redhat.com
Reply-To: redhat-watch-list@redhat.com
X-Mailing-List: <redhat-watch-list@redhat.com> archive/latest/75
X-Loop: redhat-watch-list@redhat.com
X-URL: http://www.redhat.com
X-Loop: redhat-announce-list@redhat.com
Precedence: list
Resent-Sender: redhat-announce-list-request@redhat.com
X-URL: http://www.redhat.com

---------------------------------------------------------------------
                   Red Hat, Inc. Security Advisory

Synopsis:          kdelibs vulnerability for suid-root KDE applications
Advisory ID:       RHSA-2000:032-02
Issue date:        2000-06-07
Updated on:        2000-06-07
Product:           Red Hat Powertools
Keywords:          N/A
Cross references:  N/A
---------------------------------------------------------------------

1. Topic:

In kdelibs 1.1.2 there are security issues for some applications when
they are run suid root.

2. Relevant releases/architectures:

Red Hat Powertools 6.0 - i386
Red Hat Powertools 6.1 - i386
Red Hat Powertools 6.2 - i386

3. Problem description:

In kdelibs 1.1.2, there are security issues with the way some
applications perform when they are run suid root. The only
application vulnerable is kwintv from Powertools. With our PAM
configuration, the suid bit for kwintv is not necessary.

4. Solution:

For each RPM for your particular architecture, run:

rpm -Uvh [filename]

where filename is the name of the RPM.

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):

N/A

6. RPMs required:

Red Hat Powertools 6.2:

intel:
ftp://ftp.redhat.com/redhat/updates/powertools/6.2/i386/kwintv-0.7.5-2.i386.rpm

sources:
ftp://ftp.redhat.com/redhat/updates/powertools/6.2/SRPMS/kwintv-0.7.5-2.src.rpm

7. Verification:

MD5 sum                           Package Name
--------------------------------------------------------------------------
3757f47ebfcec111e6a63167873653ee  6.2/SRPMS/kwintv-0.7.5-2.src.rpm
72e10bb7dfb96a7c655a7f3db79d47a1  6.2/i386/kwintv-0.7.5-2.i386.rpm

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
    http://www.redhat.com/corp/contact.html

You can verify each package with the following command:
    rpm --checksig  <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg <filename>

8. References:

N/A




-- 
         To unsubscribe: mail redhat-watch-list-request@redhat.com with 
                       "unsubscribe" as the Subject.

--  To unsubscribe: mail -s unsubscribe
redhat-announce-list-request@redhat.com < /dev/null
(5172650) ------------------------------------------(Ombruten)