Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 3004-1] kde4libs security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 3004-1] kde4libs security update


Chronologisch Thread 
  • From: Moritz Muehlenhoff <jmm AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 3004-1] kde4libs security update
  • Date: Mon, 11 Aug 2014 00:34:33 +0200
  • List-archive: <https://service.piratenpartei.de/pipermail/it-securitynotifies>
  • List-id: Sicherheitsankündigungen <it-securitynotifies.lists.piratenpartei.de>
  • Old-return-path: <jmm AT inutil.org>
  • Priority: urgent
  • Resent-date: Sun, 10 Aug 2014 22:34:59 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <kyqPgfunCqL.A.GRH.TO_5TB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3004-1 security AT debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
August 11, 2014 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : kde4libs
CVE ID : CVE-2014-5033

Sebastian Krahmer discovered that Kauth used Policykit insecurely by
relying on the process ID. This could result in privilege escalation.

For the stable distribution (wheezy), this problem has been fixed in
version 4:4.8.4-4+deb7u1.

For the testing distribution (jessie), this problem has been fixed in
version 4:4.13.3-2.

For the unstable distribution (sid), this problem has been fixed in
version 4:4.13.3-2.

We recommend that you upgrade your kde4libs packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJT5/MsAAoJEBDCk7bDfE42nboQAJZW9L917Mk2+VyVxFRTpeAj
g53q+jJUwlRFJznPzgd/UI5G1B3Sqd2I4qmugzqbQKo0JPocLnxMscgQezSmSlVB
LnWbNbDx5Aun46Np6LS23sYHzoXhj7cmL4WkXoKsx83L1Mmnu2b+NFs6YQWwhW6U
cCG9ut7jwX0yvgCfBLr2hPIrmYT3jJ9btePrYjDCVYGRSBsVHFlqGDBnJn1OVmx2
kg9aMFIFdimj6XkQqvnNrs06LpJR7nz2+VuN46ZKRMu1PwVPmsbUofYXgUNBoNc/
nocsfFHnoe1NF6pv+bIGBTU5ZmNV3h8VzzRpXVcHNwaFU7ZQtqvEJXySK5RZRh2m
ccgCSUrCrt92x5ULOCs93dk7ko9NiF48wjFHFZQJaGMPVJ0PF2U+hUWQ6SxqdkXu
+lZYHcEH5UbVqH5A/75ykrAxf2c4gRFY8YCHeXSkFhAnrBZysvmNYg3h+vbgF6ya
UPSn3oLbIku3QogFsTBz0eZYlbFquQBGEbLUT/46BgnyCdY/imYREGx18dHzKiCo
PJUu1rdfrgRh0ilUTZpujYGThmFhYxH9UQfQZIkhD0v0FKWGrPFYOoM7O/6K5Kni
ARi4xR02XBJl/i05R76uGmqrel0dqv16YzLce95btXGlntcv6sNrcjdYZAcOVmM0
LsABjA2n+B+zDfn5ueYZ
=GMoV
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST AT lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster AT lists.debian.org
Archive: https://lists.debian.org/20140810223433.GA23858 AT pisco.westfalen.local




  • [IT-SecNots] [SECURITY] [DSA 3004-1] kde4libs security update, Moritz Muehlenhoff, 11.08.2014

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang