- --------------------------------------------------------------------------
Debian-Edu/Skolelinux Security Advisory DESA 2004-014
http://www.skolelinux.no/security/ Morten Werner Olsen
August 29, 2004 debian-edu-security@lists.alioth.debian.org
- --------------------------------------------------------------------------
Package : kdelibs
Vulnerability : symlink integrity
Problem-Type : local
Need reboot : no
Debian-Edu-specific : no
CVE ID : CAN-2004-0689
DSA ID : DSA-539-1
The SUSE security team was alerted that in some cases the integrity of
symlinks used by KDE are not ensured and that these symlinks can be
pointing to stale locations. This can be abused by a local attacker to
create or truncate arbitrary files or to prevent KDE applications from
functioning correctly.
We recommend that you upgrade your kdelibs packages.
Upgrade Instructions
- --------------------
Make sure the line
deb http://security.debian.org/ stable/updates main contrib non-free
is present in your /etc/apt/sources.list and run 'apt-get update' to
update your package lists. Then run
'apt-get install kdelibs3 kdelibs3-bin kdelibs3-cups'
to upgrade your kdelibs packages.
- --------------------------------------------------------------------------
Mailing list: bruker@skolelinux.no, debian-edu@lists.debian.org,
linuxiskolen@skolelinux.no, user@skolelinux.de
Package info: `apt-cache show <pkg>'
Attachment:
signature.asc
Description: Digital signature