- -------------------------------------------------------------------------- Debian-Edu/Skolelinux Security Advisory DESA 2004-014 http://www.skolelinux.no/security/ Morten Werner Olsen August 29, 2004 debian-edu-security@lists.alioth.debian.org - -------------------------------------------------------------------------- Package : kdelibs Vulnerability : symlink integrity Problem-Type : local Need reboot : no Debian-Edu-specific : no CVE ID : CAN-2004-0689 DSA ID : DSA-539-1 The SUSE security team was alerted that in some cases the integrity of symlinks used by KDE are not ensured and that these symlinks can be pointing to stale locations. This can be abused by a local attacker to create or truncate arbitrary files or to prevent KDE applications from functioning correctly. We recommend that you upgrade your kdelibs packages. Upgrade Instructions - -------------------- Make sure the line deb http://security.debian.org/ stable/updates main contrib non-free is present in your /etc/apt/sources.list and run 'apt-get update' to update your package lists. Then run 'apt-get install kdelibs3 kdelibs3-bin kdelibs3-cups' to upgrade your kdelibs packages. - -------------------------------------------------------------------------- Mailing list: bruker@skolelinux.no, debian-edu@lists.debian.org, linuxiskolen@skolelinux.no, user@skolelinux.de Package info: `apt-cache show <pkg>'
Attachment:
signature.asc
Description: Digital signature