Saturday, April 26, 2008

Security Fix: kdelibs

One security fix has been released to fix KDE problem that affects KDE 3.5.5 up to KDE 3.5.9. KTorrent is also upgraded to the latest version.
Fri Apr 25 23:09:23 CDT 2008
kde/kdelibs-3.5.9-i486-4.tgz: Patched to fix a security problem.
From the KDE advisory: "If start_kdeinit is installed as setuid root, a local user might be able to send unix signals to other processes, cause a denial of service or even possibly execute arbitrary code."
This issue affects KDE 3.5.5 through KDE 3.5.9.
We recommend upgrading to the new kdelibs package as soon as possible.
For more information, see:
http://www.kde.org/info/security/advisory-20080426-2.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1671
(* Security fix *)

extra/ktorrent/ktorrent-2.2.6-i486-1.tgz: Upgraded to ktorrent-2.2.6.

isolinux/initrd.img: Patched /sbin/probe to look for formatted swap on RAID.

usb-and-pxe-installers/: Patched /sbin/probe in usbboot.img to look for formatted swap on RAID.