===================================================================== CERT-Renater Note d'Information No. 2000/VULN099 _____________________________________________________________________ DATE : 31/05/2000 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Linux-Mandrake 7.0 [6.1 being investigated] ====================================================================== ------------------------------------- Linux-Mandrake Security Update ------------------------------------- Package: kdesu Affected versions: 7.0 [6.1 being investigated] Problem: A vulnerability in kdesud will allow any user to exploit a buffer overflow. This user then can have a root group access on the machine, by exploiting a bug in the kdesud program. Please upgrade to: 5d87a23ee401a53a55a527b5df9b68d5 7.0/RPMS/kcmkdesu-0.98-14mdk.i586.rpm 7b4c54dd8d5aabb7c40ba2d28d447a02 7.0/RPMS/kdesu-0.98-14mdk.i586.rpm 6ccd23eef27e4199aacefa43da1e7602 7.0/SRPMS/kdesu-0.98-14mdk.src.rpm To upgrade automatically, use « MandrakeUpdate ». If want to upgrade manually, download the updated package from one of our FTP server mirrors and uprade with "rpm -Uvh package_name". All mirrors are listed on http://www.mandrake.com/en/ftp.php3 Updated packages are available in the "updates/" directory. For example, if you are looking for an updated RPM package for Mandrake 7.0, look for it in: updates/7.0/RPMS/ Note: we give the md5 sum for each package. It lets you check the integrity of the downloaded package by running the md5sum command on the package ("md5sum package.rpm"). ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================