—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Liebe Kolleginnen und Kollegen,
soeben erreichte uns nachfolgendes Fedora Security Advisory. Wir geben
diese Informationen unveraendert an Sie weiter.
CVE-2010-0436 – Race-condition im KDE Display Manager (KDM)
Im KDE Display Manager (KDM) kann eine race-condition dazu fuehren,
dass eine beliebige Datei world-writeable gesetzt wird. Ein lokaler
Angreifer mit Shell-Zugang kann diese Schwachstelle fuer eine
Privilegieneskalation ausnutzen und Administratorrechte auf einem
betroffenen System erhalten
Bitte beachten Sie, dass fuer diese Schwachstelle bereits ein
Proof-of-Concept Exploit veroeffentlicht wurde.
Betroffen sind die folgenden Software Pakete und Plattformen:
Pakete
kdeaccessibility
kdeadmin
kdeartwork
kdebase
kdebase-runtime
kdebase-workspace
kdebindings
kdeedu
kdegames
kdegraphics
kdelibs
kdemultimedia
kdenetwork
kdepim
kdepimlibs
kdepim-runtime
kdeplasma-addons
kdesdk
kdetoys
kdeutils
konq-plugins
oxygen-icon-theme
PyQt4
sip
Fedora 12
Fedora 11
Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.
Hersteller Advisory:
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039461.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039462.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039463.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039464.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039465.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039466.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039467.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039468.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039469.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039475.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039478.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039480.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039470.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039471.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039472.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039473.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039474.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039476.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039477.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039479.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039481.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039482.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039483.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039484.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039573.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039574.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039575.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039576.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039582.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039577.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039578.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039579.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039580.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039581.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039583.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039584.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039585.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039586.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039587.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039588.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039589.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039590.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039591.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039592.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039593.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039594.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039595.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039596.html
(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.
Mit freundlichen Gruessen,
Michael Groening, DFN-CERT
– —
Michael Groening (Incident Response Team)
DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-590
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski
Automatische Warnmeldungen https://www.cert.dfn.de/autowarn
– ——————————————————————————–
Fedora Update Notification
FEDORA-2010-6077
2010-04-09 00:18:56
– ——————————————————————————–
Name : PyQt4
Product : Fedora 11
Version : 4.7.2
Release : 2.fc11
URL : http://www.riverbankcomputing.com/software/pyqt/
Summary : Python bindings for Qt4
Description :
These are Python bindings for Qt4.
– ——————————————————————————–
Update Information:
This update set updates the KDE Software Compilation (KDE SC) to KDE SC 4.4.2,
which has a number of improvements: * Possible crashes in Plasma, Dolphin and
Okular have been fixed * The Microblog applet now shows the correct time in
the timeline * The audioplayer KRunner plugin has been fixed to not freeze the
KRunner UI anymore and more bugfixes and translation updates. See
http://kde.org/announcements/announce-4.4.2.php for more information. * a
couple of small powerdevil patches (see kde bugs 221637, 221637), * upstream
kdm security fix for CVE-2010-0436 Also included are the bugfix releases SIP
4.10.1: http://www.riverbankcomputing.co.uk/static/Downloads/sip4/ChangeLog and
PyQt4 4.7.2:
http://www.riverbankcomputing.co.uk/static/Downloads/PyQt4/ChangeLog
– ——————————————————————————–
ChangeLog:
* Sun Mar 21 2010 Kevin Kofler
– – rebuild against fixed qt to get QtMultimedia detected properly
* Thu Mar 18 2010 Rex Dieter
– – PyQt-x11-gpl-4.7.2
* Sun Mar 14 2010 Kevin Kofler
– – fix implicit linking when checking for QtHelp and QtAssistant
– – remove Python 3 code from Python 2.6 directory, fixes FTBFS (#564633)
* Sat Mar 13 2010 Kevin Kofler
– – BR qt-assistant-adp-devel
* Tue Feb 23 2010 Than Ngo
– – fix multilib conflict because of timestamp
* Sun Feb 14 2010 Rex Dieter
– – rebuild
* Fri Jan 15 2010 Rex Dieter
– – PyQt-x11-gpl-4.7 (final)
* Thu Jan 7 2010 Rex Dieter
– – PyQt-x11-gpl-4.7-snapshot-20091231
* Fri Nov 27 2009 Rex Dieter
– – phonon bindings missing (#541685)
* Wed Nov 25 2009 Than Ngo
– – fix conditional for RHEL
* Wed Nov 25 2009 Rex Dieter
– – PyQt4-4.6.2 breaks QStringList in QVariant, rebuild with sip-4.9.3 (#541211)
* Wed Nov 25 2009 Than Ngo
– – fix conditional for RHEL
* Fri Nov 20 2009 Rex Dieter
– – PyQt4-4.6.2
* Thu Nov 19 2009 Rex Dieter
– – rebuild (for qt-4.6.0-rc1, f13+)
* Mon Nov 16 2009 Rex Dieter
– – Requires: sip-api(%_sip_api_major) >= %_sip_api
* Fri Oct 23 2009 Rex Dieter
– – PyQt4-4.6.1
* Thu Oct 15 2009 Rex Dieter
– – PyQt4-4.6.1-snapshot-20091014 (#529192)
* Tue Jul 28 2009 Rex Dieter
– – PyQt4-4.5.4
* Fri Jul 24 2009 Fedora Release Engineering
– – Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Thu Jul 16 2009 Rex Dieter
– – PyQt4-4.5.2
* Thu Jul 2 2009 Rex Dieter
– – fix build with qt-4.5.2
– – PyQt4-devel multilib conflict (#509415)
* Tue Jun 16 2009 Rex Dieter
– – PyQt-4.5.1
* Fri Jun 5 2009 Rex Dieter
– – PyQt-4.5
* Thu May 21 2009 Rex Dieter
– – fix generation of sip_ver
* Thu May 21 2009 Rex Dieter
– – PyQt-4.5-snapshot-20090520
* Sun Apr 26 2009 Rex Dieter
– – rebuild for phonon bindings (#497680)
– ——————————————————————————–
References:
[ 1 ] Bug #570613 – CVE-2010-0436 kdm privilege escalation flaw
https://bugzilla.redhat.com/show_bug.cgi?id=570613
– ——————————————————————————–
This update can be installed with the “yum” update program. Use
su -c ‘yum update PyQt4’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
– ——————————————————————————–
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFLzEQfWmhIvjFb90URAnTjAKCM7yoUxcQ73fXS/OMKriHUeEx5SwCgjZ9a
e6Ee64D3xsmCeX6m2r8ZsFM=
=icL2
—–END PGP SIGNATURE—–
