[Security Announce] [ MDKSA-2007:190 ] - Updated kdebase packages fix KDM vulnerability
Posted on: 09/28/2007 01:30 AM

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:190
http://www.mandriva.com/security/
_______________________________________________________________________

Package : kdebase
Date : September 27, 2007
Affected: 2007.0, 2007.1, Corporate 4.0
_______________________________________________________________________

Problem Description:

A vulnerability was discovered in KDM by Kees Huijgen where under
certain circumstances and in particular configurations, KDM could be
tricked into allowing users to login without a password.

Updated packages have been patched to prevent this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4569
http://www.kde.org/info/security/advisory-20070919-1.txt
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
ed95f0866adcc9061a1be7cc2f71732a 2007.0/i586/kdebase-3.5.4-35.5mdv2007.0.i586.rpm
20fbdefc98bb62fae257342950774cd8 2007.0/i586/kdebase-common-3.5.4-35.5mdv2007.0.i586.rpm
9156ef220fd56e3a30870c488402eba3 2007.0/i586/kdebase-kate-3.5.4-35.5mdv2007.0.i586.rpm
ca1197ce8ec9810f802c8c715faf249c 2007.0/i586/kdebase-kdeprintfax-3.5.4-35.5mdv2007.0.i586.rpm
86b4fb370db6503dd493682a0554b053 2007.0/i586/kdebase-kdm-3.5.4-35.5mdv2007.0.i586.rpm
35e68ba7b6e36bc8067f1fa3f454e4ff 2007.0/i586/kdebase-kmenuedit-3.5.4-35.5mdv2007.0.i586.rpm
74fd4ca948278dfcf6fc6877c68ce919 2007.0/i586/kdebase-konsole-3.5.4-35.5mdv2007.0.i586.rpm
17b6947e93cdaa7e6729a22f7a871bda 2007.0/i586/kdebase-nsplugins-3.5.4-35.5mdv2007.0.i586.rpm
47cee3a1165a9dd5dbbd0c0140b44057 2007.0/i586/kdebase-progs-3.5.4-35.5mdv2007.0.i586.rpm
ddc5c70cab92ee7d60dd93fdec81973d 2007.0/i586/libkdebase4-3.5.4-35.5mdv2007.0.i586.rpm
cf92676be0c9794d498d79a6eeebd294 2007.0/i586/libkdebase4-devel-3.5.4-35.5mdv2007.0.i586.rpm
e384a2390808db44e10f8c9b2c98b957 2007.0/i586/libkdebase4-kate-3.5.4-35.5mdv2007.0.i586.rpm
2d3f673d5a57ed2af65715df9562ef6b 2007.0/i586/libkdebase4-kate-devel-3.5.4-35.5mdv2007.0.i586.rpm
6f751d5864a2f8b02d2fcb457baa389c 2007.0/i586/libkdebase4-kmenuedit-3.5.4-35.5mdv2007.0.i586.rpm
826a238be86d001596bb496809bbc97f 2007.0/i586/libkdebase4-konsole-3.5.4-35.5mdv2007.0.i586.rpm
99a81ef71314ea78da17d61dff80573c 2007.0/SRPMS/kdebase-3.5.4-35.5mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
44790cfa5b08b21e8576af4ff3d060d0 2007.0/x86_64/kdebase-3.5.4-35.5mdv2007.0.x86_64.rpm
357266037580782f76eadcb43ba7534f 2007.0/x86_64/kdebase-common-3.5.4-35.5mdv2007.0.x86_64.rpm
bcc05ade84a36836d1b9b572637fccfb 2007.0/x86_64/kdebase-kate-3.5.4-35.5mdv2007.0.x86_64.rpm
1891d558ff46fec886f2d6a3e31bc297 2007.0/x86_64/kdebase-kdeprintfax-3.5.4-35.5mdv2007.0.x86_64.rpm
fd1ca3c7ded0401852da46e09432a758 2007.0/x86_64/kdebase-kdm-3.5.4-35.5mdv2007.0.x86_64.rpm
64c2bd60c19df0ea5a18176d7b59a5a6 2007.0/x86_64/kdebase-kmenuedit-3.5.4-35.5mdv2007.0.x86_64.rpm
b4179a132b796afebfd3ffa7d07aca3f 2007.0/x86_64/kdebase-konsole-3.5.4-35.5mdv2007.0.x86_64.rpm
87928d82fc35349e692207f12947ddfd 2007.0/x86_64/kdebase-nsplugins-3.5.4-35.5mdv2007.0.x86_64.rpm
9ab48e9c1003415981f2b7b53ffb6873 2007.0/x86_64/kdebase-progs-3.5.4-35.5mdv2007.0.x86_64.rpm
da0f202940d03b8bc49accdb2a51b060 2007.0/x86_64/lib64kdebase4-3.5.4-35.5mdv2007.0.x86_64.rpm
d9998a998d77cdac73729787beea7550 2007.0/x86_64/lib64kdebase4-devel-3.5.4-35.5mdv2007.0.x86_64.rpm
227442038377db2587454c6a1a5ec462 2007.0/x86_64/lib64kdebase4-kate-3.5.4-35.5mdv2007.0.x86_64.rpm
11303b19dc729c00cdb47e8b873787ec 2007.0/x86_64/lib64kdebase4-kate-devel-3.5.4-35.5mdv2007.0.x86_64.rpm
178acb8477c40e6d225825d23e7745bc 2007.0/x86_64/lib64kdebase4-kmenuedit-3.5.4-35.5mdv2007.0.x86_64.rpm
090a8fd1c95df07eb5f41335da0746a6 2007.0/x86_64/lib64kdebase4-konsole-3.5.4-35.5mdv2007.0.x86_64.rpm
99a81ef71314ea78da17d61dff80573c 2007.0/SRPMS/kdebase-3.5.4-35.5mdv2007.0.src.rpm

Mandriva Linux 2007.1:
8570bdbd596afad0fcb120ee69bb40f6 2007.1/i586/kdebase-3.5.6-34.3mdv2007.1.i586.rpm
55b13622f79a80442b87ec2cb32e6a8b 2007.1/i586/kdebase-common-3.5.6-34.3mdv2007.1.i586.rpm
7b9710bde1db41c31c738b86e481b1fa 2007.1/i586/kdebase-kate-3.5.6-34.3mdv2007.1.i586.rpm
41d7cb9e34c04c2916dd8b454fff4ae9 2007.1/i586/kdebase-kdeprintfax-3.5.6-34.3mdv2007.1.i586.rpm
68fd96ed003fa22e4919aae076c4c661 2007.1/i586/kdebase-kdm-3.5.6-34.3mdv2007.1.i586.rpm
6662e4110708a8e1d1c69f2100382f77 2007.1/i586/kdebase-kmenuedit-3.5.6-34.3mdv2007.1.i586.rpm
fbca676bc342ed4fe5cf8642d00b7eb8 2007.1/i586/kdebase-konsole-3.5.6-34.3mdv2007.1.i586.rpm
eaddbe9aa50009574704c82876340576 2007.1/i586/kdebase-nsplugins-3.5.6-34.3mdv2007.1.i586.rpm
3a44eecace6c628c099efd19e1194113 2007.1/i586/kdebase-progs-3.5.6-34.3mdv2007.1.i586.rpm
0e605122c5f0d38bacbc376f61fb0341 2007.1/i586/kdebase-session-plugins-3.5.6-34.3mdv2007.1.i586.rpm
50c364322f1cd4713ecf67ccd8a7c192 2007.1/i586/libkdebase4-3.5.6-34.3mdv2007.1.i586.rpm
2edf674d57423e6df9374b519bf18808 2007.1/i586/libkdebase4-devel-3.5.6-34.3mdv2007.1.i586.rpm
7807d001580be0f4cde6e3e954ef8fd3 2007.1/i586/libkdebase4-kate-3.5.6-34.3mdv2007.1.i586.rpm
40176badae237cb2cc6477077d9d7088 2007.1/i586/libkdebase4-kate-devel-3.5.6-34.3mdv2007.1.i586.rpm
e04c5c1468ff18bceb047b61a8a7f96d 2007.1/i586/libkdebase4-kmenuedit-3.5.6-34.3mdv2007.1.i586.rpm
8b1c2e0c2e3d8f0aca3635eeb9ec3d35 2007.1/i586/libkdebase4-konsole-3.5.6-34.3mdv2007.1.i586.rpm
028518676322663bd4ad61935a9e72cb 2007.1/SRPMS/kdebase-3.5.6-34.3mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
34642fa29185029b24f68197cf1468b4 2007.1/x86_64/kdebase-3.5.6-34.3mdv2007.1.x86_64.rpm
06f51c23a6f4619b8985de15d3043272 2007.1/x86_64/kdebase-common-3.5.6-34.3mdv2007.1.x86_64.rpm
6a2ad46a1c59302216ec71a1b3edf5fa 2007.1/x86_64/kdebase-kate-3.5.6-34.3mdv2007.1.x86_64.rpm
aeb87442ccba0738ff0ad975466e51ca 2007.1/x86_64/kdebase-kdeprintfax-3.5.6-34.3mdv2007.1.x86_64.rpm
c59500b0003980b4e96b439852437652 2007.1/x86_64/kdebase-kdm-3.5.6-34.3mdv2007.1.x86_64.rpm
28389bd38aefb859c91013a978bea693 2007.1/x86_64/kdebase-kmenuedit-3.5.6-34.3mdv2007.1.x86_64.rpm
34300209de24263ba6b2c77baf6444b2 2007.1/x86_64/kdebase-konsole-3.5.6-34.3mdv2007.1.x86_64.rpm
6b9489d5e352680282e9b57967144125 2007.1/x86_64/kdebase-nsplugins-3.5.6-34.3mdv2007.1.x86_64.rpm
55e8f8e8cb9df9e1e97e724741dca1e0 2007.1/x86_64/kdebase-progs-3.5.6-34.3mdv2007.1.x86_64.rpm
8592b9188f17d9633c9b184ddd48b75a 2007.1/x86_64/kdebase-session-plugins-3.5.6-34.3mdv2007.1.x86_64.rpm
e4094a182056a8c50f141e098cbba506 2007.1/x86_64/lib64kdebase4-3.5.6-34.3mdv2007.1.x86_64.rpm
808bf44ba3a913961b1de89bacec0a1e 2007.1/x86_64/lib64kdebase4-devel-3.5.6-34.3mdv2007.1.x86_64.rpm
98b8141c3b72e3be73661fce521bdd58 2007.1/x86_64/lib64kdebase4-kate-3.5.6-34.3mdv2007.1.x86_64.rpm
caea50bca498b129641c21e67fd2b44c 2007.1/x86_64/lib64kdebase4-kate-devel-3.5.6-34.3mdv2007.1.x86_64.rpm
8b96380674a977765095b19df4696375 2007.1/x86_64/lib64kdebase4-kmenuedit-3.5.6-34.3mdv2007.1.x86_64.rpm
bdb396aac7942d37fdc2620280eea506 2007.1/x86_64/lib64kdebase4-konsole-3.5.6-34.3mdv2007.1.x86_64.rpm
028518676322663bd4ad61935a9e72cb 2007.1/SRPMS/kdebase-3.5.6-34.3mdv2007.1.src.rpm

Corporate 4.0:
c7fe691344561a9d3fad121a50fecce8 corporate/4.0/i586/kdebase-3.5.4-2.4.20060mlcs4.i586.rpm
3531db617d9b49375b7167d4631f9c38 corporate/4.0/i586/kdebase-common-3.5.4-2.4.20060mlcs4.i586.rpm
bd10d5f02a48b9295ef2f285f4cbe694 corporate/4.0/i586/kdebase-common-doc-3.5.4-2.4.20060mlcs4.i586.rpm
574bbcc82244ffe1cfda704d8f335a2d corporate/4.0/i586/kdebase-kate-3.5.4-2.4.20060mlcs4.i586.rpm
fd8cd8a69b796f68cef2ee506aea1db4 corporate/4.0/i586/kdebase-kcontrol-data-3.5.4-2.4.20060mlcs4.i586.rpm
87c3aeff7708c4ab011ef86b9dc29c57 corporate/4.0/i586/kdebase-kcontrol-doc-3.5.4-2.4.20060mlcs4.i586.rpm
64c6062f5ea464b32dec94942603456b corporate/4.0/i586/kdebase-kdeprintfax-3.5.4-2.4.20060mlcs4.i586.rpm
4a68cbf9abf272020941badd2d584025 corporate/4.0/i586/kdebase-kdm-3.5.4-2.4.20060mlcs4.i586.rpm
d38f8d34341106480e267162c0b0a787 corporate/4.0/i586/kdebase-kmenuedit-3.5.4-2.4.20060mlcs4.i586.rpm
99e845a8ff90975532e68efd5e1609e3 corporate/4.0/i586/kdebase-konsole-3.5.4-2.4.20060mlcs4.i586.rpm
1b5bf8769c9e5c1756585ad798f9128b corporate/4.0/i586/kdebase-nsplugins-3.5.4-2.4.20060mlcs4.i586.rpm
0cb074efaefa7e149f5e16aa65dd4ee4 corporate/4.0/i586/kdebase-progs-3.5.4-2.4.20060mlcs4.i586.rpm
a7fba48adc843bb7e89aa768d074cbbc corporate/4.0/i586/libkateinterfaces0-3.5.4-2.4.20060mlcs4.i586.rpm
ce7c884d12dd5137124a4e3675c79c1f corporate/4.0/i586/libkateutils0-3.5.4-2.4.20060mlcs4.i586.rpm
02f60950cd81be961760f4c05b0ab2d3 corporate/4.0/i586/libkdebase4-3.5.4-2.4.20060mlcs4.i586.rpm
8151a4b8be5b354b35ee3d56ee07f82b corporate/4.0/i586/libkdebase4-devel-3.5.4-2.4.20060mlcs4.i586.rpm
b66295552d0876cde589805b93277a36 corporate/4.0/i586/libkdebase4-devel-doc-3.5.4-2.4.20060mlcs4.i586.rpm
4062acd024322e9b58948710975cb242 corporate/4.0/i586/libkdebase4-kate-3.5.4-2.4.20060mlcs4.i586.rpm
85294d3ee142838c305bddf91fde4471 corporate/4.0/SRPMS/kdebase-3.5.4-2.4.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
b05d046a6a961cfd60e004e225837aee corporate/4.0/x86_64/kdebase-3.5.4-2.4.20060mlcs4.x86_64.rpm
1adea59c76d96204f602d4d42f97a8b4 corporate/4.0/x86_64/kdebase-common-3.5.4-2.4.20060mlcs4.x86_64.rpm
baceb707c3717ed2094ade54810ff7cb corporate/4.0/x86_64/kdebase-common-doc-3.5.4-2.4.20060mlcs4.x86_64.rpm
49180fdcb34022e128acca27f1d4f6e2 corporate/4.0/x86_64/kdebase-kate-3.5.4-2.4.20060mlcs4.x86_64.rpm
38f49a61fc2818cdcedebcb6711b3596 corporate/4.0/x86_64/kdebase-kcontrol-data-3.5.4-2.4.20060mlcs4.x86_64.rpm
2417c26a4d23341f5136b368689fafea corporate/4.0/x86_64/kdebase-kcontrol-doc-3.5.4-2.4.20060mlcs4.x86_64.rpm
95072cb3edd90cef5824a731a48b408b corporate/4.0/x86_64/kdebase-kdeprintfax-3.5.4-2.4.20060mlcs4.x86_64.rpm
066ab63a703c5a9093a896a97cf939a9 corporate/4.0/x86_64/kdebase-kdm-3.5.4-2.4.20060mlcs4.x86_64.rpm
f19040eb8576d8f73650d6306c955415 corporate/4.0/x86_64/kdebase-kmenuedit-3.5.4-2.4.20060mlcs4.x86_64.rpm
50dac506cb177863ee89a91ab918b873 corporate/4.0/x86_64/kdebase-konsole-3.5.4-2.4.20060mlcs4.x86_64.rpm
4a54828acba2624e1df65fd0bab21061 corporate/4.0/x86_64/kdebase-nsplugins-3.5.4-2.4.20060mlcs4.x86_64.rpm
9e90a92b42129e217c4ed5b20d9d374d corporate/4.0/x86_64/kdebase-progs-3.5.4-2.4.20060mlcs4.x86_64.rpm
2df9ab43233fc2f4f789a369f7c0a379 corporate/4.0/x86_64/lib64kateinterfaces0-3.5.4-2.4.20060mlcs4.x86_64.rpm
4a932f9f50a88821d01de44f28b6d6d8 corporate/4.0/x86_64/lib64kateutils0-3.5.4-2.4.20060mlcs4.x86_64.rpm
9ba935c3f519346daab79b8ec87ecd71 corporate/4.0/x86_64/lib64kdebase4-3.5.4-2.4.20060mlcs4.x86_64.rpm
501d00ca9863d9f615c499564d762f37 corporate/4.0/x86_64/lib64kdebase4-devel-3.5.4-2.4.20060mlcs4.x86_64.rpm
3f83b049d6611c3541fcee2864888a9d corporate/4.0/x86_64/lib64kdebase4-devel-doc-3.5.4-2.4.20060mlcs4.x86_64.rpm
0aae3b142252ca6f3a5119619aebbed7 corporate/4.0/x86_64/lib64kdebase4-kate-3.5.4-2.4.20060mlcs4.x86_64.rpm
85294d3ee142838c305bddf91fde4471 corporate/4.0/SRPMS/kdebase-3.5.4-2.4.20060mlcs4.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFG/B8nmqjQ0CJFipgRAlVuAJ43SNJWbMRm2doGh/z+s0AEKGCOtQCg7nCc
P+NtOREVL74abWCAEw5fotk=
=OlcG
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_announce_mdksa_2007190__updated_kdebase_packages_fix_kdm_vulnerability.html)