-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 KDE Security Advisory: langen2kvtml tempfile vulnerability Original Release Date: 2008-08-15 URL: http://www.kde.org/info/security/advisory-20050815-1.txt 0. References CAN-2005-2101 1. Systems affected: All KDE releases starting from KDE 3.0 up to including KDE 3.4.2. 2. Overview: Ben Burton notified the KDE security team about several tempfile handling related vulnerabilities in langen2kvtml, a conversion script for kvoctrain. This vulnerability was initially discovered by Javier Fern
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 KDE Security Advisory: langen2kvtml tempfile vulnerability Original Release Date: 2008-08-15 URL: http://www.kde.org/info/security/advisory-20050815-1.txt 0. References CAN-2005-2101 1. Systems affected: All KDE releases starting from KDE 3.0 up to including KDE 3.4.2. 2. Overview: Ben Burton notified the KDE security team about several tempfile handling related vulnerabilities in langen2kvtml, a conversion script for kvoctrain. This vulnerability was initially discovered by Javier Fernández-Sanguino Peña. The script uses known filenames in /tmp which allow an local attacker to overwrite files writeable by the user (manually) invoking the conversion script. 3. Impact: A local file can overwrite files and possibly elevate privileges. 4. Solution: Source code patches have been made available which fix these vulnerabilities. Contact your OS vendor / binary package provider for information about how to obtain updated binary packages. 5. Patch: Patch for KDE 3.4.2 is available from ftp://ftp.kde.org/pub/kde/security_patches : 0e82c5810df3b04370188ba13cc50203 post-3.4.2-kdeedu.diff -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFC/+ZevsXr+iuy1UoRAh0PAJ9Lun/gca6T+oY5LPmJRDa7vOY41wCeNJY5 D2fO/2ZNBXZzwiCDJLBnIBM= =uz8a -----END PGP SIGNATURE-----
Arches please test and mark stable: kdeedu-3.3.2-r2.ebuild kdeedu-3.4.1-r1.ebuild kvoctrain-3.4.1-r1.ebuild
stable on ppc64
kdeedu-3.3.2-r2 marked stable on alpha.
Stable on ppc.
Stable on hppa.
Stable on AMD64.
SPARC'd
This one is ready for GLSA decision. I tend to vote NO assuming that the script is not run automatically.
ia64 stable.
Vote no.
Reverting my vote to full NO and closing.
*** Bug 102151 has been marked as a duplicate of this bug. ***
