Package name
kdelibs
Date
2001-05-25
Advisory ID
MDKSA-2001:046-1
Affected versions
8.0 i586

Problem description

A problem exists with the kdesu component of kdelibs. It created a world-readable temporary file to exchange authentication information and delete it shortly after. This can be abused by a local user to gain access to the X server and could result in a compromise of the account that kdesu would access. Update: The previous update was missing the /usr/bin/kdeinit_shutdown file.

Updated packages

8.0 i586

 7300d6fa62a35dedcfae1e98f3a24176  8.0/RPMS/arts-2.1.2-2mdk.i586.rpm
7fa4b8b30549f6759e19e3ba6a1c7ff1  8.0/RPMS/kdelibs-2.1.2-2mdk.i586.rpm
13f568dbd3cbc54c7c3f0739272bb314  8.0/RPMS/kdelibs-devel-2.1.2-2mdk.i586.rpm
971a58026f668f640ab2458108dd2041  8.0/RPMS/kdelibs-devel-static-libraries-2.1.2-2mdk.i586.rpm
915e01289e6f81ea643b39c6ac7d8f05  8.0/RPMS/libarts2-2.1.2-2mdk.i586.rpm
e00bdeaaebd88c05fc536a66474f6f56  8.0/RPMS/libarts2-devel-2.1.2-2mdk.i586.rpm
4ff48c1e8599303b3ae9b1ea5432d986  8.0/SRPMS/kdelibs-2.1.2-2mdk.src.rpm