Hallo, On Fri, 16 Sep 2005 15:21:45 +0200 (CEST) [EMAIL PROTECTED] (Martin Schulze) wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > - > --------------------------------------------------------------------- > ----- Debian Security Advisory DSA 815-1 > [EMAIL PROTECTED] http://www.debian.org/security/ > Martin Schulze > September 16th, 2005 > http://www.debian.org/security/faq > - > --------------------------------------------------------------------- > ----- > > Package : kdebase > Vulnerability : programming error > Problem type : local > Debian-specific: no > CVE ID : CAN-2005-2494 > > Ilja van Sprundel discovered a serious lock file handling error in > kcheckpass that can, in some configurations, be used to gain root > access. > > The old stable distribution (woody) is not affected by this problem. > > For the stable distribution (sarge) this problem has been fixed in > version 3.3.2-1sarge1. > > For the unstable distribution (sid) this problem has been fixed in > version 3.4.2-3. > > We recommend that you upgrade your kdebase-bin package. Leider sind auf den Debian-FTP-Servern zwar die entsprechenden Pakete vorhanden, in der Packages-Datei sind aber immer noch die alten, fehlerhaften Pakete aufgelistet. Daher werden durch ein apt-get dist-upgrade die neuen Pakete nicht installiert. Mit freundlichen Grüßen Christoph Pleger
