![[LWN Logo]](/images/lwn.banner.gif)
Date: Mon, 29 May 2000 00:34:49 +0200
From: Gael Duval
Organization: MandrakeSoft
To: security-announce@linux-mandrake.com
-------------------------------------
Linux-Mandrake Security Update
-------------------------------------
Package: kdesu
Affected versions: 7.0 [6.1 being investigated]
Problem: A vulnerability in kdesud will allow any user to exploit a
buffer overflow. This user then can have a root group access on the
machine, by exploiting a bug in the kdesud program.
Please upgrade to:
5d87a23ee401a53a55a527b5df9b68d5
7.0/RPMS/kcmkdesu-0.98-14mdk.i586.rpm
7b4c54dd8d5aabb7c40ba2d28d447a02
7.0/RPMS/kdesu-0.98-14mdk.i586.rpm
6ccd23eef27e4199aacefa43da1e7602
7.0/SRPMS/kdesu-0.98-14mdk.src.rpm
To upgrade automatically, use « MandrakeUpdate ». If want to upgrade
manually, download the updated package from one of our FTP server
mirrors and uprade with "rpm -Uvh package_name". All mirrors are
listed on http://www.mandrake.com/en/ftp.php3 Updated packages are
available in the "updates/" directory.
For example, if you are looking for an updated RPM package for
Mandrake 7.0, look for it in: updates/7.0/RPMS/
Note: we give the md5 sum for each package. It lets you check the
integrity of the downloaded package by running the md5sum command on
the package ("md5sum package.rpm").