Date: Mon, 29 May 2000 00:34:49 +0200 From: Gael DuvalOrganization: MandrakeSoft To: security-announce@linux-mandrake.com ------------------------------------- Linux-Mandrake Security Update ------------------------------------- Package: kdesu Affected versions: 7.0 [6.1 being investigated] Problem: A vulnerability in kdesud will allow any user to exploit a buffer overflow. This user then can have a root group access on the machine, by exploiting a bug in the kdesud program. Please upgrade to: 5d87a23ee401a53a55a527b5df9b68d5 7.0/RPMS/kcmkdesu-0.98-14mdk.i586.rpm 7b4c54dd8d5aabb7c40ba2d28d447a02 7.0/RPMS/kdesu-0.98-14mdk.i586.rpm 6ccd23eef27e4199aacefa43da1e7602 7.0/SRPMS/kdesu-0.98-14mdk.src.rpm To upgrade automatically, use « MandrakeUpdate ». If want to upgrade manually, download the updated package from one of our FTP server mirrors and uprade with "rpm -Uvh package_name". All mirrors are listed on http://www.mandrake.com/en/ftp.php3 Updated packages are available in the "updates/" directory. For example, if you are looking for an updated RPM package for Mandrake 7.0, look for it in: updates/7.0/RPMS/ Note: we give the md5 sum for each package. It lets you check the integrity of the downloaded package by running the md5sum command on the package ("md5sum package.rpm").