Bug 146290
| Summary: | CAN-2005-0011 buffer overflow in fliccd | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Josh Bressers <bressers> |
| Component: | kdeedu | Assignee: | Than Ngo <than> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | medium | ||
| Version: | 3 | CC: | laroche, notting, security-response-team |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | impact=important,embargoed=20050215 | ||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2005-02-17 14:20:37 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Josh Bressers
2005-01-26 18:56:40 UTC
This issue should also affect FC2. The setuid bit should probably be turned off while we're there. yes, it should be romoved in next rebuild it's only effected in FC3! and is now fixed in kdeedu-3.3.1-2.2. Dirk Mueller said: " the previous patch was bogus. I've updated the bugs that were pointed out in it and diffed it against 3.3. Also, I removed non-relevant chunks from the diff. I've noticed that there is no fliccd in KDE 3.2.x and older. This means that the local-root vulnerability is restricted to KDE 3.3.x. will do an updated advisory tomorrow morning. public disclosure delayed until February 15" yes, i have got this change. The new kdeedu-3.3.1-2.3, which i have built 2 days ago in fc3-updates-candidate, has the correct fix ;-) public, removing embargo. Pushed as FEDORA-2005-148 https://www.redhat.com/archives/fedora-announce-list/2005-February/msg00044.html |