Bug 166997
Summary: | CAN-2005-2494 kcheckpass privilege escalation | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Josh Bressers <bressers> |
Component: | kdebase | Assignee: | Than Ngo <than> |
Status: | CLOSED ERRATA | QA Contact: | Ben Levenson <benl> |
Severity: | low | Docs Contact: | |
Priority: | medium | ||
Version: | 4 | CC: | security-response-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | impact=low,reported=20050828,public=20050905,source=vendorsec | ||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-09-01 17:23:07 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Josh Bressers
2005-08-29 15:05:19 UTC
This issue also affects FC3 Please see the parent bug for the proposed patch. i have already committed the patch into CVS, it will be included in next kdebase update. Public via bugtraq, removing embargo -- note we don't ship anything with /var/lock world writeable. Note that although kdebase version 6:3.4.2-0.fc4.3 appears in the changelog in the current FC4 kdebase version, which says it applies the upstream patch, kdebase-3.4.2-0.fc3.4 was never issued by RedHat. This issue was fixed in FC4 by the release of kdebase-3.5.0-0.1.fc4 on 2005-12-17 in the announcement FEDORA-2005-1152 <http://tinyurl.com/asdtn>. This issue has not yet been fixed in FC3. It also appears that the fix for this was not checked into CVS for FC3. See Bug #180057 for fixes of this issue for FC3 and FC2 via FedoraLegacy. |