Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2014.1356
kde4libs security update
11 August 2014
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: kde4libs
Publisher: Debian
Operating System: UNIX variants (UNIX, Linux, OSX)
Debian GNU/Linux 7
Impact/Access: Increased Privileges -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2014-5033
Original Bulletin:
http://www.debian.org/security/2014/dsa-3004
Comment: This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running kde4libs check for an updated version of the software for
their operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3004-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
August 11, 2014 http://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : kde4libs
CVE ID : CVE-2014-5033
Sebastian Krahmer discovered that Kauth used Policykit insecurely by
relying on the process ID. This could result in privilege escalation.
For the stable distribution (wheezy), this problem has been fixed in
version 4:4.8.4-4+deb7u1.
For the testing distribution (jessie), this problem has been fixed in
version 4:4.13.3-2.
For the unstable distribution (sid), this problem has been fixed in
version 4:4.13.3-2.
We recommend that you upgrade your kde4libs packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJT5/MsAAoJEBDCk7bDfE42nboQAJZW9L917Mk2+VyVxFRTpeAj
g53q+jJUwlRFJznPzgd/UI5G1B3Sqd2I4qmugzqbQKo0JPocLnxMscgQezSmSlVB
LnWbNbDx5Aun46Np6LS23sYHzoXhj7cmL4WkXoKsx83L1Mmnu2b+NFs6YQWwhW6U
cCG9ut7jwX0yvgCfBLr2hPIrmYT3jJ9btePrYjDCVYGRSBsVHFlqGDBnJn1OVmx2
kg9aMFIFdimj6XkQqvnNrs06LpJR7nz2+VuN46ZKRMu1PwVPmsbUofYXgUNBoNc/
nocsfFHnoe1NF6pv+bIGBTU5ZmNV3h8VzzRpXVcHNwaFU7ZQtqvEJXySK5RZRh2m
ccgCSUrCrt92x5ULOCs93dk7ko9NiF48wjFHFZQJaGMPVJ0PF2U+hUWQ6SxqdkXu
+lZYHcEH5UbVqH5A/75ykrAxf2c4gRFY8YCHeXSkFhAnrBZysvmNYg3h+vbgF6ya
UPSn3oLbIku3QogFsTBz0eZYlbFquQBGEbLUT/46BgnyCdY/imYREGx18dHzKiCo
PJUu1rdfrgRh0ilUTZpujYGThmFhYxH9UQfQZIkhD0v0FKWGrPFYOoM7O/6K5Kni
ARi4xR02XBJl/i05R76uGmqrel0dqv16YzLce95btXGlntcv6sNrcjdYZAcOVmM0
LsABjA2n+B+zDfn5ueYZ
=GMoV
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBU+hIPxLndAQH1ShLAQIa0g/+PMK4whHsMzZ3DnY7JJTPTU27M27F6DMB
OfoNSi/zkbd6n/j5JFza+iUjUraJqxyZAz2HlltUUwLiLb6I95fjNbK8h5dRlWN3
kygaab0MDCyzzmxk1Hv85IAd78mrcw26zcz4VUrayyhuBi96ep9EXOCM8OC5pBSB
7fSvEPGuzQfqi1LdepB8IBVC96Y13kZVt+rAEb4/fADExvOOyLE3M7UnqLVtTiLZ
BDVrbnKKbfUqjIBwImv2t+Q5gEAdfi4WVvujU83cVcdOzCrjYkZRa1QMNirz4A0X
HPxejCLt6suJRA3kznFZrP8AcHXdkll97IxH9B8J5HXHA61yj5vvSHoYWsGTS+7b
Jc3pN/I9IsqIhqSF6LD/eiGDUyP1BxmMO0ibV8NC35tY0CjqlYVGpO34F3AuW+6I
VK6jax518F/R0pvv8xXUJM2QPHXCHvIEbEa2hyG3sCwPt/ZmunLv8tj4Du9po0D2
JeS4VIzn787F6PFEL+2RWMcNSVsoYZ8ABXGS7GQn6Rt2adxLrFSS93qd/H1S5Tyv
XqOzG2Grcg05GJOLcsHLELMKV/X/vJatHLedTpnEvtCQMZGdA7VX5n5qHxtOYaYo
FRaJqObrZeF843nvMAfHeDIPesWcY9dDHi+xRk72N78Tsi5UqaSuf2LOoKGr5hnF
DP+3uIlAOxo=
=gScP
-----END PGP SIGNATURE-----