Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2014.1356 kde4libs security update 11 August 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: kde4libs Publisher: Debian Operating System: UNIX variants (UNIX, Linux, OSX) Debian GNU/Linux 7 Impact/Access: Increased Privileges -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2014-5033 Original Bulletin: http://www.debian.org/security/2014/dsa-3004 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running kde4libs check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-3004-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff August 11, 2014 http://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : kde4libs CVE ID : CVE-2014-5033 Sebastian Krahmer discovered that Kauth used Policykit insecurely by relying on the process ID. This could result in privilege escalation. For the stable distribution (wheezy), this problem has been fixed in version 4:4.8.4-4+deb7u1. For the testing distribution (jessie), this problem has been fixed in version 4:4.13.3-2. For the unstable distribution (sid), this problem has been fixed in version 4:4.13.3-2. We recommend that you upgrade your kde4libs packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJT5/MsAAoJEBDCk7bDfE42nboQAJZW9L917Mk2+VyVxFRTpeAj g53q+jJUwlRFJznPzgd/UI5G1B3Sqd2I4qmugzqbQKo0JPocLnxMscgQezSmSlVB LnWbNbDx5Aun46Np6LS23sYHzoXhj7cmL4WkXoKsx83L1Mmnu2b+NFs6YQWwhW6U cCG9ut7jwX0yvgCfBLr2hPIrmYT3jJ9btePrYjDCVYGRSBsVHFlqGDBnJn1OVmx2 kg9aMFIFdimj6XkQqvnNrs06LpJR7nz2+VuN46ZKRMu1PwVPmsbUofYXgUNBoNc/ nocsfFHnoe1NF6pv+bIGBTU5ZmNV3h8VzzRpXVcHNwaFU7ZQtqvEJXySK5RZRh2m ccgCSUrCrt92x5ULOCs93dk7ko9NiF48wjFHFZQJaGMPVJ0PF2U+hUWQ6SxqdkXu +lZYHcEH5UbVqH5A/75ykrAxf2c4gRFY8YCHeXSkFhAnrBZysvmNYg3h+vbgF6ya UPSn3oLbIku3QogFsTBz0eZYlbFquQBGEbLUT/46BgnyCdY/imYREGx18dHzKiCo PJUu1rdfrgRh0ilUTZpujYGThmFhYxH9UQfQZIkhD0v0FKWGrPFYOoM7O/6K5Kni ARi4xR02XBJl/i05R76uGmqrel0dqv16YzLce95btXGlntcv6sNrcjdYZAcOVmM0 LsABjA2n+B+zDfn5ueYZ =GMoV - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBU+hIPxLndAQH1ShLAQIa0g/+PMK4whHsMzZ3DnY7JJTPTU27M27F6DMB OfoNSi/zkbd6n/j5JFza+iUjUraJqxyZAz2HlltUUwLiLb6I95fjNbK8h5dRlWN3 kygaab0MDCyzzmxk1Hv85IAd78mrcw26zcz4VUrayyhuBi96ep9EXOCM8OC5pBSB 7fSvEPGuzQfqi1LdepB8IBVC96Y13kZVt+rAEb4/fADExvOOyLE3M7UnqLVtTiLZ BDVrbnKKbfUqjIBwImv2t+Q5gEAdfi4WVvujU83cVcdOzCrjYkZRa1QMNirz4A0X HPxejCLt6suJRA3kznFZrP8AcHXdkll97IxH9B8J5HXHA61yj5vvSHoYWsGTS+7b Jc3pN/I9IsqIhqSF6LD/eiGDUyP1BxmMO0ibV8NC35tY0CjqlYVGpO34F3AuW+6I VK6jax518F/R0pvv8xXUJM2QPHXCHvIEbEa2hyG3sCwPt/ZmunLv8tj4Du9po0D2 JeS4VIzn787F6PFEL+2RWMcNSVsoYZ8ABXGS7GQn6Rt2adxLrFSS93qd/H1S5Tyv XqOzG2Grcg05GJOLcsHLELMKV/X/vJatHLedTpnEvtCQMZGdA7VX5n5qHxtOYaYo FRaJqObrZeF843nvMAfHeDIPesWcY9dDHi+xRk72N78Tsi5UqaSuf2LOoKGr5hnF DP+3uIlAOxo= =gScP -----END PGP SIGNATURE-----