Mandrake: kdesu vulnerability
Posted by LinuxSecurity.com Team   
Mandrake A vulnerability in kdesud will allow any user to exploit a buffer overflow.
-------------------------------------

   Linux-Mandrake Security Update

-------------------------------------

Package: kdesu

Affected versions: 7.0 [6.1 being investigated]

Problem: A vulnerability in kdesud will allow any user to exploit a
buffer overflow. This user then can have a root group access on the
machine, by exploiting a bug in the kdesud program.

Please upgrade to:

5d87a23ee401a53a55a527b5df9b68d5
7.0/RPMS/kcmkdesu-0.98-14mdk.i586.rpm

7b4c54dd8d5aabb7c40ba2d28d447a02
7.0/RPMS/kdesu-0.98-14mdk.i586.rpm

6ccd23eef27e4199aacefa43da1e7602  
7.0/SRPMS/kdesu-0.98-14mdk.src.rpm

To upgrade automatically, use « MandrakeUpdate ». If want to upgrade
manually, download the updated package from one of our FTP server
mirrors and uprade with "rpm -Uvh package_name". All mirrors are
listed on http://www.mandrake.com/en/ftp.php3 Updated packages are
available in the "updates/" directory.

For example, if you are looking for an updated RPM package for
Mandrake 7.0, look for it in: updates/7.0/RPMS/

Note: we give the md5 sum for each package. It lets you check the
integrity of the downloaded package by running the md5sum command on
the package ("md5sum package.rpm").