From listmaster@locutus.calderasystems.com Fri Jun 25 21:59:24 1999 From: listmaster@locutus.calderasystems.com Resent-From: cult hero To: announce@lists.calderasystems.com Resent-To: jericho@attrition.org Date: 25 Jun 1999 16:48:13 -0000 Reply-To: info@calderasystems.com Subject: Security Advisory 17 -----BEGIN PGP SIGNED MESSAGE----- ______________________________________________________________________________ Caldera Systems, Inc. Security Advisory Subject: security problem in klock Advisory number: CSSA-1999:017.0 Issue date: 1999 June 25 Cross reference: ______________________________________________________________________________ 1. Problem Description KDE comes with klock, a program for locking your KDE session, which requires you to enter a password in order to unlock your session. This program had a bug in the password handling. A very specific sequence of events will provoke a segmentation fault, terminating the process and thus unlocking the session. 2. Vulnerable Versions Systems: OpenLinux 1.3, 2.2 Packages: previous to kdebase-1.1.1-5 3. Solutions Upgrade to the latest kdebase-1.1.1-5 rpm -U kdebase-1.1.1-3.i386.rpm rpm -U kdebase-opengl-1.1.1-3.i386.rpm 4. Location of Fixed Packages The upgrade packages can be found on Caldera's FTP site at: ftp://ftp.calderasystems.com/pub/OpenLinux/updates/2.2/current/RPMS/ The corresponding source code package can be found at: ftp://ftp.calderaystems.com/pub/OpenLinux/updates/2.2/current/SRPMS 5. Installing Fixed Packages Upgrade the affected packages with the following commands: rpm -U kdebase-1.1.1-3.i386.rpm rpm -U kdebase-opengl-1.1.1-3.i386.rpm 6. Verification be04fde1a10693bc4e833419a708ee6a RPMS/kdebase-1.1.1-5.i386.rpm d169da8c3619a7dc068000aa580fc5b2 RPMS/kdebase-opengl-1.1.1-5.i386.rpm 16b3489f165a39fe611ea2af5419b7ba SRPMS/kdebase-1.1.1-5.src.rpm 7. References This and other Caldera security resources are located at: http://www.calderasystems.com/news/security/index.html This security fix closes Caldera's internal Problem Report 4706 8. Disclaimer Caldera Systems, Inc. is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera OpenLinux. ______________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBN3NJ3+n+9R4958LpAQFNtQP+N3dv07flJhUw46EhCv67hJsj6yAAChNG INE9JrCdWWL2qRA7gXE2DgXyV3krmJyB/VBwyoZp0T0UUr5S08O6lOaMcTGkg6Oc vx0JdX0YT1tqevzAh5h+TZe+KSKghfW2rwRyBHZo/pb0dTqgpP7RUIz+GNYVcks8 1TfUAteW8Kc= =yCBB -----END PGP SIGNATURE----- -- Note: To learn how to use this list server, email a "help" command to majordomo@lists.calderasystems.com.