You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa kde4libs

Sigurnosni nedostatak programskog paketa kde4libs

by ncert - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-2304-1
July 31, 2014

kde4libs vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS
– Ubuntu 12.04 LTS

Summary:

kauth could be tricked into bypassing polkit authorizations.

Software Description:
– kde4libs: KDE 4 core applications and libraries

Details:

It was discovered that kauth was using polkit in an unsafe manner. A local
attacker could possibly use this issue to bypass intended polkit
authorizations.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
kdelibs5-plugins 4:4.13.2a-0ubuntu0.3

Ubuntu 12.04 LTS:
kdelibs5-plugins 4:4.8.5-0ubuntu0.4

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2304-1
CVE-2014-5033

Package Information:
https://launchpad.net/ubuntu/+source/kde4libs/4:4.13.2a-0ubuntu0.3
https://launchpad.net/ubuntu/+source/kde4libs/4:4.8.5-0ubuntu0.4

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJT2lpZAAoJEGVp2FWnRL6TVtsP/ipKtG9+aoHlOSklfw3ZyIA7
9Xy8eBzmGQ18amLxoRbO8t7xeooAkU3hrDJDs34qsY8D9YajTfc/sg0GX4kNqW6p
GaKhOZVdZkH2zJ6ZAZRpXaRKvLBXcQZvU/lBtdb4o2JLIR4uHu58XGO+fPtsT47/
VO1BQLy5c0RIgDCQj34SUD2Jh1Gpbi5bH0xNgP+pAbIa3jEytFF4d1IJn51d/kIp
AGZJvrXUzX9FQxrMaCWE/bmYizNWZsTzVCJJbJcpJ0qWX8Gz7adHBv7TS3T8cGZD
DHZOlWWXuCIYMPUI5mOrMNIlm3ws509YmkAnBBSzbQ2QcCm+7C0u2rHfQk6yBsFl
KOnUnFM95fwISL+TeAcT1hc0Bnfk1/gVsNmBf+l9+9N27oqdEsg+cdXFd5UVqmoZ
kqVWpvNBnWoLBODz3iMxTFsZ7aOmqMbaG53dqKNeW2I3AyZv9FBJS1M/2GAteTpk
f10iBb29OvrFLbDZRCscMh4dQ41AMHUxl7D0/51hQq8XmiIjxbtKD5P0zPYeRB8d
KaAhgbW6Mcdv66DO76+Iv4QEkIQQBpQdapnIgLDvfvrYKUx2DYHx9shK1f/pVHkf
+EuWEAUXOT9b0q9YTnznucW32Xxb0qtyLLDmrWdaYfmstT6xUpUz7mTFooK217t3
UEV5iYOQRJ7Jyr8JJfbL
=ODyE
—–END PGP SIGNATURE—–

AutorMarijo Plepelic
Cert idNCERT-REF-2014-08-0005-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
ncert
Top
More in Preporuke
Ranjivost programskog paketa openstack-neutron

Otkrivena je ranjivost kod programskog paketa openstack-neutron za Fedoru koja udaljenom autenticiranom napadaču omogućuje izazivanje DoS stanja (rušenje ili dugotrajno...

Close