May 1, 2001

Security update to kdelibs

Author: JT Smith

Posted at LWN.net: kdesu created a world-readable temporary file to exchange authentication
information and delete it shortly after. This can be abused by a local
user to gain access to the X server and can result in a compromise of the
account kdesu accesses.

This update also fixes memory leaks in Konqueror (khtml) and KDebug, as
well as some minor bugs.

kdelibs 2.2alpha1 includes those fixes, as well; if you're using the
experimental package from rawhide or ftp.kde.org, you don't need to
downgrade to the errata package for security reasons.

Category:

  • Linux
Click Here!