dcsimg
Linux Today: Linux News On Internet Time.





Caldera Security Advisory 17

Jun 25, 1999, 12:33 (0 Talkback[s])
(Other stories by Caldera)
-----BEGIN PGP SIGNED MESSAGE-----

______________________________________________________________________________
                   Caldera Systems, Inc.  Security Advisory

Subject:                security problem in klock
Advisory number:        CSSA-1999:017.0
Issue date:             1999 June 25
Cross reference: 
______________________________________________________________________________


1. Problem Description

  KDE comes with klock, a program for locking your KDE session, which
  requires you to enter a password in order to unlock your session.
  This program had a bug in the password handling. A very specific
  sequence of events will provoke a segmentation fault, terminating
  the process and thus unlocking the session.

2. Vulnerable Versions

   Systems:     OpenLinux 1.3, 2.2
   Packages:    previous to kdebase-1.1.1-5
      
3. Solutions

   Upgrade to the latest kdebase-1.1.1-5
   
        rpm -U kdebase-1.1.1-3.i386.rpm
        rpm -U kdebase-opengl-1.1.1-3.i386.rpm
   
4. Location of Fixed Packages

   The upgrade packages can be found on Caldera's FTP site at:

   ftp://ftp.calderasystems.com/pub/OpenLinux/updates/2.2/current/RPMS/

   The corresponding source code package can be found at:

   ftp://ftp.calderaystems.com/pub/OpenLinux/updates/2.2/current/SRPMS


5. Installing Fixed Packages

   Upgrade the affected packages with the following commands:

        rpm -U kdebase-1.1.1-3.i386.rpm
        rpm -U kdebase-opengl-1.1.1-3.i386.rpm
   
6. Verification

   be04fde1a10693bc4e833419a708ee6a  RPMS/kdebase-1.1.1-5.i386.rpm
   d169da8c3619a7dc068000aa580fc5b2  RPMS/kdebase-opengl-1.1.1-5.i386.rpm
   16b3489f165a39fe611ea2af5419b7ba  SRPMS/kdebase-1.1.1-5.src.rpm

7. References

   This and other Caldera security resources are located at:

   http://www.calderasystems.com/news/security/index.html
  
   This security fix closes Caldera's internal Problem Report 4706
   
8. Disclaimer

   Caldera Systems, Inc. is not responsible for the misuse of any of the
   information we provide on this website and/or through our security
   advisories. Our advisories are a service to our customers intended to
   promote secure installation and use of Caldera OpenLinux.

______________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBN3NJ3+n+9R4958LpAQFNtQP+N3dv07flJhUw46EhCv67hJsj6yAAChNG
INE9JrCdWWL2qRA7gXE2DgXyV3krmJyB/VBwyoZp0T0UUr5S08O6lOaMcTGkg6Oc
vx0JdX0YT1tqevzAh5h+TZe+KSKghfW2rwRyBHZo/pb0dTqgpP7RUIz+GNYVcks8
1TfUAteW8Kc=
=yCBB
-----END PGP SIGNATURE-----