Gentoo Linux Advisories: net-www/apache, kde-base/kdebaseNov 20, 2003, 21:59 (0 Talkback[s])
GENTOO LINUX SECURITY ANNOUNCEMENT 200310-03
Quote from <http://httpd.apache.org/dev/dist/Announcement>;:
This version of Apache is principally a bug and security fix release. A partial summary of the bug fixes is given at the end of this document. A full listing of changes can be found in the CHANGES file. Of particular note is that 1.3.29 addresses and fixes 1 potential security issue:
We consider Apache 1.3.29 to be the best version of Apache 1.3 available and we strongly recommend that users of older versions, especially of the 1.1.x and 1.2.x family, upgrade as soon as possible. No further releases will be made in the 1.2.x family.
It is recommended that all Gentoo Linux users who are running net-misc/apache 1.x upgrade:
GENTOO LINUX SECURITY ANNOUNCEMENT 200311-01
Firstly, versions of KDM <= 3.1.3 are vulnerable to a privilege escalation bug with a specific configuration of PAM modules. Users who do not use PAM with KDM and users who use PAM with regular Unix crypt/MD5 based authentication methods are not affected.
Secondly, KDM uses a weak cookie generation algorithm. It is advised that users upgrade to KDE 3.1.4, which uses /dev/urandom as a non-predictable source of entropy to improve security.
Please look at http://www.kde.org/info/security/advisory-20030916-1.txt for the KDE Security Advisory and source patch locations for older versions of KDE.
Users are encouraged to perform an 'emerge --sync' and upgrade the package to the latest available version. KDE 3.1.4 is recommended and should be marked stable for most architectures. Specific steps to upgrade:
0 Talkback[s] (click to add your comment)