Mailinglist Archive: opensuse (2391 mails)

["David C. Rankin" <drankinatty@xxxxxxxxxxxxxxxxxx>]

Satoru Matsumoto wrote:
> David C. Rankin wrote:
>
> >     I updated to the latest KDE last night from openSuSE BuildService 
> > on a x86-64 machine via yast and seem to have picked up a bug doing 
> > it.
>
> I met the same trouble in openSUSE 10.3 i386 environment on my laptop.
>
> The problem was triggered by updating "kdelibs3*" packages to version
> 3.5.7-72.9 or later and I think it is related to the issue CVE-2008-1671:
>
> start_kdeinit in KDE 3.5.5 through 3.5.9, when installed setuid root,
> allows local users to cause a denial of service and possibly execute
> arbitrary code via "user-influenceable input" (probably command-line
> arguments) that cause start_kdeinit to send SIGUSR1 signals to other
> processes.
>
> http://www.suse.de/~meissner/cve/CVE-2008-1671.html
>
> I downgraded "kdelibs3*" packages to version 3.5.7-72.6, which I found
> in the "Updates" repository, and the problem isn't reproduced.
>
> On the other hand, I have other desktops, on which I installed openSUSE
> 10.3 i386 and x86_64, and in those environments, the problem isn't
> reproduced by updating "kdelibs3*" packages to version 3.5.7-72.9
> though. So, the problem was provided not only by updating "kdelibs3*"
> packages, but also by other conditions, which is not specified yet.

	Thanks Satoru. I'm glad to know that I'm not going crazy. I will try and 
downgrade and see if I can cure this weird problem. Have a good evening.

--
David C. Rankin, J.D., P.E.
Rankin Law Firm, PLLC
510 Ochiltree Street
Nacogdoches, Texas 75961
Telephone: (936) 715-9333
Facsimile: (936) 715-9339
www.rankinlawfirm.com
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx