cve-2010-0436 patch for CentOS 5.4

List overview All Threads
Download

newer

older

OpenJDK vs Sun JDK

warnquota email domain ?

Olaf Mueller

21 Apr 2010 21 Apr '10

7:15 p.m.

Hello,

I am using a self compiled kde-3.5.10 from ftp.kde.org as a desktop system under CentOS 5.4. Does anybody knows where to get a cve-2010-0436 patch (kdebase, kdm) for kde-3.5.10? Thanks!

regards Olaf

Show replies by date

Gary Greene

21 Apr 21 Apr

7:27 p.m.

On 4/21/10 12:15 PM, "Olaf Mueller" daily-planet@istari.de wrote:

...

Hello,

I am using a self compiled kde-3.5.10 from ftp.kde.org as a desktop system under CentOS 5.4. Does anybody knows where to get a cve-2010-0436 patch (kdebase, kdm) for kde-3.5.10? Thanks!

regards Olaf

All security patches for KDE can be found at ftp://ftp.kde.org/pub/kde/security_patches/

-- Gary L. Greene, Jr. IT Operations Minerva Networks, Inc. Cell: (650) 704-6633 Phone: (408) 240-1239

Olaf Mueller

8:14 p.m.

Gary Greene wrote:

...

On 4/21/10 12:15 PM, "Olaf Mueller" daily-planet@istari.de wrote:

...
[...] Does anybody knows where to get a cve-2010-0436 patch (kdebase, kdm) for kde-3.5.10?

...

All security patches for KDE can be found at ftp://ftp.kde.org/pub/kde/security_patches/

This is not backported for kde-3.5.10.

File to patch: kdm/backend/ctrl.c patching file kdm/backend/ctrl.c Hunk #1 FAILED at 129. 1 out of 1 hunk FAILED -- saving rejects to file kdm/backend/ctrl.c.rej

regards Olaf

Ned Slider

7:29 p.m.

Olaf Mueller wrote:

...

Hello,

I am using a self compiled kde-3.5.10 from ftp.kde.org as a desktop system under CentOS 5.4. Does anybody knows where to get a cve-2010-0436 patch (kdebase, kdm) for kde-3.5.10? Thanks!

Maybe use the same patch Red Hat have backported into the distro package as your starting point:

$ rpm -q --changelog kdebase | more * Sun Mar 28 2010 Than Ngo than@redhat.com - 6:3.5.4-21.1 - Resolves: #570622, CVE-2010-0436 kdm privilege escalation flaw

* Thu Mar 12 2009 Than Ngo than@redhat.com - 6:3.5.4-20 - Resolves: #469723, Cannot mount floppy disk - Resolves: #472295, KDE Desktop icons do not refresh correctly

The SRPM is on Red Hat's public ftp server.

Olaf Mueller

8:18 p.m.

Ned Slider wrote:

Hello Ned,

...

Olaf Mueller wrote:

...
[...] Does anybody knows where to get a cve-2010-0436 patch (kdebase, kdm) for kde-3.5.10?

...

Maybe use the same patch Red Hat have backported into the distro package as your starting point: $ rpm -q --changelog kdebase | more

Sun Mar 28 2010 Than Ngo than@redhat.com - 6:3.5.4-21.1

Resolves: #570622, CVE-2010-0436 kdm privilege escalation flaw

thank you very much. This works great!

$ patch -p0 -b <cve-2010-0436.patch patching file kdm/backend/ctrl.c

regards Olaf

5389

Age (days ago)

5389

Last active (days ago)

discuss@lists.centos.org

4 comments

3 participants

tags (0)

participants (3)

Gary Greene
Ned Slider
Olaf Mueller