Hello,
I am using a self compiled kde-3.5.10 from ftp.kde.org as a desktop system under CentOS 5.4. Does anybody knows where to get a cve-2010-0436 patch (kdebase, kdm) for kde-3.5.10? Thanks!
regards Olaf
On 4/21/10 12:15 PM, "Olaf Mueller" daily-planet@istari.de wrote:
Hello,
I am using a self compiled kde-3.5.10 from ftp.kde.org as a desktop system under CentOS 5.4. Does anybody knows where to get a cve-2010-0436 patch (kdebase, kdm) for kde-3.5.10? Thanks!
regards Olaf
All security patches for KDE can be found at ftp://ftp.kde.org/pub/kde/security_patches/
Gary Greene wrote:
On 4/21/10 12:15 PM, "Olaf Mueller" daily-planet@istari.de wrote:
[...] Does anybody knows where to get a cve-2010-0436 patch (kdebase, kdm) for kde-3.5.10?
All security patches for KDE can be found at ftp://ftp.kde.org/pub/kde/security_patches/
This is not backported for kde-3.5.10.
File to patch: kdm/backend/ctrl.c patching file kdm/backend/ctrl.c Hunk #1 FAILED at 129. 1 out of 1 hunk FAILED -- saving rejects to file kdm/backend/ctrl.c.rej
regards Olaf
Olaf Mueller wrote:
Hello,
I am using a self compiled kde-3.5.10 from ftp.kde.org as a desktop system under CentOS 5.4. Does anybody knows where to get a cve-2010-0436 patch (kdebase, kdm) for kde-3.5.10? Thanks!
Maybe use the same patch Red Hat have backported into the distro package as your starting point:
$ rpm -q --changelog kdebase | more * Sun Mar 28 2010 Than Ngo than@redhat.com - 6:3.5.4-21.1 - Resolves: #570622, CVE-2010-0436 kdm privilege escalation flaw
* Thu Mar 12 2009 Than Ngo than@redhat.com - 6:3.5.4-20 - Resolves: #469723, Cannot mount floppy disk - Resolves: #472295, KDE Desktop icons do not refresh correctly
The SRPM is on Red Hat's public ftp server.
Ned Slider wrote:
Hello Ned,
Olaf Mueller wrote:
[...] Does anybody knows where to get a cve-2010-0436 patch (kdebase, kdm) for kde-3.5.10?
Maybe use the same patch Red Hat have backported into the distro package as your starting point: $ rpm -q --changelog kdebase | more
- Sun Mar 28 2010 Than Ngo than@redhat.com - 6:3.5.4-21.1
- Resolves: #570622, CVE-2010-0436 kdm privilege escalation flaw
thank you very much. This works great!
$ patch -p0 -b <cve-2010-0436.patch patching file kdm/backend/ctrl.c
regards Olaf