[CentOS] cve-2010-0436 patch for CentOS 5.4

Wed Apr 21 19:29:58 UTC 2010
Ned Slider <ned at unixmail.co.uk>

Olaf Mueller wrote:
> Hello,
> 
> I am using a self compiled kde-3.5.10 from ftp.kde.org as a desktop
> system under CentOS 5.4. Does anybody knows where to get a
> cve-2010-0436 patch (kdebase, kdm) for kde-3.5.10?
> Thanks!
> 

Maybe use the same patch Red Hat have backported into the distro package 
as your starting point:

$ rpm -q --changelog kdebase | more
* Sun Mar 28 2010 Than Ngo <than at redhat.com> - 6:3.5.4-21.1
- Resolves: #570622, CVE-2010-0436 kdm privilege escalation flaw

* Thu Mar 12 2009 Than Ngo <than at redhat.com> - 6:3.5.4-20
- Resolves: #469723, Cannot mount floppy disk
- Resolves: #472295, KDE Desktop icons do not refresh correctly

The SRPM is on Red Hat's public ftp server.