Olaf Mueller wrote: > Hello, > > I am using a self compiled kde-3.5.10 from ftp.kde.org as a desktop > system under CentOS 5.4. Does anybody knows where to get a > cve-2010-0436 patch (kdebase, kdm) for kde-3.5.10? > Thanks! > Maybe use the same patch Red Hat have backported into the distro package as your starting point: $ rpm -q --changelog kdebase | more * Sun Mar 28 2010 Than Ngo <than at redhat.com> - 6:3.5.4-21.1 - Resolves: #570622, CVE-2010-0436 kdm privilege escalation flaw * Thu Mar 12 2009 Than Ngo <than at redhat.com> - 6:3.5.4-20 - Resolves: #469723, Cannot mount floppy disk - Resolves: #472295, KDE Desktop icons do not refresh correctly The SRPM is on Red Hat's public ftp server.