FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 04-21-2010, 07:15 PM
Olaf Mueller
 
Default cve-2010-0436 patch for CentOS 5.4

Hello,

I am using a self compiled kde-3.5.10 from ftp.kde.org as a desktop
system under CentOS 5.4. Does anybody knows where to get a
cve-2010-0436 patch (kdebase, kdm) for kde-3.5.10?
Thanks!


regards
Olaf

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 04-21-2010, 07:27 PM
Gary Greene
 
Default cve-2010-0436 patch for CentOS 5.4

On 4/21/10 12:15 PM, "Olaf Mueller" <daily-planet@istari.de> wrote:
> Hello,
>
> I am using a self compiled kde-3.5.10 from ftp.kde.org as a desktop
> system under CentOS 5.4. Does anybody knows where to get a
> cve-2010-0436 patch (kdebase, kdm) for kde-3.5.10?
> Thanks!
>
>
> regards
> Olaf

All security patches for KDE can be found at
ftp://ftp.kde.org/pub/kde/security_patches/

--
Gary L. Greene, Jr.
IT Operations
Minerva Networks, Inc.
Cell: (650) 704-6633
Phone: (408) 240-1239

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 04-21-2010, 07:29 PM
Ned Slider
 
Default cve-2010-0436 patch for CentOS 5.4

Olaf Mueller wrote:
> Hello,
>
> I am using a self compiled kde-3.5.10 from ftp.kde.org as a desktop
> system under CentOS 5.4. Does anybody knows where to get a
> cve-2010-0436 patch (kdebase, kdm) for kde-3.5.10?
> Thanks!
>

Maybe use the same patch Red Hat have backported into the distro package
as your starting point:

$ rpm -q --changelog kdebase | more
* Sun Mar 28 2010 Than Ngo <than@redhat.com> - 6:3.5.4-21.1
- Resolves: #570622, CVE-2010-0436 kdm privilege escalation flaw

* Thu Mar 12 2009 Than Ngo <than@redhat.com> - 6:3.5.4-20
- Resolves: #469723, Cannot mount floppy disk
- Resolves: #472295, KDE Desktop icons do not refresh correctly

The SRPM is on Red Hat's public ftp server.

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 04-21-2010, 08:14 PM
Olaf Mueller
 
Default cve-2010-0436 patch for CentOS 5.4

Gary Greene wrote:

> On 4/21/10 12:15 PM, "Olaf Mueller" <daily-planet@istari.de> wrote:
>> [...] Does anybody knows where to get a
>> cve-2010-0436 patch (kdebase, kdm) for kde-3.5.10?

> All security patches for KDE can be found at
> ftp://ftp.kde.org/pub/kde/security_patches/
This is not backported for kde-3.5.10.

File to patch: kdm/backend/ctrl.c
patching file kdm/backend/ctrl.c
Hunk #1 FAILED at 129.
1 out of 1 hunk FAILED -- saving rejects to file kdm/backend/ctrl.c.rej


regards
Olaf

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 04-21-2010, 08:18 PM
Olaf Mueller
 
Default cve-2010-0436 patch for CentOS 5.4

Ned Slider wrote:

Hello Ned,

> Olaf Mueller wrote:
>> [...] Does anybody knows where to get a
>> cve-2010-0436 patch (kdebase, kdm) for kde-3.5.10?

> Maybe use the same patch Red Hat have backported into the distro
> package as your starting point:
> $ rpm -q --changelog kdebase | more
> * Sun Mar 28 2010 Than Ngo <than@redhat.com> - 6:3.5.4-21.1
> - Resolves: #570622, CVE-2010-0436 kdm privilege escalation flaw
thank you very much. This works great!

$ patch -p0 -b <cve-2010-0436.patch
patching file kdm/backend/ctrl.c


regards
Olaf

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 04:15 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org