Language Selection

English French German Italian Portuguese Spanish

KDE KDM Vulnerability Elevation of Privilage

Filed under
KDE
Security

Sebastian Krahmer from the SUSE Security team has found a vulnerability in KDM which will allow a local user to elevate their privileges to root access. You can see more about vulnerability and install the fix below, although I expect all distributions to already have the fix applied, or to have it applied very shortly.

1. Systems affected:
KDM as shipped with KDE SC 2.2.0 up to including KDE SC 4.4.2

2. Overview:
KDM contains a race condition that allows local attackers to
make arbitrary files on the system world-writeable. This can
happen while KDM tries to create its control socket during
user login. This vulnerability has been discovered by
Sebastian Krahmer from the SUSE Security Team.

3. Impact:




More in Tux Machines

Phoronix on AMD Linux Graphics News

Today in Techrights

today's leftovers

Leftovers: Software

  • Announcement: GnuCash 2.6.13 Release
  • Beamforming in PulseAudio
    In case you missed it — we got PulseAudio 9.0 out the door, with the echo cancellation improvements that I wrote about. Now is probably a good time for me to make good on my promise to expand upon the subject of beamforming.
  • Oracle Releases VirtualBox 5.0.24 to Add Better Linux 4.6 Support, Fix Bugs
    Today, June 28, 2016, Oracle has announced the general availability of the VirtualBox 5.0.24 virtualization software for all supported platforms, including GNU/Linux, Mac OS X, and Microsoft Windows.
  • Can't make it to GUADEC this year
    I loved attending the GNOME Users And Developers European Conference (GUADEC). I want to go back, but it's hard to get away for such a long trip.
  • Moving to the project phase in Outreachy
    I've coded the research phase in blue, and the usability testing phase in red. As you can see, we moved pretty quickly through the research phase, learning about "What is usability," different ways to test usability, personas, scenarios, and scenario tasks. And Ciarrai, Diana, and Renata have done very well here. We've taken the last week to settle into a project focus, and figure out who wants to do what. And today, we are officially starting the usability testing phase!
  • Watchmaster App Released for Tizen on the Gear S2
    WatchMaster features a collection of 200+ high quality and unique watch face designs that up to now have been available for Android wear devices, but have now finally been released for the Tizen based Gear S2. The company has many capable designers, such as Liongate, Pluto, Excalibur and Monostone that create a wide variety of watchfaces that include: Analog to illustration, moonphase, ambient and animation design. If your looking some aesthetically pleasing watches to enhance your individuality then they are definitely worth a look.
  • A first look at Google's Science Journal app
    Google recently announced the release of its Science Journal app, a tool intended to "inspire future makers and scientists." All you need to get started is an Android phone—it will make use of the sensors on your phone and offers a digital science notebook to record your findings. The app is free and slated to be released open source later this summer. Google has already released microcontroller firmware for Arduino-based sensors on GitHub.