Language Selection

English French German Italian Portuguese Spanish

KDE KDM Vulnerability Elevation of Privilage

Filed under
KDE
Security

Sebastian Krahmer from the SUSE Security team has found a vulnerability in KDM which will allow a local user to elevate their privileges to root access. You can see more about vulnerability and install the fix below, although I expect all distributions to already have the fix applied, or to have it applied very shortly.

1. Systems affected:
KDM as shipped with KDE SC 2.2.0 up to including KDE SC 4.4.2

2. Overview:
KDM contains a race condition that allows local attackers to
make arbitrary files on the system world-writeable. This can
happen while KDM tries to create its control socket during
user login. This vulnerability has been discovered by
Sebastian Krahmer from the SUSE Security Team.

3. Impact:




More in Tux Machines

10 beautiful Android Wear watch face packs

Unlike a smartwatch, A high-quality traditional watch doesn't need to be recharged on a daily basis. Also, it will likely be perfectly useful decades after its purchase, while a smartwatch isn't likely to endure the tests of time very well. But can you change a classic watch's face? Nope, we don't think so. The ability to personalize an Android Wear smartwatch is cool indeed, and the collection of third-party watch faces available at the Play Store is growing steadily. Some are functional and feature-packed, others aim to deliver the best visual experience. The 10 Android Wear watch face packs we have below belong to the latter category. Check them out! Read more

HandyLinux 2.0 Beta Now Available for Download, Based on Debian 8 Jessie - Screenshot Tour

The availability of the Beta version of the upcoming HandyLinux 2.0 computer operating system has been announced today, March 30, on the distribution’s website, which has been redesigned to match the look and feel of the OS. Read more

DebEX Barebone Is the First Debian 8 Jessie Live CD with Xfce 4.12

Arne Exton had the pleasure of informing Softpedia earlier today, March 29, about the immediate availability for download of a new build (150329) of his DebEX Barebone computer operating system derived from the upcoming Debian GNU/Linux 8 Jessie distribution and built around the recently released Xfce 4.12 desktop environment. Read more

Linus Torvalds Announces Linux Kernel 4.0 RC6, Final Version to Be Released Soon

Linus Torvalds had the pleasure of announcing today, March 29, the immediate availability for download and testing of the sixth Release Candidate (RC) version of forthcoming Linux 4.0 kernel. Apparently, some important bugs have been squashed, which means that the final Linux kernel 4.0 will be released sooner than expected. Read more