Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#8119 - Security bug in kdebase 3.5.7
Attached to Project:
Arch Linux
Opened by Hussam Al-Tayeb (hussam) - Tuesday, 25 September 2007, 15:45 GMT
Last edited by Tobias Powalowski (tpowa) - Saturday, 29 September 2007, 16:30 GMT
Opened by Hussam Al-Tayeb (hussam) - Tuesday, 25 September 2007, 15:45 GMT
Last edited by Tobias Powalowski (tpowa) - Saturday, 29 September 2007, 16:30 GMT
|
DetailsThe following link describes a security bug in kdm 3.5.7 http://secunia.com/cve_reference/CVE-2007-4569/
"backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is configured and "shutdown with password" is enabled, allows remote attackers to bypass the password requirement and login to arbitrary accounts via unspecified vectors. " This should supposedly fix it http://ftp.gwdg.de/pub/x11/kde/security_patches/post-3.5.7-kdebase-kdm.diff |
This task depends upon
Closed by Tobias Powalowski (tpowa)
Saturday, 29 September 2007, 16:30 GMT
Reason for closing: Fixed
Saturday, 29 September 2007, 16:30 GMT
Reason for closing: Fixed