From owner-freebsd-security  Sun Mar 12 19: 9:29 2000
Delivered-To: freebsd-security@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 758)
	id A67F937B970; Sun, 12 Mar 2000 19:09:27 -0800 (PST)
Received: from localhost (localhost [127.0.0.1])
	by hub.freebsd.org (Postfix) with ESMTP id A4A3F2E8158
	for <security@freebsd.org>; Sun, 12 Mar 2000 19:09:27 -0800 (PST)
	(envelope-from kris@hub.freebsd.org)
Date: Sun, 12 Mar 2000 19:09:27 -0800 (PST)
From: Kris Kennaway <kris@hub.freebsd.org>
To: security@freebsd.org
Subject: KDE 1.1.1 vulnerability
Message-ID: <Pine.BSF.4.21.0003121905560.97941-100000@hub.freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

It was pointed out to me that the previous version of KDE (v1.1.1)
contains a local root exploit - KDE 1.1.2 has been available in ports
since September 1999, but in case anyone is still running the old version
in a multi-user environment then you should take steps to upgrade
immediately.

In general, it is sensible to upgrade fairly aggressively with large ports
like KDE because with so much code involved, chances are there are lots of
bug fixes - and one or two security fixes - with each upgrade.

Kris

----
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe@alum.mit.edu>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message