Synopsis: Important: kdebase security update Issue date: 2010-04-14 CVE Names: CVE-2010-0436 A privilege escalation flaw was found in the KDE Display Manager (KDM). A local user with console access could trigger a race condition, possibly resulting in the permissions of an arbitrary file being set to world writable, allowing privilege escalation. (CVE-2010-0436) The system should be rebooted for this update to take effect. After the reboot, administrators should manually remove all leftover user-owned dmctl-* directories in "/var/run/xdmctl/". SL 4.x SRPMS: kdebase-3.3.1-13.el4_8.1.src.rpm i386: kdebase-3.3.1-13.el4_8.1.i386.rpm kdebase-devel-3.3.1-13.el4_8.1.i386.rpm x86_64: kdebase-3.3.1-13.el4_8.1.i386.rpm kdebase-3.3.1-13.el4_8.1.x86_64.rpm kdebase-devel-3.3.1-13.el4_8.1.x86_64.rpm SL 5.x SRPMS: kdebase-3.5.4-21.el5_5.1.src.rpm i386: kdebase-3.5.4-21.el5_5.1.i386.rpm kdebase-devel-3.5.4-21.el5_5.1.i386.rpm x86_64: kdebase-3.5.4-21.el5_5.1.i386.rpm kdebase-3.5.4-21.el5_5.1.x86_64.rpm kdebase-devel-3.5.4-21.el5_5.1.i386.rpm kdebase-devel-3.5.4-21.el5_5.1.x86_64.rpm -Connie Sieh -Troy Dawson