| 
 KDE start_kdeinit: Multiple vulnerabilities1. 
            Gentoo Linux Security Advisory Version Information 
          
            | Advisory Reference | GLSA 200804-30 / kdelibs |  
            | Release Date | April 29, 2008 |  
            | Latest Revision | April 08, 2009: 02 |  
            | Impact | high |  
            | Exploitable | local |  
          
            | Package | Vulnerable versions | Unaffected versions | Architecture(s) |  
            | kde-base/kdelibs | <
            4.0 | revision >=
            3.5.8-r4, 
              revision >=
            3.5.9-r3, 
              >
            4.0, 
              <
            3.5.5, 
              revision >=
            3.5.10-r2 | All supported architectures |  
Related bugreports: 
#218933 Synopsis 
    Multiple vulnerabilities in start_kdeinit could possibly allow a local
    attacker to execute arbitrary code with root privileges.
   2. 
            Impact Information Background 
    KDE is a feature-rich graphical desktop environment for Linux and
    Unix-like operating systems. start_kdeinit is a wrapper for kdeinit.
     Description 
    Vulnerabilities have been reported in the processing of user-controlled
    data by start_kdeinit, which is setuid root by default.
     Impact 
    A local attacker could possibly execute arbitrary code with root
    privileges, cause a Denial of Service or send Unix signals to other
    processes, when start_kdeinit is setuid root.
     3. 
            Resolution Information Workaround 
    There is no known workaround at this time.
     Resolution 
    All kdelibs users should upgrade to the latest version:
     
| Code Listing 3.1: Resolution |  | # emerge --sync
# emerge --ask --oneshot --verbose ">=kde-base/kdelibs-3.5.8-r4"
 |  4. 
            References 
 
 |