Debian Security Advisory
DLA-76-1 kde4libs -- LTS security update
- Date Reported:
- 24 Oct 2014
- Affected Packages:
- kde4libs
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2014-5033.
- More information:
-
It was discovered that KAuth, part of kdelibs, uses polkit in a way that is prone to a race condition that may allow authorization bypass.
For Debian 6
Squeeze
, these issues have been fixed in kde4libs version 4:4.4.5-2+squeeze4