GLSA-200804-30 : KDE start_kdeinit: Multiple vulnerabilities
Medium Nessus Plugin ID 32111
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200804-30 (KDE start_kdeinit: Multiple vulnerabilities)
Vulnerabilities have been reported in the processing of user-controlled data by start_kdeinit, which is setuid root by default.
A local attacker could possibly execute arbitrary code with root privileges, cause a Denial of Service or send Unix signals to other processes, when start_kdeinit is setuid root.
There is no known workaround at this time.
SolutionAll kdelibs users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=kde-base/kdelibs-3.5.8-r4'