Package: libarts1c2a Version: 1.5.3-2 Severity: grave Tags: security patch Justification: user security hole
artswrapper is a helper application to start the aRts daemon with realtime privileges even for normal users. The wrapper assumes that setuid() can not fail for SUID root applications. This assertion is wrong under Linux kernel 2.6.0 or newer. Successful exploitation allows a normal user to launch artsd as root, which could be exploited to gain system privileges. See http://www.kde.org/info/security/advisory-20060614-2.txt (includes patch) Please mention the CVE-id in the changelog. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
