[KDE Security Advisory]: Kate backup file permission leak
From: Dirk Mueller (mueller_at_kde.org)
To: firstname.lastname@example.org Date: Mon, 18 Jul 2005 17:19:37 +0200
KDE Security Advisory: Kate backup file permission leak
Original Release Date: 2005-07-18
1. Systems affected:
All maintained versions of Kate and Kwrite as shipped with
KDE 3.2.x up to including 3.4.0. KDE 3.1.x and older and
KDE 3.4.1 and newer are not affected.
Kate / Kwrite create a file backup before saving a modified
file. These backup files are created with default permissions,
even if the original file had more strict permissions set.
Depending on the system security settings, backup files
might be readable by other users. Kate / Kwrite are
network transparent applications and therefore this
vulnerability might not be restricted to local users.
Source code patches have been made available which fix these
vulnerabilities. Contact your OS vendor / binary package provider
for information about how to obtain updated binary packages.
A patch for KDE 3.4.0 is available from
A patch for KDE 3.3.x is available from
A patch for KDE 3.2.x is available from
- application/pgp-signature attachment: stored