kdebase security update

CentOS Errata and Security Advisory CESA-2010:0348

The K Desktop Environment (KDE) is a graphical desktop environment for the
X Window System. The kdebase packages include core applications for KDE.

A privilege escalation flaw was found in the KDE Display Manager (KDM). A
local user with console access could trigger a race condition, possibly
resulting in the permissions of an arbitrary file being set to world
writable, allowing privilege escalation. (CVE-2010-0436)

Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for
responsibly reporting this issue.

Users of KDE should upgrade to these updated packages, which contain a
backported patch to correct this issue. The system should be rebooted for
this update to take effect. After the reboot, administrators should
manually remove all leftover user-owned dmctl-* directories in
“/var/run/xdmctl/”.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2010-April/078787.html
https://lists.centos.org/pipermail/centos-announce/2010-April/078788.html
https://lists.centos.org/pipermail/centos-announce/2010-June/078871.html
https://lists.centos.org/pipermail/centos-announce/2010-June/078872.html
https://lists.centos.org/pipermail/centos-announce/2010-June/078875.html
https://lists.centos.org/pipermail/centos-announce/2010-June/078876.html

Affected packages:
kdebase
kdebase-devel

Upstream details at:
https://access.redhat.com/errata/RHSA-2010:0348