Debian 安全报告

DSA-204-1 kdelibs -- 任意执行程序

报告日期:
2002/12/05
受影响的软件:
kdelibs
可被袭击:
参考的安全性数据库:
在 Mitre's CVE 的目录中: CVE-2002-1281, CVE-2002-1282.
更详尽的信息:

KDE 团队发现了在 KIO 支持多个网络通讯协议时的弱点。若是在 HTML 网页、HTML 电子邮件或其他 KIO 的应用软件中置入一个特殊的 URL,能通过 rlogin 与 telnet 协议来利用受攻击机器上的帐号,任意执行系统上的指令。

这个问题只要关掉 2.2.2-13.woody.5 版本中的 rlogin 与 telnet 即可。旧的稳定版 (potato) 并不受到影响,因为它不含 KDE。在开发中版本 (sid) 中的软件包尚未修正。

我们建议您立刻更换您的 kdelibs3 软件包。

修改于:

Debian GNU/Linux 3.0 (woody)

来源:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.5.dsc
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.5.diff.gz
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2.orig.tar.gz
与硬件无关的元件:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-doc_2.2.2-13.woody.5_all.deb
Alpha:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.5_alpha.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.5_alpha.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.5_alpha.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.5_alpha.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.5_alpha.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.5_alpha.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.5_alpha.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.5_alpha.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.5_alpha.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.5_alpha.deb
ARM:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.5_arm.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.5_arm.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.5_arm.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.5_arm.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.5_arm.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.5_arm.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.5_arm.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.5_arm.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.5_arm.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.5_arm.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.5_i386.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.5_i386.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.5_i386.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.5_i386.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.5_i386.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.5_i386.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.5_i386.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.5_i386.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.5_i386.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.5_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.5_ia64.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.5_ia64.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.5_ia64.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.5_ia64.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.5_ia64.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.5_ia64.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.5_ia64.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.5_ia64.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.5_ia64.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.5_ia64.deb
HPPA:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.5_hppa.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.5_hppa.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.5_hppa.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.5_hppa.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.5_hppa.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.5_hppa.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.5_hppa.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.5_hppa.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.5_hppa.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.5_hppa.deb
Motorola 680x0:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.5_m68k.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.5_m68k.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.5_m68k.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.5_m68k.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.5_m68k.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.5_m68k.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.5_m68k.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.5_m68k.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.5_m68k.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.5_m68k.deb
Big endian MIPS:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.5_mips.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.5_mips.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.5_mips.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.5_mips.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.5_mips.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.5_mips.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.5_mips.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.5_mips.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.5_mips.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.5_mips.deb
Little endian MIPS:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.5_mipsel.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.5_mipsel.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.5_mipsel.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.5_mipsel.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.5_mipsel.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.5_mipsel.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.5_mipsel.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.5_mipsel.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.5_mipsel.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.5_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.5_powerpc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.5_powerpc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.5_powerpc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.5_powerpc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.5_powerpc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.5_powerpc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.5_powerpc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.5_powerpc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.5_powerpc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.5_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.5_s390.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.5_s390.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.5_s390.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.5_s390.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.5_s390.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.5_s390.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.5_s390.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.5_s390.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.5_s390.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.5_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.5_sparc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.5_sparc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.5_sparc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.5_sparc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.5_sparc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.5_sparc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.5_sparc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.5_sparc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.5_sparc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.5_sparc.deb

列出的档案的 MD5 检查可以由 original advisory 取得。