Debianin tietoturvatiedote
DSA-235-1 kdegraphics -- useita haavoittuvuuksia
- Ilmoitettu:
- 22. 1.2003
- Vaikutuksen alaiset paketit:
- kdegraphics
- Altis:
- Kyllä
- Viittaukset tietoturvatietokantoihin:
- Mitren CVE-sanakirjassa: CVE-2002-1393.
- Lisätietoa:
-
KDE-ryhmä havaitsi KDE:ssä (K Desktop Environment) useita haavoittuvuuksia. Joissain tilanteissa KDE ei ilmoita kunnollisesti komentotulkille ajettaviksi syötettyjen käskyjen parametreja. Näihin parametreihin saattaa sisältyä tietoa kuten URL-osoitteita, tiedostonimiä ja sähköpostiosoitteita, ja tätä tietoa voidaan syöttää etänä uhrille sähköpostin, www-sivun tai verkkotiedostojärjestelmän tai muun epäluotettavan lähteen kautta.
Hyökkääjän on mahdollista suorittaa altistuneella järjestelmällä mielivaltaisia komentoja edellä mainitun, tietyllä tavalla muotoillun tiedon kautta, uhrin käyttäjätilillä ja -oikeuksilla. KDE-projektin tiedossa ei ole näitä haavoittuvuuksia hyödyntäneitä hyväksikäyttöjä. Korjausten mukana tulee myös paremmat turvasuojat ja epäluotettavasta lähteestä tuleva tieto käydään tarkemman seulan läpi monilla alueilla.
Nämä ongelmat on korjattu nykyisen vakaan jakelun (woody) versiossa 2.2.2-6.10 .
Aiempi vakaa jakelu (potato) ei sisällä KDE-paketteja.
Epävakaan jakelun (sid) paketit eivät todennäköisesti tule saamaan korjausta näihin ongelmiin, mutta uudet KDE 3.1-paketit sidille ovat odotettavissa tämän vuoden puolella.
Suosittelemme päivittämään KDE-paketit.
- Korjattu:
-
Debian GNU/Linux 3.0 (woody)
- Lähde:
- http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_2.2.2-6.10.dsc
- http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_2.2.2-6.10.diff.gz
- http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_2.2.2.orig.tar.gz
- http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_2.2.2-6.10.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.10_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.10_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.10_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.10_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.10_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.10_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.10_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.10_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.10_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.10_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.10_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.10_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.10_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.10_arm.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.10_arm.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.10_arm.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.10_arm.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.10_arm.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.10_arm.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.10_arm.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.10_arm.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.10_arm.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.10_arm.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.10_arm.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.10_arm.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.10_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.10_i386.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.10_i386.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.10_i386.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.10_i386.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.10_i386.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.10_i386.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.10_i386.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.10_i386.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.10_i386.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.10_i386.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.10_i386.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.10_i386.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.10_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.10_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.10_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.10_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.10_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.10_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.10_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.10_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.10_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.10_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.10_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.10_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.10_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.10_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.10_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.10_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.10_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.10_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.10_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.10_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.10_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.10_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.10_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.10_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.10_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.10_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.10_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.10_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.10_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.10_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.10_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.10_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.10_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.10_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.10_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.10_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.10_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.10_mips.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.10_mips.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.10_mips.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.10_mips.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.10_mips.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.10_mips.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.10_mips.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.10_mips.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.10_mips.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.10_mips.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.10_mips.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.10_mips.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.10_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.10_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.10_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.10_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.10_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.10_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.10_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.10_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.10_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.10_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.10_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.10_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.10_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.10_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.10_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.10_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.10_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.10_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.10_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.10_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.10_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.10_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.10_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.10_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.10_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.10_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.10_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.10_s390.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.10_s390.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.10_s390.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.10_s390.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.10_s390.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.10_s390.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.10_s390.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.10_s390.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.10_s390.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.10_s390.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.10_s390.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.10_s390.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.10_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.10_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.10_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.10_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.10_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.10_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.10_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.10_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.10_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.10_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.10_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.10_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.10_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.10_sparc.deb
Listattujen tiedostojen MD5-tarkistussummat ovat luettavissa alkuperäisestä tiedotteesta.