Bulletin d'alerte Debian

DSA-236-1 kdelibs -- Plusieurs failles

Date du rapport :
22 janvier 2003
Paquets concernés :
kdelibs
Vulnérabilité :
Oui
Références dans la base de données de sécurité :
Dans le dictionnaire CVE du Mitre : CVE-2002-1393.
Plus de précisions :

L'équipe KDE a découvert plusieurs failles de sécurité dans K Desktop Environment. Dans certains cas, KDE échoue à passer proprement les paramètres des instructions à l'interpréteur de commandes pour exécution. Ces paramètres peuvent contenir des données comme des URLs, des noms de fichier ou des adresses électroniques et ces données peuvent être fournies à distance à la victime dans un courriel, une page web ou des fichiers sur un système de fichiers via le réseau ou toute autre source de peu de confiance.

En concevant soigneusement de telles données, un attaquant pourrait être capable de lancer n'importe quelle commande sur le système vulnérable en utilisant le compte de la victime et ses privilèges. Le projet KDE ne connaît pas d'exploitation existante de ces failles. Les correctifs fournissent aussi une meilleure sécurisation envers les sources de peu de confiance de manière plus stricte et en plusieurs endroits.

Pour l'actuelle distribution stable (Woody), ces problèmes ont été corrigés dans la version 2.2.2-13.woody.6.

L'ancienne distribution stable (Potato) ne contient pas de paquets KDE.

Pour la distribution instable (Sid), ces problèmes ne seront probablement pas corrigés mais de nouveaux paquets pour KDE 3.1 pour Sid sont attendus pour cette année.

Nous vous recommandons de mettre à jour vos paquets KDE.

Corrigé dans :

Debian GNU/Linux 3.0 (woody)

Source :
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.6.dsc
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.6.diff.gz
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2.orig.tar.gz
Composant indépendant de l'architecture :
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-doc_2.2.2-13.woody.6_all.deb
Alpha:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.6_alpha.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.6_alpha.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.6_alpha.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.6_alpha.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.6_alpha.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.6_alpha.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.6_alpha.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.6_alpha.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.6_alpha.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.6_alpha.deb
ARM:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.6_arm.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.6_arm.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.6_arm.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.6_arm.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.6_arm.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.6_arm.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.6_arm.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.6_arm.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.6_arm.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.6_arm.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.6_i386.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.6_i386.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.6_i386.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.6_i386.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.6_i386.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.6_i386.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.6_i386.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.6_i386.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.6_i386.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.6_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.6_ia64.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.6_ia64.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.6_ia64.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.6_ia64.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.6_ia64.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.6_ia64.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.6_ia64.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.6_ia64.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.6_ia64.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.6_ia64.deb
HPPA:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.6_hppa.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.6_hppa.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.6_hppa.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.6_hppa.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.6_hppa.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.6_hppa.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.6_hppa.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.6_hppa.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.6_hppa.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.6_hppa.deb
Motorola 680x0:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.6_m68k.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.6_m68k.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.6_m68k.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.6_m68k.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.6_m68k.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.6_m68k.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.6_m68k.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.6_m68k.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.6_m68k.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.6_m68k.deb
Big endian MIPS:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.6_mips.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.6_mips.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.6_mips.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.6_mips.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.6_mips.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.6_mips.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.6_mips.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.6_mips.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.6_mips.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.6_mips.deb
Little endian MIPS:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.6_mipsel.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.6_mipsel.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.6_mipsel.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.6_mipsel.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.6_mipsel.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.6_mipsel.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.6_mipsel.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.6_mipsel.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.6_mipsel.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.6_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.6_powerpc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.6_powerpc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.6_powerpc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.6_powerpc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.6_powerpc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.6_powerpc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.6_powerpc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.6_powerpc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.6_powerpc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.6_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.6_s390.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.6_s390.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.6_s390.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.6_s390.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.6_s390.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.6_s390.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.6_s390.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.6_s390.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.6_s390.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.6_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.6_sparc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.6_sparc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.6_sparc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.6_sparc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.6_sparc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.6_sparc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.6_sparc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.6_sparc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.6_sparc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.6_sparc.deb

Les sommes MD5 des fichiers indiqués sont disponibles sur la page originale de l'alerte de sécurité.