Aviso de seguridad de Debian

DSA-284-1 kdegraphics -- ejecución insegura

Fecha del informe:

12 de abr de 2003

Paquetes afectados:

kdegraphics

Vulnerable:

Sí

Referencias a bases de datos de seguridad:

En la base de datos de Bugtraq (en SecurityFocus): Id. en BugTraq 7318.
En el diccionario CVE de Mitre: CVE-2003-0204.

Información adicional:

El equipo de KDE descubrió una vulnerabilidad en la forma en la que KDE usa el software Ghostscript al procesar archivos PostScript (PS) y PDF. Un atacante podía proporcionar un archivo PostScript o PDF malicioso vía correo electrónico o sitio web que podría provocar la ejecución de comandos arbitrarios con los privilegios del usuario que estuviera viendo el archivo o cuando el navegador generara un listado del directorio con miniaturas.

Para la distribución estable (woody), este problema se ha corregido en la versión 2.2.2-6.11 de kdegraphics y paquetes asociados.

La distribución estable anterior (potato) no se ve afectada porque no contiene KDE.

Para la distribución inestable (sid), este problema se corregirá pronto.

Para la migración no oficial de KDE 3.1.1 a woody de Ralf Nolden de download.kde.org, este problema se ha corregido en la versión 3.1.1-0woody2 de kdegraphics. Usando la línea de apt-get para la migración podrá actualizarse:

deb http://download.kde.org/stable/latest/Debian stable main

Le recomendamos que actualice kdegraphics y los programas asociados.

Arreglado en:

Debian GNU/Linux 3.0 (woody)

Fuentes:: http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_2.2.2-6.11.dsc; http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_2.2.2-6.11.diff.gz; http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_2.2.2.orig.tar.gz
Alpha:: http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.11_alpha.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_alpha.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.11_alpha.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.11_alpha.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.11_alpha.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.11_alpha.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.11_alpha.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.11_alpha.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.11_alpha.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.11_alpha.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.11_alpha.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.11_alpha.deb
ARM:: http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.11_arm.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_arm.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.11_arm.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.11_arm.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.11_arm.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.11_arm.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.11_arm.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.11_arm.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.11_arm.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.11_arm.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.11_arm.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.11_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.11_i386.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_i386.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.11_i386.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.11_i386.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.11_i386.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.11_i386.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.11_i386.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.11_i386.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.11_i386.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.11_i386.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.11_i386.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.11_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.11_ia64.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_ia64.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.11_ia64.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.11_ia64.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.11_ia64.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.11_ia64.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.11_ia64.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.11_ia64.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.11_ia64.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.11_ia64.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.11_ia64.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.11_ia64.deb
HPPA:: http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.11_hppa.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_hppa.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.11_hppa.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.11_hppa.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.11_hppa.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.11_hppa.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.11_hppa.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.11_hppa.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.11_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.11_m68k.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_m68k.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.11_m68k.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.11_m68k.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.11_m68k.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.11_m68k.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.11_m68k.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.11_m68k.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.11_m68k.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.11_m68k.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.11_m68k.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.11_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.11_mips.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_mips.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.11_mips.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.11_mips.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.11_mips.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.11_mips.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.11_mips.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.11_mips.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.11_mips.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.11_mips.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.11_mips.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.11_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.11_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.11_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.11_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.11_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.11_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.11_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.11_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.11_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.11_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.11_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.11_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.11_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.11_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.11_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.11_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.11_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.11_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.11_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.11_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.11_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.11_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.11_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.11_s390.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_s390.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.11_s390.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.11_s390.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.11_s390.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.11_s390.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.11_s390.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.11_s390.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.11_s390.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.11_s390.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.11_s390.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.11_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.11_sparc.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_sparc.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.11_sparc.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.11_sparc.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.11_sparc.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.11_sparc.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.11_sparc.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.11_sparc.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.11_sparc.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.11_sparc.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.11_sparc.deb; http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.11_sparc.deb

Las sumas MD5 de los ficheros que se listan están disponibles en el aviso original.