Debian セキュリティ勧告

DSA-361-2 kdelibs, kdelibs-crypto -- 複数の脆弱性

報告日時:
2003-08-01
影響を受けるパッケージ:
kdelibs, kdelibs-crypto
危険性:
あり
参考セキュリティデータベース:
(SecurityFocus の) Bugtraq データベース: BugTraq ID 7520, BugTraq ID 8297.
Mitre の CVE 辞書: CVE-2003-0459, CVE-2003-0370.
詳細:

kdelibs に脆弱性が 2 件発見されました:

  • CAN-2003-0459: KDE 3.1.2 およびそれ以前の KDE Konqueror は「ユーザ:パスワード@ホスト」形式の URL から認証に利用した情報を HTTP-Referer ヘッダから削除していません。 それによりサイトへのリンク元のページの認証情報の盗用をリモートウェブサイトに許します。
  • CAN-2003-0370: Konqueror Embedded と KDE 2.2.2 およびそれ以前は X.509 証明書の Common Name (CN) フィールドを検証していません。これにより、 リモートの攻撃者に偽造した証明書を経由した中間者攻撃を許します。

These 脆弱性 are 説明d in the →に従って セキュリティadvisories from KDE:

現在の安定版 (stable) ディストリビューション (woody) では、この問題は kdelibs のバージョン 2.2.2-13.woody.8 および kdelibs-cryptoの 2.2.2-6woody2 で修正されています。

不安定版 (unstable) ディストリビューション (sid) では、この問題は kdelibs バージョン 4:3.1.3-1 で修正されています。不安定版 (unstable) ディストリビューションには、独立した kdelibs-crypto パッケージは含まれません。

直ちに kdelibs および kdelibs-crypto パッケージを更新することを勧めます。

修正:

Debian GNU/Linux 3.0 (woody)

ソース:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.8.dsc
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.8.diff.gz
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2.orig.tar.gz
http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs-crypto_2.2.2-6woody2.dsc
http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs-crypto_2.2.2-6woody2.diff.gz
http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs-crypto_2.2.2.orig.tar.gz
アーキテクチャ非依存コンポーネント:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-doc_2.2.2-13.woody.8_all.deb
Alpha:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.8_alpha.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_alpha.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.8_alpha.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.8_alpha.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.8_alpha.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.8_alpha.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.8_alpha.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.8_alpha.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.8_alpha.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.8_alpha.deb
http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_alpha.deb
ARM:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.8_arm.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_arm.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.8_arm.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.8_arm.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.8_arm.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.8_arm.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.8_arm.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.8_arm.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.8_arm.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.8_arm.deb
http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_arm.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.8_i386.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_i386.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.8_i386.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.8_i386.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.8_i386.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.8_i386.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.8_i386.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.8_i386.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.8_i386.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.8_i386.deb
http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.8_ia64.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_ia64.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.8_ia64.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.8_ia64.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.8_ia64.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.8_ia64.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.8_ia64.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.8_ia64.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.8_ia64.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.8_ia64.deb
http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_ia64.deb
HPPA:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.8_hppa.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_hppa.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.8_hppa.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.8_hppa.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.8_hppa.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.8_hppa.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.8_hppa.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.8_hppa.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.8_hppa.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.8_hppa.deb
http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_hppa.deb
Motorola 680x0:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.8_m68k.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_m68k.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.8_m68k.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.8_m68k.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.8_m68k.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.8_m68k.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.8_m68k.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.8_m68k.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.8_m68k.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.8_m68k.deb
http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_m68k.deb
Big endian MIPS:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.8_mips.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_mips.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.8_mips.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.8_mips.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.8_mips.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.8_mips.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.8_mips.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.8_mips.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.8_mips.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.8_mips.deb
http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_mips.deb
Little endian MIPS:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.8_mipsel.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_mipsel.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.8_mipsel.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.8_mipsel.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.8_mipsel.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.8_mipsel.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.8_mipsel.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.8_mipsel.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.8_mipsel.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.8_mipsel.deb
http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.8_powerpc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_powerpc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.8_powerpc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.8_powerpc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.8_powerpc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.8_powerpc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.8_powerpc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.8_powerpc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.8_powerpc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.8_powerpc.deb
http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.8_s390.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_s390.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.8_s390.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.8_s390.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.8_s390.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.8_s390.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.8_s390.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.8_s390.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.8_s390.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.8_s390.deb
http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.8_sparc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_sparc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.8_sparc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.8_sparc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.8_sparc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.8_sparc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.8_sparc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.8_sparc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.8_sparc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.8_sparc.deb
http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_sparc.deb

一覧にあるファイルの MD5 チェックサムは勧告の原文にあります。

一覧にあるファイルの MD5 チェックサムは勧告の原文 (改訂版) にあります。