Omitir navegación rápida

• Acerca de Debian
• Noticias
• Cómo obtener Debian
• Soporte
• Rincón de los desarrolladores
• Mapa del sitio
• Búsqueda

Aviso de seguridad de Debian

DSA-459-1 kdelibs -- travesía por ruta de cookie

Fecha del informe:

10 de mar de 2004

Paquetes afectados:

kdelibs, kdelibs-crypto

Vulnerable:

Sí

Referencias a bases de datos de seguridad:

En la base de datos de Bugtraq (en SecurityFocus): Id. en BugTraq 9841.
En el diccionario CVE de Mitre: CVE-2003-0592.

Información adicional:

Se descubrió una vulnerabilidad en KDE por la que las restricciones de rutas de las cookies podían evitarse, usando componentes codificados de rutas relativas (por ejemplo, «/../»). Esto significa que una cookie que el navegador sólo debería mandar a una aplicación que estuviera corriendo en /app1 también la incluiría (sin avisar) con una petición a /app2 en el mismo servidor.

Para la distribución estable acutal (woody), este problema se ha arreglado en kdelibs versión 4:2.2.2-6woody3 y en kdelibs-crypto versión 4:2.2.2-13.woody.9.

Para la distribución inestable (sid), este problema se ha corregido en kdelibs versión 4:3.1.3-1.

Le recomendamos que actualice los paquetes kdelibs y kdelibs-crypto.

Arreglado en:

Debian GNU/Linux 3.0 (woody)

Fuentes:

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.9.dsc

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.9.diff.gz

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2.orig.tar.gz

http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs-crypto_2.2.2-6woody3.dsc

http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs-crypto_2.2.2-6woody3.diff.gz

http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs-crypto_2.2.2.orig.tar.gz

Componentes independientes de la arquitectura:

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-doc_2.2.2-13.woody.9_all.deb

Alpha:

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.9_alpha.deb

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.9_alpha.deb

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.9_alpha.deb

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.9_alpha.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.9_alpha.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.9_alpha.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.9_alpha.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.9_alpha.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.9_alpha.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.9_alpha.deb

http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody3_alpha.deb

ARM:

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.9_arm.deb

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.9_arm.deb

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.9_arm.deb

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.9_arm.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.9_arm.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.9_arm.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.9_arm.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.9_arm.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.9_arm.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.9_arm.deb

http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody3_arm.deb

Intel IA-32:

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.9_i386.deb

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.9_i386.deb

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.9_i386.deb

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.9_i386.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.9_i386.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.9_i386.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.9_i386.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.9_i386.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.9_i386.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.9_i386.deb

http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody3_i386.deb

Intel IA-64:

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.9_ia64.deb

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.9_ia64.deb

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.9_ia64.deb

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.9_ia64.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.9_ia64.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.9_ia64.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.9_ia64.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.9_ia64.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.9_ia64.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.9_ia64.deb

http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody3_ia64.deb

HPPA:

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.9_hppa.deb

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.9_hppa.deb

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.9_hppa.deb

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.9_hppa.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.9_hppa.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.9_hppa.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.9_hppa.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.9_hppa.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.9_hppa.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.9_hppa.deb

http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody3_hppa.deb

Motorola 680x0:

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.9_m68k.deb

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.9_m68k.deb

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.9_m68k.deb

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.9_m68k.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.9_m68k.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.9_m68k.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.9_m68k.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.9_m68k.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.9_m68k.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.9_m68k.deb

http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody3_m68k.deb

Big endian MIPS:

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.9_mips.deb

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.9_mips.deb

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.9_mips.deb

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.9_mips.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.9_mips.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.9_mips.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.9_mips.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.9_mips.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.9_mips.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.9_mips.deb

http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody3_mips.deb

Little endian MIPS:

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.9_mipsel.deb

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.9_mipsel.deb

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.9_mipsel.deb

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.9_mipsel.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.9_mipsel.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.9_mipsel.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.9_mipsel.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.9_mipsel.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.9_mipsel.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.9_mipsel.deb

http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody3_mipsel.deb

PowerPC:

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.9_powerpc.deb

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.9_powerpc.deb

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.9_powerpc.deb

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.9_powerpc.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.9_powerpc.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.9_powerpc.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.9_powerpc.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.9_powerpc.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.9_powerpc.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.9_powerpc.deb

http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody3_powerpc.deb

IBM S/390:

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.9_s390.deb

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.9_s390.deb

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.9_s390.deb

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.9_s390.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.9_s390.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.9_s390.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.9_s390.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.9_s390.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.9_s390.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.9_s390.deb

http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody3_s390.deb

Sun Sparc:

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.9_sparc.deb

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.9_sparc.deb

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.9_sparc.deb

http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.9_sparc.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.9_sparc.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.9_sparc.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.9_sparc.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.9_sparc.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.9_sparc.deb

http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.9_sparc.deb

http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody3_sparc.deb

Las sumas MD5 de los ficheros que se listan están disponibles en el aviso original.

Esta página también está disponible en los siguientes idiomas:

dansk Deutsch English français 日本語 (Nihongo) polski Português Русский (Russkij) svenska

Cómo modificar el idioma por defecto de los documentos