Debians sikkerhedsbulletin

DSA-804-1 kdelibs -- usikre rettigheder

Rapporteret den:

8. sep 2005

Berørte pakker:

kdelibs

Sårbar:

Referencer i sikkerhedsdatabaser:

I Mitres CVE-ordbog: CVE-2005-1920.

Yderligere oplysninger:

KDE-udviklerne har rapporteret om en sårbarhed i backupfilhåndteringen i Kate og Kwrite. Backupfilerne oprettedes med standardrettigheder, også selvom de originale filer havde mere restriktive rettigheder. Dette kunne medføre uønsket afsløring af oplysninger.

I den stabile distribution (sarge) er dette problem rettet i version 3.3.2-6.2.

I den ustabile distribution (sid) er disse problemer rettet i version 3.4.1-1.

Vi anbefaler at du opgraderer dine kdelibs-pakker.

Rettet i:

Debian GNU/Linux 3.1 (sarge)

Kildekode:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.3.2-6.2.dsc; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.3.2-6.2.diff.gz; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.3.2.orig.tar.gz
Arkitekturuafhængig komponent:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-data_3.3.2-6.2_all.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-doc_3.3.2-6.2_all.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.3.2-6.2_all.deb
Alpha:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_alpha.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_alpha.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_alpha.deb
AMD64:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_amd64.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_amd64.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_amd64.deb
ARM:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_arm.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_arm.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_i386.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_i386.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_ia64.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_ia64.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_ia64.deb
HPPA:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_hppa.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_hppa.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_m68k.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_m68k.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_mips.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_mips.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_s390.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_s390.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_sparc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_sparc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_sparc.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.

MD5-kontrolsummer for de listede filer findes i den reviderede sikkerhedsbulletin.