Säkerhetsbulletin från Debian

DSA-804-1 kdelibs -- osäkra rättigheter

Rapporterat den:
2005-09-08
Berörda paket:
kdelibs
Sårbara:
Ja
Referenser i säkerhetsdatabaser:
I Mitres CVE-förteckning: CVE-2005-1920.
Ytterligare information:

KDE-utvecklarna rapporterade en sårbarhet i hanteringen av säkerhetskopior i Kate och Kwrite. Säkerhetskopiorna skapades med standardrättigheter, även om den ursprungliga filen hade striktare rättigheter. Detta kunde oavsiktligen lämna ut känslig information.

För den stabila utgåvan (Sarge) har detta problem rättats i version 3.3.2-6.2.

För den instabila utgåvan (Sid) har dessa problem rättats i version 3.4.1-1.

Vi rekommenderar att ni uppgraderar era kdelibs-paket.

Rättat i:

Debian GNU/Linux 3.1 (sarge)

Källkod:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.3.2-6.2.dsc
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.3.2-6.2.diff.gz
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.3.2.orig.tar.gz
Arkitekturoberoende komponent:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-data_3.3.2-6.2_all.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-doc_3.3.2-6.2_all.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.3.2-6.2_all.deb
Alpha:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_alpha.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_alpha.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_amd64.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_amd64.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_arm.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_arm.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_arm.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_i386.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_i386.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_ia64.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_ia64.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_ia64.deb
HPPA:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_hppa.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_hppa.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_hppa.deb
Motorola 680x0:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_m68k.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_m68k.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_m68k.deb
Big endian MIPS:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_mips.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_mips.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_mips.deb
Little endian MIPS:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_mipsel.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_mipsel.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_powerpc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_powerpc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_s390.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_s390.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_sparc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_sparc.deb
http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_sparc.deb

MD5-kontrollsummor för dessa filer finns i originalbulletinen.

MD5-kontrollsummor för dessa filer finns i reviderade bulletinen.