Debians sikkerhedsbulletin
DSA-239-1 kdesdk -- flere sårbarheder
- Rapporteret den:
- 23. jan 2003
- Berørte pakker:
- kdesdk
- Sårbar:
- Ja
- Referencer i sikkerhedsdatabaser:
- I Mitres CVE-ordbog: CVE-2002-1393.
- Yderligere oplysninger:
-
KDE-teamet har opdaget flere sårbarheder i K Desktop Environment. I nogle tilfælde får KDE ikke indsat citationstegn omkring instuktionsparametre som overføres til kommandoshell'en til udførelse. Disse parametre kan indeholde data såsom URL'er, filnavne og e-mail-adresser, og disse data kan blive leveret udefra til offeret i en e-mail, en webside, filer på et netværksfilsystem eller en anden kilde man ikke kan stole på.
Ved omhyggeligt at fremstille sådanne data, kan en angriber opnå mulighed for at udføre vilkårlige kommandoer på et sårbart system, ved hjælp af offerets konto og rettigheder. KDE-projektet kender ikke til udnyttelser af disse sårbarheder. Rettelserne sørger også for bedre sikkerhedsforanstaltninger, og udfører mange steder grundigere kontroller af data, der er modtaget fra kilder man ikke kan stole på.
I den aktuelle stabile distribution (woody) er disse problemer rettet i version 2.2.2-3.2.
Den gamle stabile distribution (potato) indeholder ikke KDE-pakker.
I den ustabile distribution (sid) er det overvejende sandsynligt at disse problemer ikke vil blive rettet, men der forventes nye KDE 3.1-pakker i sid i år.
Vi anbefaler at du opgraderer dine KDE-pakker.
- Rettet i:
-
Debian GNU/Linux 3.0 (woody)
- Kildekode:
- http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2.dsc
- http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2.diff.gz
- http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2.orig.tar.gz
- http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2.diff.gz
- Arkitekturuafhængig komponent:
- http://security.debian.org/pool/updates/main/k/kdesdk/kapptemplate_2.2.2-3.2_all.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kdepalettes_2.2.2-3.2_all.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk-doc_2.2.2-3.2_all.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk-scripts_2.2.2-3.2_all.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kdepalettes_2.2.2-3.2_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_arm.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_arm.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_arm.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_arm.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_arm.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_arm.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_arm.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_arm.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_i386.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_i386.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_i386.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_i386.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_i386.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_i386.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_i386.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_i386.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_mips.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_mips.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_mips.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_mips.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_mips.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_mips.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_mips.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_mips.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_s390.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_s390.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_s390.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_s390.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_s390.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_s390.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_s390.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_s390.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_sparc.deb
MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.