Debianin tietoturvatiedote
DSA-239-1 kdesdk -- useita haavoittuvuuksia
- Ilmoitettu:
- 23. 1.2003
- Vaikutuksen alaiset paketit:
- kdesdk
- Altis:
- Kyllä
- Viittaukset tietoturvatietokantoihin:
- Mitren CVE-sanakirjassa: CVE-2002-1393.
- Lisätietoa:
-
KDE-ryhmä havaitsi KDE:ssä (K Desktop Environment) useita haavoittuvuuksia. Joissain tilanteissa KDE ei ilmoita kunnollisesti komentotulkille ajettaviksi syötettyjen käskyjen parametreja. Näihin parametreihin saattaa sisältyä tietoa kuten URL-osoitteita, tiedostonimiä ja sähköpostiosoitteita, ja tätä tietoa voidaan syöttää etänä uhrille sähköpostin, www-sivun tai verkkotiedostojärjestelmän tai muun epäluotettavan lähteen kautta.
Hyökkääjän on mahdollista suorittaa altistuneella järjestelmällä mielivaltaisia komentoja edellä mainitun, tietyllä tavalla muotoillun tiedon kautta, uhrin käyttäjätilillä ja -oikeuksilla. KDE-projektin tiedossa ei ole näitä haavoittuvuuksia hyödyntäneitä hyväksikäyttöjä. Korjausten mukana tulee myös paremmat turvasuojat ja epäluotettavasta lähteestä tuleva tieto käydään tarkemman seulan läpi monilla alueilla.
Nämä ongelmat on korjattu nykyisen vakaan jakelun (woody) versiossa 2.2.2-3.2 .
Aiempi vakaa jakelu (potato) ei sisällä KDE-paketteja.
Epävakaan jakelun (sid) paketit eivät todennäköisesti tule saamaan korjausta näihin ongelmiin, mutta uudet KDE 3.1-paketit sidille ovat odotettavissa tämän vuoden puolella.
Suosittelemme päivittämään KDE-paketit.
- Korjattu:
-
Debian GNU/Linux 3.0 (woody)
- Lähde:
- http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2.dsc
- http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2.diff.gz
- http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2.orig.tar.gz
- http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2.diff.gz
- Arkkitehtuuririippumaton komponentti:
- http://security.debian.org/pool/updates/main/k/kdesdk/kapptemplate_2.2.2-3.2_all.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kdepalettes_2.2.2-3.2_all.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk-doc_2.2.2-3.2_all.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk-scripts_2.2.2-3.2_all.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kdepalettes_2.2.2-3.2_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_arm.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_arm.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_arm.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_arm.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_arm.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_arm.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_arm.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_arm.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_i386.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_i386.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_i386.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_i386.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_i386.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_i386.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_i386.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_i386.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_mips.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_mips.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_mips.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_mips.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_mips.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_mips.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_mips.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_mips.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_s390.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_s390.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_s390.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_s390.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_s390.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_s390.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_s390.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_s390.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_sparc.deb
Listattujen tiedostojen MD5-tarkistussummat ovat luettavissa alkuperäisestä tiedotteesta.