Säkerhetsbulletin från Debian
DSA-239-1 kdesdk -- flera sårbarheter
- Rapporterat den:
- 2003-01-23
- Berörda paket:
- kdesdk
- Sårbara:
- Ja
- Referenser i säkerhetsdatabaser:
- I Mitres CVE-förteckning: CVE-2002-1393.
- Ytterligare information:
-
KDE-gruppen upptäckte flera sårbarheter i K Desktop Environment. Under vissa omständigheter misslyckas KDE att på ett korrekt sätt citera parametrar för instruktioner som sänds till kommandoskalet för exekvering. Dessa parametrar kan innehålla data såsom URLer, filnamn och e-postadresser, och denna data kan komma utifrån i ett e-brev, en webbsida eller filer från ett nätverksfilsystem eller någon annan opålitlig källa.
Genom att skriva sådan data på ett speciellt sätt kan en angripare exekvera godtyckliga kommandon på ett sårbart system via offrets konto och privilegier. KDE-projektet känner inte till några existerande sätt att utnyttja dessa sårbarheter. Rättelserna ger även en högre säkerhet och kontrollerar data från opålitliga källor striktare på flera ställen.
För den nuvarande stabila utgåvan (Woody) har dessa problem rättats i version 2.2.2-3.2.
Den gamla stabila utgåvan (Potato) innehåller inte KDE-paket.
För den instabila utgåvan (Sid) kommer dessa problem troligen inte rättas, men nya paket för KDE 3.1 för Sid är på gång under detta år.
Vi rekommenderar att ni uppgraderar era KDE-paket.
- Rättat i:
-
Debian GNU/Linux 3.0 (woody)
- Källkod:
- http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2.dsc
- http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2.diff.gz
- http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2.orig.tar.gz
- http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2.diff.gz
- Arkitekturoberoende komponent:
- http://security.debian.org/pool/updates/main/k/kdesdk/kapptemplate_2.2.2-3.2_all.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kdepalettes_2.2.2-3.2_all.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk-doc_2.2.2-3.2_all.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk-scripts_2.2.2-3.2_all.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kdepalettes_2.2.2-3.2_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_arm.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_arm.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_arm.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_arm.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_arm.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_arm.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_arm.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_arm.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_i386.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_i386.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_i386.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_i386.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_i386.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_i386.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_i386.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_i386.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_mips.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_mips.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_mips.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_mips.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_mips.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_mips.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_mips.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_mips.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_s390.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_s390.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_s390.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_s390.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_s390.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_s390.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_s390.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_s390.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_sparc.deb
MD5-kontrollsummor för dessa filer finns i originalbulletinen.