Bulletin d'alerte Debian
DSA-242-1 kdebase -- Plusieurs failles
- Date du rapport :
- 24 janvier 2003
- Paquets concernés :
- kdebase
- Vulnérabilité :
- Oui
- Références dans la base de données de sécurité :
- Dans le dictionnaire CVE du Mitre : CVE-2002-1393.
- Plus de précisions :
-
L'équipe KDE a découvert plusieurs failles de sécurité dans K Desktop Environment. Dans certains cas, KDE échoue à passer proprement les paramètres des instructions à l'interpréteur de commandes pour exécution. Ces paramètres peuvent contenir des données comme des URLs, des noms de fichier, des adresses électroniques et cette donnée peut être connu à distance de la victime dans un courriel, une page web ou des fichiers sur un système de fichiers via le réseau ou toute autre source de peu de confiance.
En concevant soigneusement de telle donnée, un attaquant pourrait être capable de lancer n'importe quelle commande sur le système vulnérable en utilisant le compte de la victime et ses privilèges. Le projet KDE ne connaît pas des exploitations existantes à ces failles. Les correctifs fournissent aussi une meilleure sécurisation envers les sources de peu de confiance de manière plus stricte et en plusieurs endroits.
Pour l'actuelle distribution stable (Woody), ces problèmes ont été corrigés dans la version 2.2.2-14.2.
L'ancienne distribution stable (Potato) ne contient pas de paquets KDE.
Pour la distribution instable (Sid), ces problèmes ne seront pas corrigés probablement mais de nouveaux paquets pour KDE 3.1 pour Sid sont attendus pour cette année.
Nous vous recommandons de mettre à jour vos paquets KDE.
- Corrigé dans :
-
Debian GNU/Linux 3.0 (woody)
- Source :
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.2.dsc
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.2.diff.gz
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2.orig.tar.gz
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.2.diff.gz
- Composant indépendant de l'architecture :
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-doc_2.2.2-14.2_all.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdewallpapers_2.2.2-14.2_all.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdewallpapers_2.2.2-14.2_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.2_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.2_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.2_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.2_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.2_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.2_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.2_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.2_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.2_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.2_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.2_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.2_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.2_arm.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.2_arm.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.2_arm.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.2_arm.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.2_arm.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.2_arm.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.2_arm.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.2_arm.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.2_arm.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.2_arm.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.2_arm.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.2_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.2_i386.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.2_i386.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.2_i386.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.2_i386.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.2_i386.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.2_i386.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.2_i386.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.2_i386.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.2_i386.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.2_i386.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.2_i386.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.2_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.2_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.2_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.2_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.2_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.2_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.2_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.2_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.2_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.2_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.2_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.2_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.2_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.2_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.2_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.2_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.2_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.2_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.2_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.2_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.2_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.2_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.2_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.2_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.2_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.2_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.2_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.2_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.2_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.2_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.2_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.2_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.2_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.2_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.2_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.2_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.2_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.2_mips.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.2_mips.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.2_mips.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.2_mips.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.2_mips.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.2_mips.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.2_mips.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.2_mips.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.2_mips.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.2_mips.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.2_mips.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.2_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.2_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.2_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.2_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.2_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.2_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.2_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.2_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.2_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.2_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.2_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.2_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.2_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.2_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.2_s390.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.2_s390.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.2_s390.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.2_s390.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.2_s390.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.2_s390.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.2_s390.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.2_s390.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.2_s390.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.2_s390.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.2_s390.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.2_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.2_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.2_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.2_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.2_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.2_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.2_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.2_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.2_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.2_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.2_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.2_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.2_sparc.deb
Les sommes MD5 des fichiers indiqués sont disponibles sur la page originale de l'alerte de sécurité.