Debian-Sicherheitsankündigung
DSA-284-1 kdegraphics -- Unsichere Ausführung
- Datum des Berichts:
- 12. Apr 2003
- Betroffene Pakete:
- kdegraphics
- Verwundbar:
- Ja
- Sicherheitsdatenbanken-Referenzen:
- In der Bugtraq-Datenbank (bei SecurityFocus): BugTraq ID 7318.
In Mitres CVE-Verzeichnis: CVE-2003-0204. - Weitere Informationen:
-
Das KDE-Team entdeckte eine Verwundbarkeit in der Art, wie KDE die Ghostscript-Software verwendet, um PostScript- (PS) und PDF-Dateien zu verarbeiten. Ein Angreifer könnte eine böswillige PostScript- oder PDF-Datei mittels E-Mail oder über eine Website zur Verfügung stellen, die zum Ausführen von willkürlichen Befehlen mit den Privilegien des Benutzers führt, der die Datei anzeigt, oder dessen Browser eine Verzeichnisübersicht mit Thumbnails generiert.
Für die stable Distribution (Woody) wurde dieses Problem in Version 2.2.2-6.11 von kdegraphics und den damit zusammenhängenden Paketen behoben.
Die alte stable Distribution (Potato) ist nicht davon betroffen, da sie kein KDE enthält.
Für die unstable Distribution (Sid) wird dieses Problem bald behoben.
Für die inoffiziellen Rückportierungen von KDE 3.1.1 für Woody von Ralf Nolden auf download.kde.org wurde dieses Problem in Version 3.1.1-0woody2 von kdegraphics behoben. Unter Verwendung der normalen Rückportierungs-Zeile für apt-get erhalten Sie die Behebung:
deb http://download.kde.org/stable/latest/Debian stable main
Wir empfehlen Ihnen, Ihre kdegraphics und damit verbundenen Pakete zu aktualisieren.
- Behoben in:
-
Debian GNU/Linux 3.0 (woody)
- Quellcode:
- http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_2.2.2-6.11.dsc
- http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_2.2.2-6.11.diff.gz
- http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_2.2.2.orig.tar.gz
- http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_2.2.2-6.11.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.11_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.11_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.11_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.11_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.11_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.11_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.11_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.11_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.11_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.11_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.11_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.11_arm.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_arm.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.11_arm.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.11_arm.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.11_arm.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.11_arm.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.11_arm.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.11_arm.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.11_arm.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.11_arm.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.11_arm.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.11_arm.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.11_i386.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_i386.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.11_i386.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.11_i386.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.11_i386.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.11_i386.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.11_i386.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.11_i386.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.11_i386.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.11_i386.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.11_i386.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.11_i386.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.11_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.11_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.11_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.11_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.11_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.11_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.11_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.11_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.11_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.11_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.11_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.11_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.11_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.11_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.11_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.11_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.11_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.11_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.11_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.11_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.11_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.11_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.11_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.11_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.11_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.11_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.11_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.11_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.11_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.11_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.11_mips.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_mips.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.11_mips.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.11_mips.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.11_mips.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.11_mips.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.11_mips.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.11_mips.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.11_mips.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.11_mips.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.11_mips.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.11_mips.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.11_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.11_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.11_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.11_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.11_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.11_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.11_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.11_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.11_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.11_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.11_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.11_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.11_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.11_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.11_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.11_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.11_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.11_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.11_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.11_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.11_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.11_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.11_s390.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_s390.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.11_s390.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.11_s390.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.11_s390.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.11_s390.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.11_s390.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.11_s390.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.11_s390.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.11_s390.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.11_s390.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.11_s390.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.11_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.11_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.11_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.11_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.11_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.11_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.11_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.11_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.11_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.11_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.11_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_sparc.deb
MD5-Prüfsummen der aufgeführten Dateien stehen in der ursprünglichen Sicherheitsankündigung zur Verfügung.