Debian セキュリティ勧告
DSA-284-1 kdegraphics -- 安全でないプログラムの実行
- 報告日時:
- 2003-04-12
- 影響を受けるパッケージ:
- kdegraphics
- 危険性:
- あり
- 参考セキュリティデータベース:
- (SecurityFocus の) Bugtraq データベース: BugTraq ID 7318.
Mitre の CVE 辞書: CVE-2003-0204. - 詳細:
-
KDE は Postscript (PS) および PDF ファイルの処理のために Ghostscript を使用しますが、この使用方法に問題があることを、 KDE チームが発見しました。 攻撃者は、メールやウェブサイトを通じて悪意ある PostScript または PDF ファイルを送ることによって、そのファイルを見ているユーザの権限で、 またブラウザがサムネイル付きのディレクトリリストを生成している際に、 任意のコマンドを実行することが可能です。
現安定版 (stable)(woody) では、この問題は、kdegraphics のバージョン 2.2.2-6.11 および関連パッケージで修正されています。
旧安定版 (potato) は、KDE を収録していないので、 この問題の影響を受けません。
不安定版 (unstable)(sid) では、この問題は近日中に修正される予定です。
woody 向けの KDE 3.1.1 の非公式バックポート が Ralf Nolden さんにより download.kde.orgで 提供されています。このバックポートでは、この問題は kdegraphics のバージョン 3.1.1-0woody2 で修正されています。 通常のバックポート用の apt-get 向けのものは、下記のとおりに アップデートすることができます:
deb http://download.kde.org/stable/latest/Debian stable main
kdegraphics および関連パッケージをアップグレードすることをお勧めします。
- 修正:
-
Debian GNU/Linux 3.0 (woody)
- ソース:
- http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_2.2.2-6.11.dsc
- http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_2.2.2-6.11.diff.gz
- http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_2.2.2.orig.tar.gz
- http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_2.2.2-6.11.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.11_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.11_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.11_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.11_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.11_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.11_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.11_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.11_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.11_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.11_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.11_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.11_arm.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_arm.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.11_arm.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.11_arm.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.11_arm.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.11_arm.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.11_arm.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.11_arm.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.11_arm.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.11_arm.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.11_arm.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.11_arm.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.11_i386.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_i386.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.11_i386.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.11_i386.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.11_i386.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.11_i386.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.11_i386.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.11_i386.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.11_i386.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.11_i386.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.11_i386.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.11_i386.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.11_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.11_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.11_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.11_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.11_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.11_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.11_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.11_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.11_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.11_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.11_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.11_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.11_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.11_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.11_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.11_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.11_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.11_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.11_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.11_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.11_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.11_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.11_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.11_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.11_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.11_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.11_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.11_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.11_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.11_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.11_mips.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_mips.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.11_mips.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.11_mips.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.11_mips.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.11_mips.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.11_mips.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.11_mips.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.11_mips.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.11_mips.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.11_mips.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.11_mips.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.11_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.11_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.11_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.11_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.11_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.11_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.11_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.11_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.11_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.11_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.11_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.11_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.11_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.11_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.11_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.11_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.11_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.11_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.11_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.11_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.11_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.11_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.11_s390.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_s390.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.11_s390.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.11_s390.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.11_s390.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.11_s390.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.11_s390.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.11_s390.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.11_s390.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.11_s390.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.11_s390.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.11_s390.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/k/kdegraphics/kamera_2.2.2-6.11_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kfract_2.2.2-6.11_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kghostview_2.2.2-6.11_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kiconedit_2.2.2-6.11_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kooka_2.2.2-6.11_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kpaint_2.2.2-6.11_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kruler_2.2.2-6.11_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/ksnapshot_2.2.2-6.11_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kview_2.2.2-6.11_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan-dev_2.2.2-6.11_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/libkscan1_2.2.2-6.11_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdegraphics/kcoloredit_2.2.2-6.11_sparc.deb
一覧にあるファイルの MD5 チェックサムは勧告の原文にあります。