Debian-Sicherheitsankündigung
DSA-296-1 kdebase -- Unsichere Ausführung
- Datum des Berichts:
- 30. Apr 2003
- Betroffene Pakete:
- kdebase
- Verwundbar:
- Ja
- Sicherheitsdatenbanken-Referenzen:
- In der Bugtraq-Datenbank (bei SecurityFocus): BugTraq ID 7318.
In Mitres CVE-Verzeichnis: CVE-2003-0204. - Weitere Informationen:
-
Das KDE-Team entdeckte eine Verwundbarkeit in der Art, wie KDE die Ghostscript-Software für die Bearbeitung von PostScript- (PS) und PDF-Dateien verwendet. Ein Angreifer könnte eine böswillige PostScript- oder PDF-Datei per E-Mail oder auf einer Webseite anbieten, die zur Ausführung von willkürlichen Befehlen mit den Privilegien des Benutzers führen könnte, der die Datei anzeigt oder mit dem Browser eine Verzeichnisübersicht mit Thumbnails erstellt.
Für die stable Distribution (Woody) wurde dieses Problem in Version 2.2.2-14.4 von kdebase und damit zusammenhängenden Paketen behoben.
Die alte stable Distribution (Potato) ist nicht betroffen, da sie kein KDE enthält.
Für die unstable Distribution (Sid) wird dieses Problem bald behoben.
Für die inoffizielle Rückportierung von KDE 3.1.1 für Woody von Ralf Nolden auf download.kde.org wurde dieses Problem in Version 3.1.1-0woody3 von kdebase behoben. Unter Verwendung der normalen Rückportierungs-Zeile für apt-get erhalten Sie die Aktualisierung:
deb http://download.kde.org/stable/latest/Debian stable main
Wir empfehlen Ihnen, Ihre kdebase und damit zusammenhängenden Pakete zu aktualisieren.
- Behoben in:
-
Debian GNU/Linux 3.0 (woody)
- Quellcode:
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4.dsc
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4.diff.gz
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2.orig.tar.gz
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4.diff.gz
- Architektur-unabhängige Dateien:
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-doc_2.2.2-14.4_all.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdewallpapers_2.2.2-14.4_all.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdewallpapers_2.2.2-14.4_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.4_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.4_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.4_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.4_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.4_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.4_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.4_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.4_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.4_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.4_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.4_arm.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_arm.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.4_arm.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.4_arm.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.4_arm.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.4_arm.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.4_arm.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.4_arm.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.4_arm.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.4_arm.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.4_arm.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.4_i386.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_i386.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.4_i386.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.4_i386.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.4_i386.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.4_i386.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.4_i386.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.4_i386.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.4_i386.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.4_i386.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.4_i386.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.4_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.4_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.4_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.4_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.4_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.4_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.4_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.4_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.4_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.4_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.4_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.4_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.4_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.4_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.4_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.4_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.4_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.4_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.4_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.4_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.4_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.4_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.4_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.4_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.4_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.4_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.4_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.4_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.4_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.4_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.4_mips.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_mips.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.4_mips.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.4_mips.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.4_mips.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.4_mips.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.4_mips.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.4_mips.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.4_mips.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.4_mips.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.4_mips.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.4_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.4_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.4_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.4_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.4_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.4_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.4_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.4_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.4_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.4_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.4_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.4_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.4_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.4_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.4_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.4_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.4_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.4_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.4_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.4_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.4_s390.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_s390.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.4_s390.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.4_s390.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.4_s390.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.4_s390.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.4_s390.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.4_s390.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.4_s390.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.4_s390.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.4_s390.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.4_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.4_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.4_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.4_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.4_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.4_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.4_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.4_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.4_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.4_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_sparc.deb
MD5-Prüfsummen der aufgeführten Dateien stehen in der ursprünglichen Sicherheitsankündigung zur Verfügung.