Aviso de seguridad de Debian
DSA-296-1 kdebase -- ejecución insegura
- Fecha del informe:
- 30 de abr de 2003
- Paquetes afectados:
- kdebase
- Vulnerable:
- Sí
- Referencias a bases de datos de seguridad:
- En la base de datos de Bugtraq (en SecurityFocus): Id. en BugTraq 7318.
En el diccionario CVE de Mitre: CVE-2003-0204. - Información adicional:
-
El equipo de KDE descubrió una vulnerabilidad en la forma en la que KDE usa el programa Ghostscript para procesar archivos PostScript (PS) y PDF. Un atacante podía proporcionar un archivo PostScript o PDF malicioso a través del sistema de correo o de sitios web que podría provocar la ejecución de comandos arbitrarios con los privilegios del usuario que estuviera visualizando el archivo o cuando el navegador generara un listado del directorio con miniaturas.
Para la distribución estable (woody), este problema se ha corregido en la versión 2.2.2-14.4 de kdebase y paquetes asociados.
La distribución estable anterior (potato) no se ve afectada porque no contiene KDE.
Para la distribución inestable (sid), este problema se corregirá en breve.
Para la migración no oficial de KDE 3.1.1 a woody de Ralf Nolden de download.kde.org, este problema se ha corregido en la versión 3.1.1-0woody3 de kdebase. Obtendrá la actualización usando la línea normal de apt-get para la migración:
deb http://download.kde.org/stable/latest/Debian stable main
Le recomendamos que actualice kdebase y los programas asociados.
- Arreglado en:
-
Debian GNU/Linux 3.0 (woody)
- Fuentes:
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4.dsc
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4.diff.gz
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2.orig.tar.gz
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4.diff.gz
- Componentes independientes de la arquitectura:
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-doc_2.2.2-14.4_all.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdewallpapers_2.2.2-14.4_all.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdewallpapers_2.2.2-14.4_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.4_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.4_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.4_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.4_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.4_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.4_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.4_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.4_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.4_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.4_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.4_arm.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_arm.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.4_arm.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.4_arm.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.4_arm.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.4_arm.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.4_arm.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.4_arm.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.4_arm.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.4_arm.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.4_arm.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.4_i386.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_i386.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.4_i386.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.4_i386.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.4_i386.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.4_i386.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.4_i386.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.4_i386.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.4_i386.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.4_i386.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.4_i386.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.4_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.4_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.4_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.4_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.4_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.4_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.4_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.4_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.4_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.4_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.4_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.4_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.4_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.4_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.4_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.4_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.4_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.4_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.4_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.4_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.4_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.4_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.4_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.4_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.4_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.4_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.4_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.4_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.4_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.4_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.4_mips.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_mips.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.4_mips.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.4_mips.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.4_mips.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.4_mips.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.4_mips.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.4_mips.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.4_mips.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.4_mips.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.4_mips.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.4_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.4_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.4_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.4_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.4_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.4_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.4_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.4_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.4_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.4_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.4_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.4_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.4_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.4_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.4_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.4_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.4_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.4_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.4_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.4_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.4_s390.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_s390.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.4_s390.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.4_s390.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.4_s390.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.4_s390.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.4_s390.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.4_s390.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.4_s390.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.4_s390.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.4_s390.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.4_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.4_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.4_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.4_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.4_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.4_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.4_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.4_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.4_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.4_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_sparc.deb
Las sumas MD5 de los ficheros que se listan están disponibles en el aviso original.