Säkerhetsbulletin från Debian
DSA-296-1 kdebase -- osäker exekvering
- Rapporterat den:
- 2003-04-30
- Berörda paket:
- kdebase
- Sårbara:
- Ja
- Referenser i säkerhetsdatabaser:
- I Bugtraq-databasen (hos SecurityFocus): BugTraq-id 7318.
I Mitres CVE-förteckning: CVE-2003-0204. - Ytterligare information:
-
KDE-gruppen upptäckte en sårbarhet i det sätt KDE använder programvaran Ghostscript för att hantera PostScript- (PS) och PDF-filer. En angripare kunde tillhandahålla en elakartad PostScript- eller PDF-fil via e-post eller webbplatser vilka kunde orsaka exekvering av godtyckliga kommandon med samma behörighet som den användare som läser filen eller vars webbläsare genererar en kataloglista med miniatyrer.
För den stabila utgåvan (Woody) har detta problem rättats i version 2.2.2-14.4 av kdebase och anknutna paket.
Den gamla stabila utgåvan (Potato) påverkas inte eftersom den inte innehåller KDE.
För den instabila utgåvan (Sid) kommer detta problem rättas inom kort.
För den inofficiella bakåtanpassningen av KDE 3.1.1 till Woody av Ralf Nolden på download.kde.org har detta problem rättats i version 3.1.1-0woody3 av kdebase. Du får tag i uppdateringen genom att använda den vanliga inställningsraden för apt-get för bakåtanpassningen:
deb http://download.kde.org/stable/latest/Debian stable main
Vi rekommenderar att ni uppgraderar kdebase och anknutna paket.
- Rättat i:
-
Debian GNU/Linux 3.0 (woody)
- Källkod:
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4.dsc
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4.diff.gz
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2.orig.tar.gz
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4.diff.gz
- Arkitekturoberoende komponent:
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-doc_2.2.2-14.4_all.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdewallpapers_2.2.2-14.4_all.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdewallpapers_2.2.2-14.4_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.4_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.4_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.4_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.4_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.4_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.4_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.4_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.4_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.4_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.4_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.4_arm.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_arm.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.4_arm.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.4_arm.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.4_arm.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.4_arm.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.4_arm.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.4_arm.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.4_arm.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.4_arm.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.4_arm.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.4_i386.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_i386.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.4_i386.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.4_i386.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.4_i386.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.4_i386.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.4_i386.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.4_i386.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.4_i386.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.4_i386.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.4_i386.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.4_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.4_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.4_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.4_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.4_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.4_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.4_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.4_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.4_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.4_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.4_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.4_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.4_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.4_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.4_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.4_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.4_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.4_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.4_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.4_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.4_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.4_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.4_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.4_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.4_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.4_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.4_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.4_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.4_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.4_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.4_mips.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_mips.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.4_mips.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.4_mips.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.4_mips.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.4_mips.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.4_mips.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.4_mips.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.4_mips.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.4_mips.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.4_mips.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.4_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.4_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.4_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.4_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.4_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.4_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.4_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.4_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.4_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.4_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.4_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.4_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.4_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.4_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.4_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.4_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.4_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.4_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.4_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.4_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.4_s390.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_s390.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.4_s390.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.4_s390.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.4_s390.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.4_s390.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.4_s390.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.4_s390.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.4_s390.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.4_s390.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.4_s390.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/k/kdebase/kate_2.2.2-14.4_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-audiolibs_2.2.2-14.4_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_2.2.2-14.4_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase-libs_2.2.2-14.4_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdm_2.2.2-14.4_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konqueror_2.2.2-14.4_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/konsole_2.2.2-14.4_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kscreensaver_2.2.2-14.4_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq-dev_2.2.2-14.4_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/libkonq3_2.2.2-14.4_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdebase/kdebase_2.2.2-14.4_sparc.deb
MD5-kontrollsummor för dessa filer finns i originalbulletinen.