Debian セキュリティ勧告
DSA-361-2 kdelibs, kdelibs-crypto -- 複数の脆弱性
- 報告日時:
- 2003-08-01
- 影響を受けるパッケージ:
- kdelibs, kdelibs-crypto
- 危険性:
- あり
- 参考セキュリティデータベース:
- (SecurityFocus の) Bugtraq データベース: BugTraq ID 7520, BugTraq ID 8297.
Mitre の CVE 辞書: CVE-2003-0459, CVE-2003-0370. - 詳細:
-
kdelibs に脆弱性が 2 件発見されました:
- CAN-2003-0459: KDE 3.1.2 およびそれ以前の KDE Konqueror は「ユーザ:パスワード@ホスト」形式の URL から認証に利用した情報を HTTP-Referer ヘッダから削除していません。 それによりサイトへのリンク元のページの認証情報の盗用をリモートウェブサイトに許します。
- CAN-2003-0370: Konqueror Embedded と KDE 2.2.2 およびそれ以前は X.509 証明書の Common Name (CN) フィールドを検証していません。これにより、 リモートの攻撃者に偽造した証明書を経由した中間者攻撃を許します。
These 脆弱性 are 説明d in the →に従って セキュリティadvisories from KDE:
- http://www.kde.org/info/security/advisory-20030729-1.txt
- http://www.kde.org/info/security/advisory-20030602-1.txt
現在の安定版 (stable) ディストリビューション (woody) では、この問題は kdelibs のバージョン 2.2.2-13.woody.8 および kdelibs-cryptoの 2.2.2-6woody2 で修正されています。
不安定版 (unstable) ディストリビューション (sid) では、この問題は kdelibs バージョン 4:3.1.3-1 で修正されています。不安定版 (unstable) ディストリビューションには、独立した kdelibs-crypto パッケージは含まれません。
直ちに kdelibs および kdelibs-crypto パッケージを更新することを勧めます。
- 修正:
-
Debian GNU/Linux 3.0 (woody)
- ソース:
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.8.dsc
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.8.diff.gz
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2.orig.tar.gz
- http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs-crypto_2.2.2-6woody2.dsc
- http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs-crypto_2.2.2-6woody2.diff.gz
- http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs-crypto_2.2.2.orig.tar.gz
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.8.diff.gz
- アーキテクチャ非依存コンポーネント:
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-doc_2.2.2-13.woody.8_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.8_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.8_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.8_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.8_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.8_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.8_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.8_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.8_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.8_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_alpha.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.8_arm.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_arm.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.8_arm.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.8_arm.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.8_arm.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.8_arm.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.8_arm.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.8_arm.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.8_arm.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.8_arm.deb
- http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_arm.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.8_i386.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_i386.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.8_i386.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.8_i386.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.8_i386.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.8_i386.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.8_i386.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.8_i386.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.8_i386.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.8_i386.deb
- http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_i386.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.8_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.8_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.8_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.8_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.8_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.8_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.8_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.8_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.8_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_ia64.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.8_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.8_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.8_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.8_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.8_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.8_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.8_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.8_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.8_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_hppa.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.8_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.8_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.8_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.8_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.8_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.8_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.8_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.8_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.8_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_m68k.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.8_mips.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_mips.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.8_mips.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.8_mips.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.8_mips.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.8_mips.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.8_mips.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.8_mips.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.8_mips.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.8_mips.deb
- http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_mips.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.8_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.8_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.8_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.8_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.8_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.8_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.8_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.8_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.8_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_mipsel.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.8_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.8_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.8_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.8_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.8_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.8_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.8_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.8_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.8_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_powerpc.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.8_s390.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_s390.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.8_s390.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.8_s390.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.8_s390.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.8_s390.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.8_s390.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.8_s390.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.8_s390.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.8_s390.deb
- http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_s390.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.8_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.8_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.8_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.8_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.8_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.8_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.8_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.8_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.8_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdelibs-crypto/kdelibs3-crypto_2.2.2-6woody2_sparc.deb
- http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.8_sparc.deb
一覧にあるファイルの MD5 チェックサムは勧告の原文にあります。
一覧にあるファイルの MD5 チェックサムは勧告の原文 (改訂版) にあります。