LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: September 26th, 2014
Linux Security Week: September 22nd, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: kdepim multiple vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
Debian The KDE team discovered several vulnerabilities in the K Desktop Environment.

- --------------------------------------------------------------------------
Debian Security Advisory DSA 238-1                     security@debian.org 
http://www.debian.org/security/                             Martin Schulze
January 23rd, 2003                       http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : kdepim
Vulnerability  : several
Problem-type   : local, remote
Debian-specific: no
CVE Id         : CAN-2002-1393

The KDE team discovered several vulnerabilities in the K Desktop
Environment.  In some instances KDE fails to properly quote parameters
of instructions passed to a command shell for execution.  These
parameters may incorporate data such as URLs, filenames and e-mail
addresses, and this data may be provided remotely to a victim in an
e-mail, a webpage or files on a network filesystem or other untrusted
source.

By carefully crafting such data an attacker might be able to execute
arbitary commands on a vulnerable sytem using the victim's account and
privileges.  The KDE Project is not aware of any existing exploits of
these vulnerabilities.  The patches also provide better safe guards
and check data from untrusted sources more strictly in multiple
places.

For the current stable distribution (woody), these problems have been fixed
in version 2.2.2-5.2.

The old stable distribution (potato) does not contain KDE packages.

For the unstable distribution (sid), these problems will most probably
not be fixed but new packages for KDE 3.1 for sid are expected for
this year.

We recommend that you upgrade your KDE packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

     http://security.debian.org/pool/updates/main/k/kdepim/kdepim_2.2.2-5.2.dsc
      Size/MD5 checksum:      817 3a9b6d07e71b4a78fff95f1e0d5f3df1
     http://security.debian.org/pool/updates/main/k/kdepim/kdepim_2.2.2-5.2.diff.gz
      Size/MD5 checksum:   104449 81c061d65307d74cb877766b57b22693
     http://security.debian.org/pool/updates/main/k/kdepim/kdepim_2.2.2.orig.tar.gz
      Size/MD5 checksum:  2426387 e090f1aad8ebd1a3ea1ecd42d51532f9

  Alpha architecture:

     http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_alpha.deb
      Size/MD5 checksum:   109240 6c5235a3331c8d3a774f7830e048f3d8
     http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_alpha.deb
      Size/MD5 checksum:    22648 3a055bcaee8f6f88afe80b30e6f2211d
     http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_alpha.deb
      Size/MD5 checksum:   456832 578b1f4eac0aebac76e90fe4010fcfb9
     http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_alpha.deb
      Size/MD5 checksum:   716432 50b9d71558a64615f1392cbe93033355
     http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_alpha.deb
      Size/MD5 checksum:   824996 27aa213fa013720f5f5a926aed891845

  ARM architecture:

     http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_arm.deb
      Size/MD5 checksum:    84314 8fbc92a65edc80b03d56629677366371
     http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_arm.deb
      Size/MD5 checksum:    22646 7d035230f1ea1179e69ea25b167c7a96
     http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_arm.deb
      Size/MD5 checksum:   362892 5261b05a017c810ec3a59aecb937f0b2
     http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_arm.deb
      Size/MD5 checksum:   620202 c638b1d0ff98cd9d78ca3bb8ddebabee
     http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_arm.deb
      Size/MD5 checksum:   724560 b4cb3ab202e12b3e4ce1180280b7b7c4

  Intel IA-32 architecture:

     http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_i386.deb
      Size/MD5 checksum:    84642 1cde319e7dc3939d6de153ebf9128140
     http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_i386.deb
      Size/MD5 checksum:    22638 072fc2043003c57ee1288b461fe5080e
     http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_i386.deb
      Size/MD5 checksum:   359282 60abc8750287b7acd90aea5f96ad681c
     http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_i386.deb
      Size/MD5 checksum:   598284 3272ea2762c45f9a97c868433750bf6c
     http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_i386.deb
      Size/MD5 checksum:   718354 6195ea202df4bf7895e4ab1d4ea6599c

  Intel IA-64 architecture:

     http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_ia64.deb
      Size/MD5 checksum:   127432 1e767af46b537f450c90b90a57838b75
     http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_ia64.deb
      Size/MD5 checksum:    22638 03c37216be4a1abb7dafe8b2a50f03aa
     http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_ia64.deb
      Size/MD5 checksum:   570572 f08e48aa1974ed09b0a6c47755ce67d0
     http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_ia64.deb
      Size/MD5 checksum:   835716 bec4be6dd27d531d6fb750dbbdb1c46b
     http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_ia64.deb
      Size/MD5 checksum:   934750 4e99292ff76e5a479493334e08fc9130

  Motorola 680x0 architecture:

     http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_m68k.deb
      Size/MD5 checksum:    83214 757f6ab819882d9e343d6ce0d89188ef
     http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_m68k.deb
      Size/MD5 checksum:    22654 b5ed90d92e9b2c7129e63b37e62ef621
     http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_m68k.deb
      Size/MD5 checksum:   358008 6f392d9a4d5b2023bd3e07d1f7b76c75
     http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_m68k.deb
      Size/MD5 checksum:   603922 607c929b8cef38dc36a80afb052b0c35
     http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_m68k.deb
      Size/MD5 checksum:   718006 daa16707658d414cfdca7fe733ef0d52

  Big endian MIPS architecture:

     http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_mips.deb
      Size/MD5 checksum:    97910 31149d82dcb3083d01f8c7517b2015e5
     http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_mips.deb
      Size/MD5 checksum:    22644 058da04155cde7131a7180a6a4344044
     http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_mips.deb
      Size/MD5 checksum:   358636 515217cc3e833710e408ce48a72a60fb
     http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_mips.deb
      Size/MD5 checksum:   609670 67fd35ad1b2d52ba94a05857bb1db109
     http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_mips.deb
      Size/MD5 checksum:   753496 00c8309e2c0424ab3fa9d7cf1fc4ba4d

  Little endian MIPS architecture:

     http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_mipsel.deb
      Size/MD5 checksum:    96896 402ca43606d340cf3321a94427072907
     http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_mipsel.deb
      Size/MD5 checksum:    22640 5a622f10523f96b078facae719331bff
     http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_mipsel.deb
      Size/MD5 checksum:   354500 17d31d36e4df790f94807547423f80a9
     http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_mipsel.deb
      Size/MD5 checksum:   601432 f4f0895538784636439876e0e9d50c57
     http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_mipsel.deb
      Size/MD5 checksum:   747728 66a47df6ee7a6bd4c592daf5e27a98d7

  PowerPC architecture:

     http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_powerpc.deb
      Size/MD5 checksum:    83602 b4447af57694f46b4529e25d455d9adf
     http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_powerpc.deb
      Size/MD5 checksum:    22646 97b6c879dac3dc6964ac824ef06f9eae
     http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_powerpc.deb
      Size/MD5 checksum:   378898 1b6470873c9f4fd72f9cda1807b9eeb7
     http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_powerpc.deb
      Size/MD5 checksum:   619312 925ede2755bca091cbfa2d76f4fec7f2
     http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_powerpc.deb
      Size/MD5 checksum:   706400 e5a8766555d252c21ad05622a0dbb096

  IBM S/390 architecture:

     http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_s390.deb
      Size/MD5 checksum:    89224 bcbc4decf43c4abcb2342d5c9426358a
     http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_s390.deb
      Size/MD5 checksum:    22646 667cd0dd6c8ddc215d217b9ae0bba217
     http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_s390.deb
      Size/MD5 checksum:   381256 c93f67e2659bb26b3cff53d367cdb499
     http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_s390.deb
      Size/MD5 checksum:   630936 8caf19f27a5fd8eb8725c5fdb3d81d78
     http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_s390.deb
      Size/MD5 checksum:   722916 02c65a4811bf33d857537f42e32f6816

  Sun Sparc architecture:

     http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_sparc.deb
      Size/MD5 checksum:    85026 21d3784c9a950f51f66fd1443acb988f
     http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_sparc.deb
      Size/MD5 checksum:    22642 26d51be237a50eb27143ff95e704eac0
     http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_sparc.deb
      Size/MD5 checksum:   374682 0a2973a2b7d14f52b3e0a3b842b08115
     http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_sparc.deb
      Size/MD5 checksum:   619716 c99a61aa3e6479d3d59c631f1eb9aad8
     http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_sparc.deb
      Size/MD5 checksum:   714040 3a53cdeb21da38b61e8742a100456885


  These files will be moved into the stable distribution after new KDE
  packages fhave been uploaded into unstable (sid) and compiled for
  all architectures.  

- ---------------------------------------------------------------------------------
For apt-get: deb  http://security.debian.org/ stable/updates main
For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and  http://packages.debian.org/



 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.