LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: September 2nd, 2014
Linux Advisory Watch: August 29th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: kdesdk multiple vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
Debian The KDE team discovered several vulnerabilities in the K Desktop Environment.

- --------------------------------------------------------------------------
Debian Security Advisory DSA 239-1                     security@debian.org 
http://www.debian.org/security/                             Martin Schulze
January 23rd, 2003                       http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : kdesdk
Vulnerability  : several
Problem-type   : local, remote
Debian-specific: no
CVE Id         : CAN-2002-1393

The KDE team discovered several vulnerabilities in the K Desktop
Environment.  In some instances KDE fails to properly quote parameters
of instructions passed to a command shell for execution.  These
parameters may incorporate data such as URLs, filenames and e-mail
addresses, and this data may be provided remotely to a victim in an
e-mail, a webpage or files on a network filesystem or other untrusted
source.

By carefully crafting such data an attacker might be able to execute
arbitary commands on a vulnerable sytem using the victim's account and
privileges.  The KDE Project is not aware of any existing exploits of
these vulnerabilities.  The patches also provide better safe guards
and check data from untrusted sources more strictly in multiple
places.

For the current stable distribution (woody), these problems have been fixed
in version 2.2.2-3.2.

The old stable distribution (potato) does not contain KDE packages.

For the unstable distribution (sid), these problems will most probably
not be fixed but new packages for KDE 3.1 for sid are expected for
this year.

We recommend that you upgrade your KDE packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

     http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2.dsc
      Size/MD5 checksum:      809 1e72a255b00079ba8e293a4ceb1c8eb3
     http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2.diff.gz
      Size/MD5 checksum:     2645 1f41391569ee52599dc843687a03181e
     http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2.orig.tar.gz
      Size/MD5 checksum:  1360120 27bc6f7baf89e63fc6913772769920df

  Architecture independent components:

     http://security.debian.org/pool/updates/main/k/kdesdk/kapptemplate_2.2.2-3.2_all.deb
      Size/MD5 checksum:   250626 a8e193b6c246f9038bd0b1634e8628c0
     http://security.debian.org/pool/updates/main/k/kdesdk/kdepalettes_2.2.2-3.2_all.deb
      Size/MD5 checksum:     5836 d426f27006ee16b366e7aea58535ab3f
     http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk-doc_2.2.2-3.2_all.deb
      Size/MD5 checksum:   126968 30f7976922e912f7ced3b4c5252241df
     http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk-scripts_2.2.2-3.2_all.deb
      Size/MD5 checksum:    66716 1c1b8276651620280b31cf892a10a6e7

  Alpha architecture:

     http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_alpha.deb
      Size/MD5 checksum:   859876 2d1f134832246f016708c9b5869b2e6b
     http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_alpha.deb
      Size/MD5 checksum:    21394 4bccd516498a581fae81f4f0a86a91c9
     http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_alpha.deb
      Size/MD5 checksum:     4812 8003ab13861e310bcc912fccc8fcd2ca
     http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_alpha.deb
      Size/MD5 checksum:    27588 891cb9ed18b7fcbf0dbcd6d81777d04a
     http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_alpha.deb
      Size/MD5 checksum:    63782 972cec3713037b485e993dddf0b4d38a
     http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_alpha.deb
      Size/MD5 checksum:    31528 de61d755227fbc982af96b3d1823f238
     http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_alpha.deb
      Size/MD5 checksum:    14632 528754318b469f61e61bd239576c629c
     http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_alpha.deb
      Size/MD5 checksum:   646068 8215138bec95fce13579ddeb57835363

  ARM architecture:

     http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_arm.deb
      Size/MD5 checksum:   774294 7be484e4e531bada235675670656f7ad
     http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_arm.deb
      Size/MD5 checksum:    21392 a106a49607929471e8d0fbfda42b7302
     http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_arm.deb
      Size/MD5 checksum:     4814 c659f7dba60b8d00ff8f6e9c0d7f1d87
     http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_arm.deb
      Size/MD5 checksum:    25996 2fc418708a8c880c5aecc45cbde1c2ec
     http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_arm.deb
      Size/MD5 checksum:    58904 34211e1af64b8a80aa39149480f07c74
     http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_arm.deb
      Size/MD5 checksum:    28198 c4f819f1d31987346a979fab5fc8ec2e
     http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_arm.deb
      Size/MD5 checksum:    13276 e1a80773b018de47fa2a4247743cb5e5
     http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_arm.deb
      Size/MD5 checksum:   823442 679a0cc8b4716ea12a3431af11c16697

  Intel IA-32 architecture:

     http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_i386.deb
      Size/MD5 checksum:   771636 398d372af4149eba47689f9b36db7780
     http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_i386.deb
      Size/MD5 checksum:    21390 4af236cb7cbfb97be9650a5bb0912247
     http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_i386.deb
      Size/MD5 checksum:     4812 c3b559f9f7429653181503c179f1f0e4
     http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_i386.deb
      Size/MD5 checksum:    27030 ea6665b84e3e12bf1ea11ce30e086d8a
     http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_i386.deb
      Size/MD5 checksum:    52800 068d88ee6551f11a48f51d3973787a39
     http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_i386.deb
      Size/MD5 checksum:    26852 dca10d6aa7f98c468e983e60b1f4b452
     http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_i386.deb
      Size/MD5 checksum:    13280 8611af32043773a83bb1cf59bf45c859
     http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_i386.deb
      Size/MD5 checksum:   646918 8cab3553cb420581e5d5d61dc6bb6c32

  Intel IA-64 architecture:

     http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_ia64.deb
      Size/MD5 checksum:  1081164 adc303bb20b873e1d1111e4bff4b0035
     http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_ia64.deb
      Size/MD5 checksum:    21398 6adf6c79dcbf70931c1865b649a7cdcb
     http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_ia64.deb
      Size/MD5 checksum:     4812 3cc47238e4fc2a13f2f54e617e646d00
     http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_ia64.deb
      Size/MD5 checksum:    29356 b121017c5ed894da3aa55ba8e39c2ba3
     http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_ia64.deb
      Size/MD5 checksum:    82626 123f528b9eed10394461baa30243ee51
     http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_ia64.deb
      Size/MD5 checksum:    33162 26c22978b33eeda9cae0d15641302a1e
     http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_ia64.deb
      Size/MD5 checksum:    15300 d6b7c27627086e1b5cef53959af9731c
     http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_ia64.deb
      Size/MD5 checksum:   925860 d4ce81bf2af95fe33100df103c21dc7e

  HP Precision architecture:

     http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_hppa.deb
      Size/MD5 checksum:   889318 bcff53bd4619d49193abe277c09d1506
     http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_hppa.deb
      Size/MD5 checksum:    21398 5ce6c4922f8c176b969a9c1a96bee298
     http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_hppa.deb
      Size/MD5 checksum:     4810 5ab1aa6a25c4939e9c9c8abe65a17d7c
     http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_hppa.deb
      Size/MD5 checksum:    28136 159b6cc8977f5b45cad85e97e9ce117c
     http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_hppa.deb
      Size/MD5 checksum:    66134 ac364b2798f4b2307a51529d1bb600db
     http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_hppa.deb
      Size/MD5 checksum:    32966 22ee0f939f8922c25517823214b193bf
     http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_hppa.deb
      Size/MD5 checksum:    14020 c16c6dde35ed450d4142cd06527481cd
     http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_hppa.deb
      Size/MD5 checksum:   606434 f71003608b1e050c050069f4d17c226a

  Motorola 680x0 architecture:

     http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_m68k.deb
      Size/MD5 checksum:   755554 8a29c63753913e33ebde86dcf2d6d392
     http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_m68k.deb
      Size/MD5 checksum:    21412 da1079065eebd18a353a66a61cd4dee1
     http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_m68k.deb
      Size/MD5 checksum:     4824 8f8a296e9cb9809992ee775afbf3fd18
     http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_m68k.deb
      Size/MD5 checksum:    27516 5d50b2f558e0c762ee5c2dfc99fa7f6e
     http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_m68k.deb
      Size/MD5 checksum:    49072 fbe18a9d85c5f8412b73d6b525fc9739
     http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_m68k.deb
      Size/MD5 checksum:    30292 4bf09fa1bd8cc6de9c16159ecd3ae589
     http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_m68k.deb
      Size/MD5 checksum:    13366 438135879b2780246d418743f9a9fd3d
     http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_m68k.deb
      Size/MD5 checksum:   572830 43978d2e9e5361e5961e8ff54063faa6

  Big endian MIPS architecture:

     http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_mips.deb
      Size/MD5 checksum:   732348 3a20102bd3df1b16a1c383925ff280ea
     http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_mips.deb
      Size/MD5 checksum:    21404 c57eb0e4b427557ea08331a1fad33779
     http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_mips.deb
      Size/MD5 checksum:     4816 7df152e52a3794b317ecdb434bfd8295
     http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_mips.deb
      Size/MD5 checksum:    25996 4b6716a1024718ab305040fe445794c6
     http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_mips.deb
      Size/MD5 checksum:    56908 21b6f8a8f328b37485b4403d0c1b63d3
     http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_mips.deb
      Size/MD5 checksum:    26984 7fb1700bf00e7c136bc541670a6e21a8
     http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_mips.deb
      Size/MD5 checksum:    13490 d0ff206692c05683bfc25b8628359430
     http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_mips.deb
      Size/MD5 checksum:   501868 c1b11ebc04ab12231740ba85ff34fab0

  Little endian MIPS architecture:

     http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_mipsel.deb
      Size/MD5 checksum:   725606 67c6d21460d34f18dabe4b4541da49f0
     http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_mipsel.deb
      Size/MD5 checksum:    21398 373e5e32b5afc536b654006206925d59
     http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_mipsel.deb
      Size/MD5 checksum:     4814 537b6a8c5f982f61a299c429a8e66487
     http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_mipsel.deb
      Size/MD5 checksum:    25926 5c5e4027ef6ca161d15c0088f8ae73e0
     http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_mipsel.deb
      Size/MD5 checksum:    56948 2077d42240aa305ceadd620744e4a3af
     http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_mipsel.deb
      Size/MD5 checksum:    26842 3008905abfba7904d5df4fd55a416bdc
     http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_mipsel.deb
      Size/MD5 checksum:    13456 1daf24ffefc3abe4bc68fc0b86a8056f
     http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_mipsel.deb
      Size/MD5 checksum:   485800 1e801b8a53fcba4d804a1991ef33f598

  PowerPC architecture:

     http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_powerpc.deb
      Size/MD5 checksum:   776788 c45a2dca8dcb7cbd34f4d9a19dc4891f
     http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_powerpc.deb
      Size/MD5 checksum:    21396 0c42f08dd63079eb61dae050629678df
     http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_powerpc.deb
      Size/MD5 checksum:     4814 9311209a5ea526e9f24f5c9311865f7b
     http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_powerpc.deb
      Size/MD5 checksum:    25568 eb202cb0741f3d6dac8c56a5364513b3
     http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_powerpc.deb
      Size/MD5 checksum:    55920 deccf7c64b24a5d4cd133a03fd0965d1
     http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_powerpc.deb
      Size/MD5 checksum:    27254 0768e4faa8088feb0b0ae96d077f9a73
     http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_powerpc.deb
      Size/MD5 checksum:    13480 19e5c0ef57434c581e6609feac1d402e
     http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_powerpc.deb
      Size/MD5 checksum:   597628 ef1f2ff7a37f6a260325aa14156a6293

  IBM S/390 architecture:

     http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_s390.deb
      Size/MD5 checksum:   786632 823b69607fc4b1a29544308a46b14da5
     http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_s390.deb
      Size/MD5 checksum:    21396 71a5686e9469e65219adfb5e71b25430
     http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_s390.deb
      Size/MD5 checksum:     4812 7bbff9c4a6052f2233add2f024a32357
     http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_s390.deb
      Size/MD5 checksum:    28408 81d705f49ed63cd6c0e06e2d54aba3ab
     http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_s390.deb
      Size/MD5 checksum:    56080 e173c5fa1a60090fc88fbd55810f6713
     http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_s390.deb
      Size/MD5 checksum:    28160 e02c2b090c006177af9f79554496d96a
     http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_s390.deb
      Size/MD5 checksum:    13626 6cb99ec8320414ff2aae1a021be21038
     http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_s390.deb
      Size/MD5 checksum:   498292 90c93d77364f16bf6bbc6df35bd3f7af

  Sun Sparc architecture:

     http://security.debian.org/pool/updates/main/k/kdesdk/kbabel_2.2.2-3.2_sparc.deb
      Size/MD5 checksum:   782502 4f23c31dd8961b0c14098cb35a14a14c
     http://security.debian.org/pool/updates/main/k/kdesdk/kbabel-dev_2.2.2-3.2_sparc.deb
      Size/MD5 checksum:    21394 e59e9cf5957993d613e0bfc168e2895b
     http://security.debian.org/pool/updates/main/k/kdesdk/kdesdk_2.2.2-3.2_sparc.deb
      Size/MD5 checksum:     4810 96cc1ed9708a39cd1ee98093c4af5aab
     http://security.debian.org/pool/updates/main/k/kdesdk/kexample_2.2.2-3.2_sparc.deb
      Size/MD5 checksum:    26404 d6ddf3c6847c1968f763a5803cad36de
     http://security.debian.org/pool/updates/main/k/kdesdk/kmtrace_2.2.2-3.2_sparc.deb
      Size/MD5 checksum:    55730 697a73daa3bf53170c03b0c2b56ddce4
     http://security.debian.org/pool/updates/main/k/kdesdk/kspy_2.2.2-3.2_sparc.deb
      Size/MD5 checksum:    29364 7a6926422194514084fd3637686313a1
     http://security.debian.org/pool/updates/main/k/kdesdk/kstartperf_2.2.2-3.2_sparc.deb
      Size/MD5 checksum:    13378 69e08fa7cabf50fa2e97f16a8af16192
     http://security.debian.org/pool/updates/main/k/kdesdk/poxml_2.2.2-3.2_sparc.deb
      Size/MD5 checksum:   584010 04dd30e9894dff1b2bbaf709ae6e13e2


  These files will probably be moved into the stable distribution on
  its next revision.

- ---------------------------------------------------------------------------------
For apt-get: deb  http://security.debian.org/ stable/updates main
For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and  http://packages.debian.org/



 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.