Login

Noch kein Login?
Daten vergessen?

 
Newsletter
Werbung
Sicherheit: Preisgabe von Authentiserungsdaten in kdelibs
Aktuelle Meldungen Distributionen
Name: Preisgabe von Authentiserungsdaten in kdelibs
ID: DSA-361-1
Distribution: Debian
Plattformen: Debian woody
Datum: Sa, 2. August 2003, 13:00
Referenzen: Keine Angabe

Originalnachricht

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
Debian Security Advisory DSA 361-1                     security@debian.org
http://www.debian.org/security/                             Matt Zimmerman
August 1st, 2003                        http://www.debian.org/security/faq
--------------------------------------------------------------------------

Package        : kdelibs
Vulnerability  : several
Problem-Type   : remote
Debian-specific: no
CVE Ids        : CAN-2003-0459, CAN-2003-0370

Two vulnerabilities were discovered in kdelibs:

- CAN-2003-0459: KDE Konqueror for KDE 3.1.2 and earlier does not
  remove authentication credentials from URLs of the
  "user:password@host" form in the HTTP-Referer header, which could
  allow remote web sites to steal the credentials for pages that link
  to the sites.

- CAN-2003-0370: Konqueror Embedded and KDE 2.2.2 and earlier does not
  validate the Common Name (CN) field for X.509 Certificates, which
  could allow remote attackers to spoof certificates via a
  man-in-the-middle attack.

These vulnerabilities are described in the following security
advisories from KDE:

http://www.kde.org/info/security/advisory-20030729-1.txt
http://www.kde.org/info/security/advisory-20030602-1.txt

For the current stable distribution (woody) these problems have been
fixed in version 2.2.2-13.woody.8.

For the unstable distribution (sid) these problems have been fixed in
version 4:3.1.3-1.

We recommend that you update your kdelibs package.

Upgrade Instructions
--------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
--------------------------------

  Source archives:

    kdelibs_2.2.2-13.woody.8.dsc
      Size/MD5 checksum:     1353 5c815a67ccb9603faa9a8eb966402221
    kdelibs_2.2.2-13.woody.8.diff.gz
      Size/MD5 checksum:    56799 f193bbbbe086c4d721b1da897e245c5f
    kdelibs_2.2.2.orig.tar.gz
      Size/MD5 checksum:  6396699 7a9277a2e727821338f751855c2ce5d3

  Architecture independent components:

    kdelibs3-doc_2.2.2-13.woody.8_all.deb
      Size/MD5 checksum:  2564214 b05746e361304cc132ba11711b55f7a3

  Alpha architecture:

    kdelibs-dev_2.2.2-13.woody.8_alpha.deb
      Size/MD5 checksum:   757264 fa6f0c3eb1c83241d85c1d893384a195
    kdelibs3_2.2.2-13.woody.8_alpha.deb
      Size/MD5 checksum:  7532294 15954f4cb9b69375d3cce2568712711a
    kdelibs3-bin_2.2.2-13.woody.8_alpha.deb
      Size/MD5 checksum:   137266 3d40312c8cb68a694e9099943fcbe07a
    kdelibs3-cups_2.2.2-13.woody.8_alpha.deb
      Size/MD5 checksum:   201840 f70cdcb31526bf907e4d1473be008b2a
    libarts_2.2.2-13.woody.8_alpha.deb
      Size/MD5 checksum:  1022220 92a0bd302d8a032deea14f0a0a098ac1
    libarts-alsa_2.2.2-13.woody.8_alpha.deb
      Size/MD5 checksum:  1029292 f323f737e7f004901968f3c55fcbe4f0
    libarts-dev_2.2.2-13.woody.8_alpha.deb
      Size/MD5 checksum:   198074 c93cd4e5e1d055cbc5ba21e6c0492991
    libkmid_2.2.2-13.woody.8_alpha.deb
      Size/MD5 checksum:   174586 a59200be90a136177d7ca2d2e95e755a
    libkmid-alsa_2.2.2-13.woody.8_alpha.deb
      Size/MD5 checksum:   177924 79f4eefc4d91fc4486cef938cc53c4da
    libkmid-dev_2.2.2-13.woody.8_alpha.deb
      Size/MD5 checksum:    37100 6666a0f271a4b8419be5f0a3253c7d76

  ARM architecture:

    kdelibs-dev_2.2.2-13.woody.8_arm.deb
      Size/MD5 checksum:   743528 80af5e2c904de9884538dd501324fd68
    kdelibs3_2.2.2-13.woody.8_arm.deb
      Size/MD5 checksum:  6589168 1a0c58d52d0f2ce47ccc949515ea8d11
    kdelibs3-bin_2.2.2-13.woody.8_arm.deb
      Size/MD5 checksum:   104432 c0792835b59698a172f02d169e8f35ed
    kdelibs3-cups_2.2.2-13.woody.8_arm.deb
      Size/MD5 checksum:   186426 0b4adc69f78802ae4785324a389af2ed
    libarts_2.2.2-13.woody.8_arm.deb
      Size/MD5 checksum:   651612 263bd14c2e2efbcb046599ead20ccda7
    libarts-alsa_2.2.2-13.woody.8_arm.deb
      Size/MD5 checksum:   655244 a218efa916ef08c4761ee37717ac28c4
    libarts-dev_2.2.2-13.woody.8_arm.deb
      Size/MD5 checksum:   155386 8b7213a904bffe4b586e3ef1a23272b3
    libkmid_2.2.2-13.woody.8_arm.deb
      Size/MD5 checksum:   124670 94011575cb718615027bd874f4d19782
    libkmid-alsa_2.2.2-13.woody.8_arm.deb
      Size/MD5 checksum:   127760 2c2b46294b71d0e58938f5c4dc677894
    libkmid-dev_2.2.2-13.woody.8_arm.deb
      Size/MD5 checksum:    37106 53018863a02bbf8527219b57e64b8cf9

  Intel IA-32 architecture:

    kdelibs-dev_2.2.2-13.woody.8_i386.deb
      Size/MD5 checksum:   742862 d694169bd78c22556e7826e6743671ab
    kdelibs3_2.2.2-13.woody.8_i386.deb
      Size/MD5 checksum:  6618286 93a23c4e4b60c2d22751a1d4e5e3bd44
    kdelibs3-bin_2.2.2-13.woody.8_i386.deb
      Size/MD5 checksum:   105992 93dbd645f4a1df07aa6dd59d15c78c06
    kdelibs3-cups_2.2.2-13.woody.8_i386.deb
      Size/MD5 checksum:   182852 a40d3071a7ac0dda38f8cb6c7c16089d
    libarts_2.2.2-13.woody.8_i386.deb
      Size/MD5 checksum:   625038 2eb65cf5e415b1cb4575dbd280913abf
    libarts-alsa_2.2.2-13.woody.8_i386.deb
      Size/MD5 checksum:   629376 bd686dffac6f128bf148073dd7cc5b22
    libarts-dev_2.2.2-13.woody.8_i386.deb
      Size/MD5 checksum:   154760 3e1e8471787a474f6f28a2ac6f5650bc
    libkmid_2.2.2-13.woody.8_i386.deb
      Size/MD5 checksum:   123322 43c58d4502adbe3acbcde52bfb759e8e
    libkmid-alsa_2.2.2-13.woody.8_i386.deb
      Size/MD5 checksum:   126424 062e28ea18e9aa2a97175f39096862cb
    libkmid-dev_2.2.2-13.woody.8_i386.deb
      Size/MD5 checksum:    37102 bda10467f1b18c7484e4ac1aae586cd0

  Intel IA-64 architecture:

    kdelibs-dev_2.2.2-13.woody.8_ia64.deb
      Size/MD5 checksum:   767558 3ca9c93a1b628aba1c48f9512efb0450
    kdelibs3_2.2.2-13.woody.8_ia64.deb
      Size/MD5 checksum:  8841368 b5fff89ff6261d43781c8766aa5d7598
    kdelibs3-bin_2.2.2-13.woody.8_ia64.deb
      Size/MD5 checksum:   153600 51e682a99dcdd400857f5837168ee701
    kdelibs3-cups_2.2.2-13.woody.8_ia64.deb
      Size/MD5 checksum:   256878 bf044e843b5a7dd4739ceb11828bcda9
    libarts_2.2.2-13.woody.8_ia64.deb
      Size/MD5 checksum:  1045290 70bc69ea7ddd37b6971a83099e87cd15
    libarts-alsa_2.2.2-13.woody.8_ia64.deb
      Size/MD5 checksum:  1050638 a1f471af126b41976f951680ee76ffb8
    libarts-dev_2.2.2-13.woody.8_ia64.deb
      Size/MD5 checksum:   199370 857ba011cd3a08d9124040da8ec6da14
    libkmid_2.2.2-13.woody.8_ia64.deb
      Size/MD5 checksum:   185444 e5220a9bb8ad3798c31a5990a7857b78
    libkmid-alsa_2.2.2-13.woody.8_ia64.deb
      Size/MD5 checksum:   190906 51eb58ce68471eb4c69a31fecda3c4d8
    libkmid-dev_2.2.2-13.woody.8_ia64.deb
      Size/MD5 checksum:    37096 541900e17a8c8029f45fca6696ddb028

  HP Precision architecture:

    kdelibs-dev_2.2.2-13.woody.8_hppa.deb
      Size/MD5 checksum:   749598 6851da3fa2542f371f2f0e75da214aa2
    kdelibs3_2.2.2-13.woody.8_hppa.deb
      Size/MD5 checksum:  7343564 b0183421a4fd5ac77d0dde735e86ba6c
    kdelibs3-bin_2.2.2-13.woody.8_hppa.deb
      Size/MD5 checksum:   117306 67ba5d8cea098f5e41040fd0e72b5b02
    kdelibs3-cups_2.2.2-13.woody.8_hppa.deb
      Size/MD5 checksum:   217796 837e91368600cc315d838b6395ea33c1
    libarts_2.2.2-13.woody.8_hppa.deb
      Size/MD5 checksum:  1111424 36e98fa4aae1dcbc922f19e64f866053
    libarts-alsa_2.2.2-13.woody.8_hppa.deb
      Size/MD5 checksum:  1115322 9b08a77ed1bad67d30069413d2e0fe30
    libarts-dev_2.2.2-13.woody.8_hppa.deb
      Size/MD5 checksum:   207342 0eab8c26829e938578d9034f4e1e2d46
    libkmid_2.2.2-13.woody.8_hppa.deb
      Size/MD5 checksum:   171824 4752bcacbe1907803d70790119fdcc60
    libkmid-alsa_2.2.2-13.woody.8_hppa.deb
      Size/MD5 checksum:   175920 6d390d3f27e2ee266ee1c35f5c6ed4d4
    libkmid-dev_2.2.2-13.woody.8_hppa.deb
      Size/MD5 checksum:    37102 2b13f6b456878bfc80aec171bbd25c38

  Motorola 680x0 architecture:

    kdelibs-dev_2.2.2-13.woody.8_m68k.deb
      Size/MD5 checksum:   739972 fd777221ccb53ea896b867fe0ef3caef
    kdelibs3_2.2.2-13.woody.8_m68k.deb
      Size/MD5 checksum:  6483984 48c7ce7a820cd2edd220e064e9c06eef
    kdelibs3-bin_2.2.2-13.woody.8_m68k.deb
      Size/MD5 checksum:   103526 467cbbfa84eedec93c9ae401b0901706
    kdelibs3-cups_2.2.2-13.woody.8_m68k.deb
      Size/MD5 checksum:   178436 b9f9f61bdaf437e0257fd17f004b5a65
    libarts_2.2.2-13.woody.8_m68k.deb
      Size/MD5 checksum:   628656 ca0418d695f53e38621d3226370fe6fc
    libarts-alsa_2.2.2-13.woody.8_m68k.deb
      Size/MD5 checksum:   633070 ef87665402f954b01ce11ed52702108e
    libarts-dev_2.2.2-13.woody.8_m68k.deb
      Size/MD5 checksum:   151010 cf006ab6d66435ff7ad023f3f14f8800
    libkmid_2.2.2-13.woody.8_m68k.deb
      Size/MD5 checksum:   120656 263d7d1be4bfe02281fb05ff9e692e70
    libkmid-alsa_2.2.2-13.woody.8_m68k.deb
      Size/MD5 checksum:   123560 f600fefbaa24632d3b3a9c9dbfd85ead
    libkmid-dev_2.2.2-13.woody.8_m68k.deb
      Size/MD5 checksum:    37122 dbc0802db996370b8f614f8753e70889

  Big endian MIPS architecture:

    kdelibs-dev_2.2.2-13.woody.8_mips.deb
      Size/MD5 checksum:   739784 70629cb3e43480fe50b30eb5322c9612
    kdelibs3_2.2.2-13.woody.8_mips.deb
      Size/MD5 checksum:  6283246 4ee744d88e2a93cc62dfbfc651cfe09c
    kdelibs3-bin_2.2.2-13.woody.8_mips.deb
      Size/MD5 checksum:   106762 b6addf954e89ccd8e29ecf345c64d8d2
    kdelibs3-cups_2.2.2-13.woody.8_mips.deb
      Size/MD5 checksum:   160934 346c6e12177f10b4298f114e5b2b1bd3
    libarts_2.2.2-13.woody.8_mips.deb
      Size/MD5 checksum:   620766 f7049ef8edb1eaca7438dc1cfeedffc3
    libarts-alsa_2.2.2-13.woody.8_mips.deb
      Size/MD5 checksum:   624932 fe0372bc4f888e003d09caf7f10120a0
    libarts-dev_2.2.2-13.woody.8_mips.deb
      Size/MD5 checksum:   175704 ba9cf46f91e5a5d14e23d1c5094ddfdd
    libkmid_2.2.2-13.woody.8_mips.deb
      Size/MD5 checksum:   124128 813bcadaa332e9aa789d310721d7d8c3
    libkmid-alsa_2.2.2-13.woody.8_mips.deb
      Size/MD5 checksum:   127166 f49ad75dea8beebafc09ee9ed17cc6ff
    libkmid-dev_2.2.2-13.woody.8_mips.deb
      Size/MD5 checksum:    37108 28faaa11ff5480773306c3f6178ea11a

  Little endian MIPS architecture:

    kdelibs-dev_2.2.2-13.woody.8_mipsel.deb
      Size/MD5 checksum:   739092 3d10cade157a3f4bde0602f64b0ff300
    kdelibs3_2.2.2-13.woody.8_mipsel.deb
      Size/MD5 checksum:  6189916 75c94121e9b8d379f1df07d203f29cd3
    kdelibs3-bin_2.2.2-13.woody.8_mipsel.deb
      Size/MD5 checksum:   105754 b27b868206dbbd749313ddd037d125ef
    kdelibs3-cups_2.2.2-13.woody.8_mipsel.deb
      Size/MD5 checksum:   159154 4dcc6e9fa704f7e9397f14ccc46ce2ad
    libarts_2.2.2-13.woody.8_mipsel.deb
      Size/MD5 checksum:   613612 020928718d250e5c92d4be96a58596fd
    libarts-alsa_2.2.2-13.woody.8_mipsel.deb
      Size/MD5 checksum:   617226 276481a73f6a22407a77154cec8136a9
    libarts-dev_2.2.2-13.woody.8_mipsel.deb
      Size/MD5 checksum:   174976 96f38b7225ae2b5024aa0011dc29ac5b
    libkmid_2.2.2-13.woody.8_mipsel.deb
      Size/MD5 checksum:   123152 4a6cf2f5fcea212b268812f17f680294
    libkmid-alsa_2.2.2-13.woody.8_mipsel.deb
      Size/MD5 checksum:   126146 738a00cff0c87ce1480040a1d90fe483
    libkmid-dev_2.2.2-13.woody.8_mipsel.deb
      Size/MD5 checksum:    37104 7f54ce8415003d0b717c929b41e8bad8

  PowerPC architecture:

    kdelibs-dev_2.2.2-13.woody.8_powerpc.deb
      Size/MD5 checksum:   740724 b5e1f0c81b55701ec79a9a74c9dc80c8
    kdelibs3_2.2.2-13.woody.8_powerpc.deb
      Size/MD5 checksum:  6726456 50193f6730f043cfd61165791a41e1b1
    kdelibs3-bin_2.2.2-13.woody.8_powerpc.deb
      Size/MD5 checksum:   105866 7e721119d8c731ff17a0ece3fedf5838
    kdelibs3-cups_2.2.2-13.woody.8_powerpc.deb
      Size/MD5 checksum:   182522 9dac0701f1f480965806fff1fa35c33f
    libarts_2.2.2-13.woody.8_powerpc.deb
      Size/MD5 checksum:   691038 e8e31893f2385221b509e151bd01bcd2
    libarts-alsa_2.2.2-13.woody.8_powerpc.deb
      Size/MD5 checksum:   694430 cb1a09d7d22fb1ecec69e7a69c57eaf2
    libarts-dev_2.2.2-13.woody.8_powerpc.deb
      Size/MD5 checksum:   153674 6817250ad139553026bd59854803ce6b
    libkmid_2.2.2-13.woody.8_powerpc.deb
      Size/MD5 checksum:   127468 97fd8d4981c703f3af03e55b3e76645a
    libkmid-alsa_2.2.2-13.woody.8_powerpc.deb
      Size/MD5 checksum:   130392 fc5c70dc535fb40e96df88d65d9b2e30
    libkmid-dev_2.2.2-13.woody.8_powerpc.deb
      Size/MD5 checksum:    37102 11ea385aa94147a7ce7361e5bd16c926

  IBM S/390 architecture:

    kdelibs-dev_2.2.2-13.woody.8_s390.deb
      Size/MD5 checksum:   742222 e43b2f96fab3f2eb8799c8fbdc8cad0b
    kdelibs3_2.2.2-13.woody.8_s390.deb
      Size/MD5 checksum:  6739634 08cfb20b521e6846e04bf9355c7b991a
    kdelibs3-bin_2.2.2-13.woody.8_s390.deb
      Size/MD5 checksum:   110408 ca03d603ad2a470b3a894aeabeec73f0
    kdelibs3-cups_2.2.2-13.woody.8_s390.deb
      Size/MD5 checksum:   176894 d674123f0e6efe0b670f1df90b9b9ec8
    libarts_2.2.2-13.woody.8_s390.deb
      Size/MD5 checksum:   642158 6f35ad2827c5cf446332afbf7264c50c
    libarts-alsa_2.2.2-13.woody.8_s390.deb
      Size/MD5 checksum:   647300 6644e9c73c6a88098c46c1b29bf4e256
    libarts-dev_2.2.2-13.woody.8_s390.deb
      Size/MD5 checksum:   151336 592491f74265d1615083dc4c4ed7fea4
    libkmid_2.2.2-13.woody.8_s390.deb
      Size/MD5 checksum:   129832 99e927cb9e8c491fe537703c948face8
    libkmid-alsa_2.2.2-13.woody.8_s390.deb
      Size/MD5 checksum:   133278 0461b7e0b431a64474761d14fab9b6c6
    libkmid-dev_2.2.2-13.woody.8_s390.deb
      Size/MD5 checksum:    37102 1de42b75170ef39d77d9bfd2d2c93f16

  Sun Sparc architecture:

    kdelibs-dev_2.2.2-13.woody.8_sparc.deb
      Size/MD5 checksum:   741602 9b61a934c926ac5ab90043657909dcec
    kdelibs3_2.2.2-13.woody.8_sparc.deb
      Size/MD5 checksum:  6579790 514509d90e66037d93549877676d99d4
    kdelibs3-bin_2.2.2-13.woody.8_sparc.deb
      Size/MD5 checksum:   117708 222910767eec7164764adf2856a90bf4
    kdelibs3-cups_2.2.2-13.woody.8_sparc.deb
      Size/MD5 checksum:   184168 4e8e05b489008521946733c36d04609d
    libarts_2.2.2-13.woody.8_sparc.deb
      Size/MD5 checksum:   664932 97915d1d4130f1c44e46bc3efca40c35
    libarts-alsa_2.2.2-13.woody.8_sparc.deb
      Size/MD5 checksum:   668836 365123943821fc1d37f45cfe8e2d30d2
    libarts-dev_2.2.2-13.woody.8_sparc.deb
      Size/MD5 checksum:   151726 fc9c49b87ddf7febf3a7d6590b6a6291
    libkmid_2.2.2-13.woody.8_sparc.deb
      Size/MD5 checksum:   128616 a79698355c109b2b57bcfb38f2198826
    libkmid-alsa_2.2.2-13.woody.8_sparc.deb
      Size/MD5 checksum:   131324 1af4d019b27ee38bb14d131a8cae6681
    libkmid-dev_2.2.2-13.woody.8_sparc.deb
      Size/MD5 checksum:    37104 7d5b21e1c2b4299a915e1044eb93ef21

  These files will probably be moved into the stable distribution on
  its next revision.

--------------------------------------------------------------------------------
-
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-securitydists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/Ku1qArxCt0PiXR4RAiqxAKCofMwjHi8iSyjF0hr/vmGMSfqi5QCgrg0A
Sx3yrS+dvPH/8pOcNfhzgig=b7RA
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
 listmaster@lists.debian.org
Pro-Linux
Gewinnspiel
Neue Nachrichten

0
ktap: Ker­nel-Tra­ce für ein­ge­bet­te­tes Linux

0
Chrome 27 mit kleinem Ge­schwin­dig­keits­zu­wachs und neuer API für Google Drive

14
Paragon stellt ExtFS für Windows vor

6
Qemu 1.5 er­schie­nen

8
Perl 5.18.0 frei­ge­ge­ben

0
Neptune 3.1 ver­öf­fent­licht

1
Arduino Yún: Leonardo mit WiFi-SoC

16
Mageia 3 frei­ge­ge­ben

6
Erstes Smart­pho­ne mit Sailfish OS vor­be­stell­bar

0
Zend Framework 2.2.0 ver­spricht mehr Kon­sis­tenz
 
Werbung