Login

Noch kein Login?
Daten vergessen?

 
Newsletter
Werbung
Sicherheit: Fehlerhafte Cookie-Behandlung in KDE
Aktuelle Meldungen Distributionen
Name: Fehlerhafte Cookie-Behandlung in KDE
ID: DSA-459-1
Distribution: Debian
Plattformen: Debian woody
Datum: Sa, 13. März 2004, 12:00
Referenzen: Keine Angabe

Originalnachricht

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
Debian Security Advisory DSA 459-1                     security@debian.org
http://www.debian.org/security/                             Matt Zimmerman
March 10th, 2004                        http://www.debian.org/security/faq
--------------------------------------------------------------------------

Package        : kdelibs, kdelibs-crypto
Vulnerability  : cookie path traversal
Problem-Type   : remote
Debian-specific: no
CVE Ids        : CAN-2003-0592

A vulnerability was discovered in KDE where the path restrictions on
cookies could be bypassed using encoded relative path components
(e.g., "/../").  This means that a cookie which should only be sent by
the browser to an application running at /app1, the browser could
inadvertently include it with a request sent to /app2 on the same
server.

For the current stable distribution (woody) this problem has been
fixed in kdelibs version 4:2.2.2-6woody3 and kdelibs-crypto version
4:2.2.2-13.woody.9.

For the unstable distribution (sid) this problem was fixed in kdelibs
version 4:3.1.3-1.

We recommend that you update your kdelibs and kdelibs-crypto packages.

Upgrade Instructions
--------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
--------------------------------

  Source archives:

    kdelibs_2.2.2-13.woody.9.dsc
      Size/MD5 checksum:     1353 259d1c3337e6421f5ecedfe15a5209f0
    kdelibs_2.2.2-13.woody.9.diff.gz
      Size/MD5 checksum:    57742 fbdb18745fadbd7d8a90afa9aa3767c5
    kdelibs_2.2.2.orig.tar.gz
      Size/MD5 checksum:  6396699 7a9277a2e727821338f751855c2ce5d3
    kdelibs-crypto_2.2.2-6woody3.dsc
      Size/MD5 checksum:      717 ed37d69135a183a7fff7771cbed7334c
    kdelibs-crypto_2.2.2-6woody3.diff.gz
      Size/MD5 checksum:    27998 31b6014b42c63879a1d20277ae255d67
    kdelibs-crypto_2.2.2.orig.tar.gz
      Size/MD5 checksum:   643622 5ef84fed86c7984f99f8e44e9d5a216a

  Architecture independent components:

    kdelibs3-doc_2.2.2-13.woody.9_all.deb
      Size/MD5 checksum:  2564192 513f8bdfe75d951190f9dacbee767bd8

  Alpha architecture:

    kdelibs-dev_2.2.2-13.woody.9_alpha.deb
      Size/MD5 checksum:   757356 f0217378d9ce13a22652de6e10dfc803
    kdelibs3_2.2.2-13.woody.9_alpha.deb
      Size/MD5 checksum:  7553310 5ed5612401a9e8221f74a2c728d84b10
    kdelibs3-bin_2.2.2-13.woody.9_alpha.deb
      Size/MD5 checksum:   137334 a5681e4f36f3ce5afac8a7cc83051d3b
    kdelibs3-cups_2.2.2-13.woody.9_alpha.deb
      Size/MD5 checksum:   201912 52fd860524415d33ac3a7fcb55372075
    libarts_2.2.2-13.woody.9_alpha.deb
      Size/MD5 checksum:  1022278 c5af6f967923ba2b42101f51ba761789
    libarts-alsa_2.2.2-13.woody.9_alpha.deb
      Size/MD5 checksum:  1029252 487937ab90a6f4901d5ccb3ce797a791
    libarts-dev_2.2.2-13.woody.9_alpha.deb
      Size/MD5 checksum:   198146 fb0b344662b1f3670f368d176932eee9
    libkmid_2.2.2-13.woody.9_alpha.deb
      Size/MD5 checksum:   174606 1fb8e8f2b97cf368e3212f06cccbcf5c
    libkmid-alsa_2.2.2-13.woody.9_alpha.deb
      Size/MD5 checksum:   178042 ca6839e78ada20e5ec5aedeea2941ed2
    libkmid-dev_2.2.2-13.woody.9_alpha.deb
      Size/MD5 checksum:    37178 954880c404f917b0c4d52fab495a2d2a
    kdelibs3-crypto_2.2.2-6woody3_alpha.deb
      Size/MD5 checksum:   132308 c45ff6ad0e59ffbde75f60e881bb7f33

  ARM architecture:

    kdelibs-dev_2.2.2-13.woody.9_arm.deb
      Size/MD5 checksum:   743636 582822a51e0791c14bb61a88d4c532a8
    kdelibs3_2.2.2-13.woody.9_arm.deb
      Size/MD5 checksum:  6589260 e51c1b45581802ac29535b2502f7e68b
    kdelibs3-bin_2.2.2-13.woody.9_arm.deb
      Size/MD5 checksum:   104500 d257d75028eaf7fa60044a1ef65395b7
    kdelibs3-cups_2.2.2-13.woody.9_arm.deb
      Size/MD5 checksum:   186484 f8bcc08992cad0bdfc42aaa889c43dca
    libarts_2.2.2-13.woody.9_arm.deb
      Size/MD5 checksum:   651698 790e861dbdebd7a8aa03e4b701262893
    libarts-alsa_2.2.2-13.woody.9_arm.deb
      Size/MD5 checksum:   655320 0f87c4357cb2c97f6f86f84df6139219
    libarts-dev_2.2.2-13.woody.9_arm.deb
      Size/MD5 checksum:   155470 76adc91ee1ca2458ada23f93eaeb6e40
    libkmid_2.2.2-13.woody.9_arm.deb
      Size/MD5 checksum:   124756 3195fcbfd52acec5953e0bbcedca8aa0
    libkmid-alsa_2.2.2-13.woody.9_arm.deb
      Size/MD5 checksum:   127850 c88e0ed19a673a5a6695e068f3d42a1e
    libkmid-dev_2.2.2-13.woody.9_arm.deb
      Size/MD5 checksum:    37178 b627b18081d64f9847dfcc3cf950540c
    kdelibs3-crypto_2.2.2-6woody3_arm.deb
      Size/MD5 checksum:   116866 112f16beafbfb5c3f6e84a0f82fbf47a

  Intel IA-32 architecture:

    kdelibs-dev_2.2.2-13.woody.9_i386.deb
      Size/MD5 checksum:   742904 511b173eff43852f5b46809d308b4f39
    kdelibs3_2.2.2-13.woody.9_i386.deb
      Size/MD5 checksum:  6618718 7541c48564991d9d5b5725e8a24a8e28
    kdelibs3-bin_2.2.2-13.woody.9_i386.deb
      Size/MD5 checksum:   106020 54ffc6f500613edee112b9c35d3ab63e
    kdelibs3-cups_2.2.2-13.woody.9_i386.deb
      Size/MD5 checksum:   182914 dbe4e1b8d4b0fdf8400a6a0fbb286556
    libarts_2.2.2-13.woody.9_i386.deb
      Size/MD5 checksum:   625082 0197017288a6182ebfe712ddd04df181
    libarts-alsa_2.2.2-13.woody.9_i386.deb
      Size/MD5 checksum:   629410 fc68ebc71fa909d98ea1f059d0e6b7c4
    libarts-dev_2.2.2-13.woody.9_i386.deb
      Size/MD5 checksum:   154838 059ccfee34f7eeda897b8c70573ab353
    libkmid_2.2.2-13.woody.9_i386.deb
      Size/MD5 checksum:   123372 1a948355c2721b3e7920eec893c24d09
    libkmid-alsa_2.2.2-13.woody.9_i386.deb
      Size/MD5 checksum:   126480 04909219fb87f1b15c14c260e2d82b4f
    libkmid-dev_2.2.2-13.woody.9_i386.deb
      Size/MD5 checksum:    37168 452a8e68c12911bfb5f7538c4335d578
    kdelibs3-crypto_2.2.2-6woody3_i386.deb
      Size/MD5 checksum:   114786 9376b045821bc1b73bbb203b501417bb

  Intel IA-64 architecture:

    kdelibs-dev_2.2.2-13.woody.9_ia64.deb
      Size/MD5 checksum:   767694 159fd0faccec79ca4c9b1699082d0b84
    kdelibs3_2.2.2-13.woody.9_ia64.deb
      Size/MD5 checksum:  8858496 4cc7032dbe64b7863312c184873063c3
    kdelibs3-bin_2.2.2-13.woody.9_ia64.deb
      Size/MD5 checksum:   153648 cf8aa387c1e95e0e9d4e4720a28b3622
    kdelibs3-cups_2.2.2-13.woody.9_ia64.deb
      Size/MD5 checksum:   256978 bf1511ab930a97161589e8aecfd0bfc4
    libarts_2.2.2-13.woody.9_ia64.deb
      Size/MD5 checksum:  1045296 a46b70370e2923bab6a6379de1131c8a
    libarts-alsa_2.2.2-13.woody.9_ia64.deb
      Size/MD5 checksum:  1050706 4c51730c63329946668b91ff50513a68
    libarts-dev_2.2.2-13.woody.9_ia64.deb
      Size/MD5 checksum:   199444 72d92c0d58db43e349707d826e844272
    libkmid_2.2.2-13.woody.9_ia64.deb
      Size/MD5 checksum:   185482 ae1ac258f56cbb8a6131a49775b24dba
    libkmid-alsa_2.2.2-13.woody.9_ia64.deb
      Size/MD5 checksum:   190976 3e8e86ec9327e259dfdc8af1dc36f344
    libkmid-dev_2.2.2-13.woody.9_ia64.deb
      Size/MD5 checksum:    37174 d11bf96dff94f242f3d47825e88b2bd0
    kdelibs3-crypto_2.2.2-6woody3_ia64.deb
      Size/MD5 checksum:   165430 7fb005c26b4bf760a2fab8dbda194490

  HP Precision architecture:

    kdelibs-dev_2.2.2-13.woody.9_hppa.deb
      Size/MD5 checksum:   749730 377e9a162901ffa8d58bfd1d4a62eef9
    kdelibs3_2.2.2-13.woody.9_hppa.deb
      Size/MD5 checksum:  7343976 16d7806ec26962b7edd820e227d4f28a
    kdelibs3-bin_2.2.2-13.woody.9_hppa.deb
      Size/MD5 checksum:   117364 a5122c00fc269f54b41c817fa0821759
    kdelibs3-cups_2.2.2-13.woody.9_hppa.deb
      Size/MD5 checksum:   217872 578aa0d21d3ab85b5ce56be95f993e87
    libarts_2.2.2-13.woody.9_hppa.deb
      Size/MD5 checksum:  1111506 b0127b2f0f9b49fcc255125f66245e3b
    libarts-alsa_2.2.2-13.woody.9_hppa.deb
      Size/MD5 checksum:  1115366 e1b32777d376e3da71a2ec85e13007f2
    libarts-dev_2.2.2-13.woody.9_hppa.deb
      Size/MD5 checksum:   207442 9b1ed0a36db94d37c9e95755b9235717
    libkmid_2.2.2-13.woody.9_hppa.deb
      Size/MD5 checksum:   171920 1f4456c6d1ccec2e978393a34c8ae770
    libkmid-alsa_2.2.2-13.woody.9_hppa.deb
      Size/MD5 checksum:   176012 882ebdacc219244144b28b6b6abe1478
    libkmid-dev_2.2.2-13.woody.9_hppa.deb
      Size/MD5 checksum:    37174 c78ca39cd1a5b14b4ffdb63ae3f04212
    kdelibs3-crypto_2.2.2-6woody3_hppa.deb
      Size/MD5 checksum:   136082 ab486e68cfed055f7fcf5b04fb834a42

  Motorola 680x0 architecture:

    kdelibs-dev_2.2.2-13.woody.9_m68k.deb
      Size/MD5 checksum:   740024 33dad83286e7c582a6e83d182f9220f5
    kdelibs3_2.2.2-13.woody.9_m68k.deb
      Size/MD5 checksum:  6484306 78004afecfecae86eec161b51a7b3f74
    kdelibs3-bin_2.2.2-13.woody.9_m68k.deb
      Size/MD5 checksum:   103554 5a2e7e38451b360ebe8008ee6b12efa1
    kdelibs3-cups_2.2.2-13.woody.9_m68k.deb
      Size/MD5 checksum:   178502 1e6e5866b5fa54ace57b07870c3a88cd
    libarts_2.2.2-13.woody.9_m68k.deb
      Size/MD5 checksum:   628710 9d9c488ee98a5e25e1bb126136bed18d
    libarts-alsa_2.2.2-13.woody.9_m68k.deb
      Size/MD5 checksum:   633156 937998911a44df94f482371bb3d0ceb1
    libarts-dev_2.2.2-13.woody.9_m68k.deb
      Size/MD5 checksum:   151070 a612e9dd2a85848c222213edc655aed0
    libkmid_2.2.2-13.woody.9_m68k.deb
      Size/MD5 checksum:   120702 a972a5b5e842021fa4536e03dbef5681
    libkmid-alsa_2.2.2-13.woody.9_m68k.deb
      Size/MD5 checksum:   123618 a824bd1f7f83bca1a22b1fd8efd89e97
    libkmid-dev_2.2.2-13.woody.9_m68k.deb
      Size/MD5 checksum:    37188 b04dc0535aee7110e7e047ef09de6ba6
    kdelibs3-crypto_2.2.2-6woody3_m68k.deb
      Size/MD5 checksum:   113428 d42081bda7a9ade52bbfcb77a5076640

  Big endian MIPS architecture:

    kdelibs-dev_2.2.2-13.woody.9_mips.deb
      Size/MD5 checksum:   739864 9e68616ce1e5ed09f6e520767cf5dc9b
    kdelibs3_2.2.2-13.woody.9_mips.deb
      Size/MD5 checksum:  6283770 6ea6b0354641ab2fc12b8b2ae6d9c345
    kdelibs3-bin_2.2.2-13.woody.9_mips.deb
      Size/MD5 checksum:   106828 e6d3a1178ee158a8651f01a1549b8473
    kdelibs3-cups_2.2.2-13.woody.9_mips.deb
      Size/MD5 checksum:   160998 f037bac1ba81714e09c657b5242057c0
    libarts_2.2.2-13.woody.9_mips.deb
      Size/MD5 checksum:   620850 b24accb7ed931c280e853a84e593682b
    libarts-alsa_2.2.2-13.woody.9_mips.deb
      Size/MD5 checksum:   625050 c984356fbcddcd3f31be6b2f72f1945a
    libarts-dev_2.2.2-13.woody.9_mips.deb
      Size/MD5 checksum:   175800 4bf8533e37b93664897c9671f9c88b52
    libkmid_2.2.2-13.woody.9_mips.deb
      Size/MD5 checksum:   124194 ae9f6c3f3744e787ad2ec925c7be3a3e
    libkmid-alsa_2.2.2-13.woody.9_mips.deb
      Size/MD5 checksum:   127232 b93084e097c138a4b719bfbe27048283
    libkmid-dev_2.2.2-13.woody.9_mips.deb
      Size/MD5 checksum:    37176 07bfd5a431bb357b291599ff0221a27b
    kdelibs3-crypto_2.2.2-6woody3_mips.deb
      Size/MD5 checksum:   100440 3c3a1317d2d7a833fa784ff2215b45db

  Little endian MIPS architecture:

    kdelibs-dev_2.2.2-13.woody.9_mipsel.deb
      Size/MD5 checksum:   739198 18695e0b106bb0aa3098bcbaa4411860
    kdelibs3_2.2.2-13.woody.9_mipsel.deb
      Size/MD5 checksum:  6190086 a9b504129ea5bc94756f05708317d8e2
    kdelibs3-bin_2.2.2-13.woody.9_mipsel.deb
      Size/MD5 checksum:   105800 483bbc8d7a6c868b16a4b5c913f4b925
    kdelibs3-cups_2.2.2-13.woody.9_mipsel.deb
      Size/MD5 checksum:   159206 3d2c9e620e1618e9724659f70ebd5122
    libarts_2.2.2-13.woody.9_mipsel.deb
      Size/MD5 checksum:   613640 fd0164388b5804a897310e4dcb6642d2
    libarts-alsa_2.2.2-13.woody.9_mipsel.deb
      Size/MD5 checksum:   617270 febf61be2c478965446c76a0743cfd0d
    libarts-dev_2.2.2-13.woody.9_mipsel.deb
      Size/MD5 checksum:   175038 9ff953264d6efa3c3b46febe80a180f3
    libkmid_2.2.2-13.woody.9_mipsel.deb
      Size/MD5 checksum:   123222 151d5cbfdd8976869b76833bf9c41485
    libkmid-alsa_2.2.2-13.woody.9_mipsel.deb
      Size/MD5 checksum:   126198 e47a006ab02abc014ff9c811da24e733
    libkmid-dev_2.2.2-13.woody.9_mipsel.deb
      Size/MD5 checksum:    37172 9ec9dfba98a66eee4c71bee3636db5cf
    kdelibs3-crypto_2.2.2-6woody3_mipsel.deb
      Size/MD5 checksum:    99306 b715a076f96445f7f67ea9337504e036

  PowerPC architecture:

    kdelibs-dev_2.2.2-13.woody.9_powerpc.deb
      Size/MD5 checksum:   740848 9ad09506cf1162d3e48077a610d20091
    kdelibs3_2.2.2-13.woody.9_powerpc.deb
      Size/MD5 checksum:  6742148 cde3d23e432da394ab05d1d6916cdcbf
    kdelibs3-bin_2.2.2-13.woody.9_powerpc.deb
      Size/MD5 checksum:   105940 71cd753218d69532de5705302590ce1f
    kdelibs3-cups_2.2.2-13.woody.9_powerpc.deb
      Size/MD5 checksum:   182596 de2766fadd2000691c8c13804386b6bf
    libarts_2.2.2-13.woody.9_powerpc.deb
      Size/MD5 checksum:   691116 4c96fec5e0ada5a87e0457e913a2404c
    libarts-alsa_2.2.2-13.woody.9_powerpc.deb
      Size/MD5 checksum:   694560 83b5390dc4817071cea8ba334b42ac3f
    libarts-dev_2.2.2-13.woody.9_powerpc.deb
      Size/MD5 checksum:   153766 431b3242db9bb4bbae261a796abc198c
    libkmid_2.2.2-13.woody.9_powerpc.deb
      Size/MD5 checksum:   127554 a8b106907ae26f93dfc16258fcb95b8c
    libkmid-alsa_2.2.2-13.woody.9_powerpc.deb
      Size/MD5 checksum:   130474 80fb2411ec76ad973639affbf8bb8156
    libkmid-dev_2.2.2-13.woody.9_powerpc.deb
      Size/MD5 checksum:    37176 aa155df2bb3d7b804a2b3844d8411c8f
    kdelibs3-crypto_2.2.2-6woody3_powerpc.deb
      Size/MD5 checksum:   114264 55378be9dccb08796f89afa22a28b0d4

  IBM S/390 architecture:

    kdelibs-dev_2.2.2-13.woody.9_s390.deb
      Size/MD5 checksum:   742338 87712134f20ebc0ab6bb6c34978b0e77
    kdelibs3_2.2.2-13.woody.9_s390.deb
      Size/MD5 checksum:  6740546 df95ca45a806695626117791ca5eb0ae
    kdelibs3-bin_2.2.2-13.woody.9_s390.deb
      Size/MD5 checksum:   110478 0a1a22812ce54d4b95857321fb0c4899
    kdelibs3-cups_2.2.2-13.woody.9_s390.deb
      Size/MD5 checksum:   176980 d57eb74b88eb46e1f5a3f42d54b41ff7
    libarts_2.2.2-13.woody.9_s390.deb
      Size/MD5 checksum:   642230 6bdeb69d9c84ca786226a9b65bc9e22c
    libarts-alsa_2.2.2-13.woody.9_s390.deb
      Size/MD5 checksum:   647372 68d937fd21123718b0579498a8de0717
    libarts-dev_2.2.2-13.woody.9_s390.deb
      Size/MD5 checksum:   151416 51e5a3f4e373743170c3aece69b607dd
    libkmid_2.2.2-13.woody.9_s390.deb
      Size/MD5 checksum:   129900 b409fbac5e6d52ac25533682c99c42d1
    libkmid-alsa_2.2.2-13.woody.9_s390.deb
      Size/MD5 checksum:   133348 e649882d6df4d6b93936167cfa58b997
    libkmid-dev_2.2.2-13.woody.9_s390.deb
      Size/MD5 checksum:    37178 458e02d4c967b1b5df7986cc1d1df285
    kdelibs3-crypto_2.2.2-6woody3_s390.deb
      Size/MD5 checksum:   115540 49c39c4b74b36cdd7ad0dc31731e9b36

  Sun Sparc architecture:

    kdelibs-dev_2.2.2-13.woody.9_sparc.deb
      Size/MD5 checksum:   741710 2d53eb502413a78518b6faff10fd6f87
    kdelibs3_2.2.2-13.woody.9_sparc.deb
      Size/MD5 checksum:  6578762 3a56f1bb8543ce795d1ded8f210b009a
    kdelibs3-bin_2.2.2-13.woody.9_sparc.deb
      Size/MD5 checksum:   117752 fc5b23c8f18472388c7983a85ea1425b
    kdelibs3-cups_2.2.2-13.woody.9_sparc.deb
      Size/MD5 checksum:   184220 01f18665e792bacc7c069050c37f5a1c
    libarts_2.2.2-13.woody.9_sparc.deb
      Size/MD5 checksum:   664976 95ef602ec002bc602d2165a846341014
    libarts-alsa_2.2.2-13.woody.9_sparc.deb
      Size/MD5 checksum:   668858 fd1485e80081297e3421c26f36b8a6e7
    libarts-dev_2.2.2-13.woody.9_sparc.deb
      Size/MD5 checksum:   151792 d0b0f8ce4021d45541420ceb7fcb134f
    libkmid_2.2.2-13.woody.9_sparc.deb
      Size/MD5 checksum:   128658 1a54b9ab4865fc7b79b353b49501330a
    libkmid-alsa_2.2.2-13.woody.9_sparc.deb
      Size/MD5 checksum:   131372 019e6578b99f058db3b9667bd99cda52
    libkmid-dev_2.2.2-13.woody.9_sparc.deb
      Size/MD5 checksum:    37174 ab26367c83295111c9c23f990d7f176e
    kdelibs3-crypto_2.2.2-6woody3_sparc.deb
      Size/MD5 checksum:   114686 7f2aa8271117819957064ae204684697

  These files will probably be moved into the stable distribution on
  its next revision.

--------------------------------------------------------------------------------
-
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-securitydists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAT34yArxCt0PiXR4RAoC/AKCe0P+Og/cYcSeJopdt6mk2JFo6RwCgyReH
wPK+PwZe45XFHPMRE3k8Ahg=
=VB9b
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
 listmaster@lists.debian.org
Pro-Linux
Pro-Linux @Twitter
Neue Nachrichten

1
Kieler Open Source und Linux Tage im September

6
Parrot motzt Qua­dro­k­op­ter Ar.Drone auf

16
Oracle ändert Lizenz der MySQL-Do­ku­men­ta­ti­on

0
Mün­che­ner OpenSour­ce-Ta­ge

8
Canonical gründet »Carrier Advisory Group« zur Ver­mark­tung von Ubuntu Phones

0
Humble Bundle mit Android 6

2
Sub­ver­si­on 1.8 ver­öf­fent­licht

18
Parted Magic 2013_06_15 passt Größe von defekten NTFS-Par­ti­tio­nen an

18
LLVM 3.3 frei­ge­ge­ben

2
Mozilla stellt Science Lab vor
 
Werbung