Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in kde
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in kde
ID: DSA-388-1
Distribution: Debian
Plattformen: Debian woody
Datum: Sa, 20. September 2003, 13:00
Referenzen: Keine Angabe
Applikationen: KDE Software Compilation

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------------
Debian Security Advisory DSA 388-1 security@debian.org
http://www.debian.org/security/ Matt Zimmerman
September 19th, 2003 http://www.debian.org/security/faq
--------------------------------------------------------------------------

Package : kdebase
Vulnerability : several
Problem-Type : remote
Debian-specific: no
CVE Ids : CAN-2003-0690 CAN-2003-0692

Two vulnerabilities were discovered in kdebase:

- CAN-2003-0690

KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred
function call succeeds, which may allow attackers to gain root
privileges by triggering error conditions within PAM modules, as
demonstrated in certain configurations of the MIT pam_krb5 module.

- CAN-2003-0692

KDM in KDE 3.1.3 and earlier uses a weak session cookie generation
algorithm that does not provide 128 bits of entropy, which allows
attackers to guess session cookies via brute force methods and gain
access to the user session.

These vulnerabilities are described in the following security
advisory from KDE:

http://www.kde.org/info/security/advisory-20030916-1.txt

For the current stable distribution (woody) these problems have been
fixed in version 4:2.2.2-14.7.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you update your kdebase package.

Upgrade Instructions
--------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
--------------------------------

Source archives:

kdebase_2.2.2-14.7.dsc
Size/MD5 checksum: 1155 31c8ff65c972d6c6e540210a8f18c60d
kdebase_2.2.2-14.7.diff.gz
Size/MD5 checksum: 72312 96f4010d327e7dfff6a6ebf9a2dd3fe8
kdebase_2.2.2.orig.tar.gz
Size/MD5 checksum: 13035693 3c17b6821bbd05c7e04682c70cb7de8a

Architecture independent components:

kdebase-doc_2.2.2-14.7_all.deb
Size/MD5 checksum: 3140674 9c4c97ef71034db30634d3b8bfc116cd
kdewallpapers_2.2.2-14.7_all.deb
Size/MD5 checksum: 961884 54e9beff1491a4107ef6b175a3670b5b

Alpha architecture:

kate_2.2.2-14.7_alpha.deb
Size/MD5 checksum: 488662 80dc71b4159eb573be3d8ae0723b06ec
kdebase_2.2.2-14.7_alpha.deb
Size/MD5 checksum: 6991610 d50f122f9a38a320ad51f2f3dce3c60f
kdebase-audiolibs_2.2.2-14.7_alpha.deb
Size/MD5 checksum: 107782 7224b7630e95e29db24fc7c57736cd51
kdebase-dev_2.2.2-14.7_alpha.deb
Size/MD5 checksum: 49198 47b5dcdff7a5b09d7b7b99b7c41a2bc9
kdebase-libs_2.2.2-14.7_alpha.deb
Size/MD5 checksum: 1988802 c48cbc18b9b09bf05ad703759b4df135
kdm_2.2.2-14.7_alpha.deb
Size/MD5 checksum: 435896 bb2efcc65802f93e7ec2e79c70591d69
konqueror_2.2.2-14.7_alpha.deb
Size/MD5 checksum: 2228766 54d09f6a136ae8412798a6945148a83c
konsole_2.2.2-14.7_alpha.deb
Size/MD5 checksum: 538322 3e728d9c54cdf2a921c19c35bfbf9e34
kscreensaver_2.2.2-14.7_alpha.deb
Size/MD5 checksum: 482488 26873a3689a14283d305c0c14d242c8f
libkonq-dev_2.2.2-14.7_alpha.deb
Size/MD5 checksum: 45720 71bbfdee9a9bef7cbba28872475531e0
libkonq3_2.2.2-14.7_alpha.deb
Size/MD5 checksum: 270198 dff8ed564d6b5d68729d6786a9d035a1

ARM architecture:

kate_2.2.2-14.7_arm.deb
Size/MD5 checksum: 418584 9cc9694cf90366e08c4695d0fcb717a2
kdebase_2.2.2-14.7_arm.deb
Size/MD5 checksum: 6520174 af7409624ada98d25d4e8e73fdc77bf0
kdebase-audiolibs_2.2.2-14.7_arm.deb
Size/MD5 checksum: 86186 1a404a53098e6b70b87e6c3582647746
kdebase-dev_2.2.2-14.7_arm.deb
Size/MD5 checksum: 48276 b3548084bb7c679152de817ad84cc1d0
kdebase-libs_2.2.2-14.7_arm.deb
Size/MD5 checksum: 1680478 1daae6630b548a338635e054e57a99aa
kdm_2.2.2-14.7_arm.deb
Size/MD5 checksum: 390706 9c09e27a75ed46cf03cdf9c5048d43bb
konqueror_2.2.2-14.7_arm.deb
Size/MD5 checksum: 1926324 7b45402ad954f08718189c1d0a518c89
konsole_2.2.2-14.7_arm.deb
Size/MD5 checksum: 457258 d8d42dc8d0dcd75e2f3868efbd2254b4
kscreensaver_2.2.2-14.7_arm.deb
Size/MD5 checksum: 375300 e19ec0c9c0f7b5c653449666e28b5c24
libkonq-dev_2.2.2-14.7_arm.deb
Size/MD5 checksum: 45718 0f0f0344e1ea9cea08f7fa3110937da6
libkonq3_2.2.2-14.7_arm.deb
Size/MD5 checksum: 215722 a24ccfaaa63b99dd7fd2a584aaba2059

Intel IA-32 architecture:

kate_2.2.2-14.7_i386.deb
Size/MD5 checksum: 407688 44b4de1c07839e33e752c196154737a3
kdebase_2.2.2-14.7_i386.deb
Size/MD5 checksum: 6486176 7bfe252a888bf1528bdb4c5c06381f34
kdebase-audiolibs_2.2.2-14.7_i386.deb
Size/MD5 checksum: 83710 3fd9ef5e07c0d7bb676caef616e95802
kdebase-dev_2.2.2-14.7_i386.deb
Size/MD5 checksum: 47480 7e87e09f9ec34fe889cb60290de6a6db
kdebase-libs_2.2.2-14.7_i386.deb
Size/MD5 checksum: 1652552 7107c0ff7f48fa405a89c85957413223
kdm_2.2.2-14.7_i386.deb
Size/MD5 checksum: 395622 cdcd5cfe5a0a567702cae31e5a1b8fbc
konqueror_2.2.2-14.7_i386.deb
Size/MD5 checksum: 1929002 fdc0a7806bd5a30477656a39a657152b
konsole_2.2.2-14.7_i386.deb
Size/MD5 checksum: 458782 f170f9a93dd8019a5a6dcf842387da11
kscreensaver_2.2.2-14.7_i386.deb
Size/MD5 checksum: 396018 26ccbee8ab1d16f0077f84ed7f1de952
libkonq-dev_2.2.2-14.7_i386.deb
Size/MD5 checksum: 45710 5064f0b3263f9e7418d4a349e987daeb
libkonq3_2.2.2-14.7_i386.deb
Size/MD5 checksum: 220702 ead768d03c91bbe36f57391869f3815e

Intel IA-64 architecture:

kate_2.2.2-14.7_ia64.deb
Size/MD5 checksum: 611658 381b1d3b42e999ab2eb5bb16ed8c9062
kdebase_2.2.2-14.7_ia64.deb
Size/MD5 checksum: 7540884 9411eddeeefe051c1c0f246ad2da626b
kdebase-audiolibs_2.2.2-14.7_ia64.deb
Size/MD5 checksum: 119756 94958c35840f86422348c53509e6fdc2
kdebase-dev_2.2.2-14.7_ia64.deb
Size/MD5 checksum: 51944 6d928ecc6f97d5f58c3f5e0b0fe594bf
kdebase-libs_2.2.2-14.7_ia64.deb
Size/MD5 checksum: 2465240 c8db4bef1c89dc21447530fe90e8ccc3
kdm_2.2.2-14.7_ia64.deb
Size/MD5 checksum: 538618 e7e9ffde523cf9af767758bbc3b8ba25
konqueror_2.2.2-14.7_ia64.deb
Size/MD5 checksum: 2489692 8da22b23272082f6f229ae04f828e159
konsole_2.2.2-14.7_ia64.deb
Size/MD5 checksum: 598344 c455fd806ad9b82515da11c5733ce506
kscreensaver_2.2.2-14.7_ia64.deb
Size/MD5 checksum: 551394 0f30053b8adb8a748c52c01c035fbf79
libkonq-dev_2.2.2-14.7_ia64.deb
Size/MD5 checksum: 45710 eb5b335aae95444d2e3d952460d65785
libkonq3_2.2.2-14.7_ia64.deb
Size/MD5 checksum: 347314 0b45e326d9f81f43f09f1f9890d2502e

HP Precision architecture:

kate_2.2.2-14.7_hppa.deb
Size/MD5 checksum: 513666 db51bf94767b820afde012c9787cc704
kdebase_2.2.2-14.7_hppa.deb
Size/MD5 checksum: 6986030 e5e474565f13c54e58b80acf742df7e9
kdebase-audiolibs_2.2.2-14.7_hppa.deb
Size/MD5 checksum: 105830 63e466acf4e35cba44127998d4c2ba43
kdebase-dev_2.2.2-14.7_hppa.deb
Size/MD5 checksum: 49362 08a3887aa21b5f203a1eba448aa2b0ac
kdebase-libs_2.2.2-14.7_hppa.deb
Size/MD5 checksum: 2085222 059df53811c2c05a79c6c88bb8075c21
kdm_2.2.2-14.7_hppa.deb
Size/MD5 checksum: 445668 4f1ae1d486d74bd1d538f6f9e7133e34
konqueror_2.2.2-14.7_hppa.deb
Size/MD5 checksum: 2190018 b5c14133c1969fcf1114006da4385a1b
konsole_2.2.2-14.7_hppa.deb
Size/MD5 checksum: 517436 badef41c1f31a3e1bc390977d639f9ca
kscreensaver_2.2.2-14.7_hppa.deb
Size/MD5 checksum: 456616 8a7728cfe10d713a9bfffbb32e078d89
libkonq-dev_2.2.2-14.7_hppa.deb
Size/MD5 checksum: 45710 8b417ac76421e0ed200967e78003a999
libkonq3_2.2.2-14.7_hppa.deb
Size/MD5 checksum: 259986 2cbff365bd673aaf02f8aad21d8e62cf

Motorola 680x0 architecture:

kate_2.2.2-14.7_m68k.deb
Size/MD5 checksum: 403538 46413388e4ca539da499a028f793d568
kdebase_2.2.2-14.7_m68k.deb
Size/MD5 checksum: 6472614 5a406e5f2331972309a7742cb4b73eaf
kdebase-audiolibs_2.2.2-14.7_m68k.deb
Size/MD5 checksum: 84474 8bfc7998919615512006f43f87dcfc3f
kdebase-dev_2.2.2-14.7_m68k.deb
Size/MD5 checksum: 47254 b50058c4be3504ec661a37be63f16b47
kdebase-libs_2.2.2-14.7_m68k.deb
Size/MD5 checksum: 1633046 bdfed71044521da4ec235dffcecde629
kdm_2.2.2-14.7_m68k.deb
Size/MD5 checksum: 381258 3029ce4fa374468074c290465abeda35
konqueror_2.2.2-14.7_m68k.deb
Size/MD5 checksum: 1915546 7d73940697d6eb8eb14d3c08d872630a
konsole_2.2.2-14.7_m68k.deb
Size/MD5 checksum: 457920 26c8e10fc7eccda5ce859eac7a954cff
kscreensaver_2.2.2-14.7_m68k.deb
Size/MD5 checksum: 394212 d58e5e48cf938e58c9dffbc4d6ab62b1
libkonq-dev_2.2.2-14.7_m68k.deb
Size/MD5 checksum: 45722 ac858735a7ba6efcb5427efc944f6c9c
libkonq3_2.2.2-14.7_m68k.deb
Size/MD5 checksum: 211750 c547f3f97f6571e7286bd977972afd75

Big endian MIPS architecture:

kate_2.2.2-14.7_mips.deb
Size/MD5 checksum: 413318 37ad72bb22d11d3a23886184af2444c0
kdebase_2.2.2-14.7_mips.deb
Size/MD5 checksum: 6476526 2140f34cec36d68c436b92e600a429e8
kdebase-audiolibs_2.2.2-14.7_mips.deb
Size/MD5 checksum: 80918 c943944e6e90d3cc69b95c576d65ccc5
kdebase-dev_2.2.2-14.7_mips.deb
Size/MD5 checksum: 49228 62d5befc36758de6f0bb22b4a81e1d38
kdebase-libs_2.2.2-14.7_mips.deb
Size/MD5 checksum: 1530954 6c4fb3a1c65a7574288b4d5ae4df26ac
kdm_2.2.2-14.7_mips.deb
Size/MD5 checksum: 381188 47afc78fbc30d492505360bf0c8662de
konqueror_2.2.2-14.7_mips.deb
Size/MD5 checksum: 1884772 87ea60f1b2db1d3b7552a56650ca6b9a
konsole_2.2.2-14.7_mips.deb
Size/MD5 checksum: 477382 de33d3dda8e6740819293ff6e6614509
kscreensaver_2.2.2-14.7_mips.deb
Size/MD5 checksum: 419818 ec8e3aacde32a260ac33de03f14d868d
libkonq-dev_2.2.2-14.7_mips.deb
Size/MD5 checksum: 45714 4e3b85503e6612a9d9f1bf7e93b58604
libkonq3_2.2.2-14.7_mips.deb
Size/MD5 checksum: 205726 afd18e6ffa6767c156c0532506572326

Little endian MIPS architecture:

kate_2.2.2-14.7_mipsel.deb
Size/MD5 checksum: 408416 52e9a9dc5737ce77e59210673d4c5403
kdebase_2.2.2-14.7_mipsel.deb
Size/MD5 checksum: 6448488 aba76179ea0d174e91110b25fa476ac8
kdebase-audiolibs_2.2.2-14.7_mipsel.deb
Size/MD5 checksum: 80360 5482d904701050db0b83a53ce1f90501
kdebase-dev_2.2.2-14.7_mipsel.deb
Size/MD5 checksum: 49322 3b6475b86087a2120613b5b622a9569a
kdebase-libs_2.2.2-14.7_mipsel.deb
Size/MD5 checksum: 1512782 10e72b06209374cf7f8ab3658c87d1c6
kdm_2.2.2-14.7_mipsel.deb
Size/MD5 checksum: 378932 beb27b9e08372a31d47291ff834ee138
konqueror_2.2.2-14.7_mipsel.deb
Size/MD5 checksum: 1869448 c1432e2cee10ba6351a336677bb81061
konsole_2.2.2-14.7_mipsel.deb
Size/MD5 checksum: 473800 e051d173b0cdad164690b39655b232c7
kscreensaver_2.2.2-14.7_mipsel.deb
Size/MD5 checksum: 416582 d1de112ca1b2cac4a7b22d7fb9133034
libkonq-dev_2.2.2-14.7_mipsel.deb
Size/MD5 checksum: 45716 de04c26b1d1c9fbe95d5cf0122b78896
libkonq3_2.2.2-14.7_mipsel.deb
Size/MD5 checksum: 203178 86d9e365e93b274db7ed54aad3127d52

PowerPC architecture:

kate_2.2.2-14.7_powerpc.deb
Size/MD5 checksum: 424328 ca38eb48e72e5c5b5bbaa2075d12a764
kdebase_2.2.2-14.7_powerpc.deb
Size/MD5 checksum: 6494498 f9f13c6f40aca74dd026b25489eabf4d
kdebase-audiolibs_2.2.2-14.7_powerpc.deb
Size/MD5 checksum: 85332 51fa63918ec8633404ef36947ba5d95a
kdebase-dev_2.2.2-14.7_powerpc.deb
Size/MD5 checksum: 48340 754ac3fcb53db84fde555de8da97bb6d
kdebase-libs_2.2.2-14.7_powerpc.deb
Size/MD5 checksum: 1664702 d9203298833f118ab7ce7ef2e308beab
kdm_2.2.2-14.7_powerpc.deb
Size/MD5 checksum: 388116 012c32589ce1fa725d8f9b8fdd032143
konqueror_2.2.2-14.7_powerpc.deb
Size/MD5 checksum: 1931056 cc5b79369f220a53c33bd47417d8a1d1
konsole_2.2.2-14.7_powerpc.deb
Size/MD5 checksum: 459528 561d6f24e1cb7e52799f56de86f2fd1f
kscreensaver_2.2.2-14.7_powerpc.deb
Size/MD5 checksum: 369314 8897d0a069e55c97e7cf576f2f149eae
libkonq-dev_2.2.2-14.7_powerpc.deb
Size/MD5 checksum: 45712 28097e1cc5a1ff041cfd335013b7c979
libkonq3_2.2.2-14.7_powerpc.deb
Size/MD5 checksum: 220196 55dd51643f1c9ddd61f4e905b92703c0

IBM S/390 architecture:

kate_2.2.2-14.7_s390.deb
Size/MD5 checksum: 434414 bfc9c3f5fef1f29a29b69a586258bc52
kdebase_2.2.2-14.7_s390.deb
Size/MD5 checksum: 6576538 7053475a40ad961ce485cb8849f215de
kdebase-audiolibs_2.2.2-14.7_s390.deb
Size/MD5 checksum: 85154 5dca11d8b8245075378d00745b13a8b7
kdebase-dev_2.2.2-14.7_s390.deb
Size/MD5 checksum: 47800 cb3696726eafd1569add11a71749006d
kdebase-libs_2.2.2-14.7_s390.deb
Size/MD5 checksum: 1698716 79c923984c0ecfa5a6d1ef3f5bb9104a
kdm_2.2.2-14.7_s390.deb
Size/MD5 checksum: 391844 5ef33410d162cfbc9f03083293521806
konqueror_2.2.2-14.7_s390.deb
Size/MD5 checksum: 1977618 9042e5b8a4faaf9a4739270bf4c8ec55
konsole_2.2.2-14.7_s390.deb
Size/MD5 checksum: 478288 1ae437e8648fb69a8e6885386090f53a
kscreensaver_2.2.2-14.7_s390.deb
Size/MD5 checksum: 428430 87148555670e4398bd57fb1531c19a31
libkonq-dev_2.2.2-14.7_s390.deb
Size/MD5 checksum: 45716 8cce928171c2e30357e792901b1bfb47
libkonq3_2.2.2-14.7_s390.deb
Size/MD5 checksum: 227282 f77e6738ecb19dec2959e7af4b822233

Sun Sparc architecture:

kate_2.2.2-14.7_sparc.deb
Size/MD5 checksum: 427118 678384917cf681f56170006ffdcdb46f
kdebase_2.2.2-14.7_sparc.deb
Size/MD5 checksum: 6528734 d9c58fd93efa4d6602525383911d2222
kdebase-audiolibs_2.2.2-14.7_sparc.deb
Size/MD5 checksum: 86384 7a4565a9916fabf69d9d374ba9bc571e
kdebase-dev_2.2.2-14.7_sparc.deb
Size/MD5 checksum: 47712 5e7670f9cc821b95ace4be276bb1ee5e
kdebase-libs_2.2.2-14.7_sparc.deb
Size/MD5 checksum: 1670992 b193200565ed308bd96aba3eef51ea24
kdm_2.2.2-14.7_sparc.deb
Size/MD5 checksum: 390488 25082b02c2bd4f976d720375568995fb
konqueror_2.2.2-14.7_sparc.deb
Size/MD5 checksum: 1939688 e0b1f863b6e6812a8c1dc07c74ee39bd
konsole_2.2.2-14.7_sparc.deb
Size/MD5 checksum: 468530 bbd5aa7c767cffb04b47bc4e3079e717
kscreensaver_2.2.2-14.7_sparc.deb
Size/MD5 checksum: 391066 54cdb682908fb36658c2d8c05d2285e3
libkonq-dev_2.2.2-14.7_sparc.deb
Size/MD5 checksum: 45712 c80a5e1fa6693b6495a61f9e45f477ee
libkonq3_2.2.2-14.7_sparc.deb
Size/MD5 checksum: 219042 43e9165b5d7a775052008039dcbc33f1

These files will probably be moved into the stable distribution on
its next revision.

--------------------------------------------------------------------------------
-
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-securitydists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/a7zeArxCt0PiXR4RAsVeAKCFqCX8/xe62UNI+757jHaVLxezZwCgwiWR
lwqiWDdwDVZPnqrbKqvNyLQ=
=44aB
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung