- -------------------------------------------------------------------------- Debian Security Advisory DSA 234-1 [email protected] http://www.debian.org/security/ Martin Schulze January 22nd, 2003 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : kdeadmin Vulnerability : several Problem-type : local, remote Debian-specific: no CVE Id : CAN-2002-1393 The KDE team discovered several vulnerabilities in the K Desktop Environment. In some instances KDE fails to properly quote parameters of instructions passed to a command shell for execution. These parameters may incorporate data such as URLs, filenames and e-mail addresses, and this data may be provided remotely to a victim in an e-mail, a webpage or files on a network filesystem or other untrusted source. By carefully crafting such data an attacker might be able to execute arbitary commands on a vulnerable sytem using the victim's account and privileges. The KDE Project is not aware of any existing exploits of these vulnerabilities. The patches also provide better safe guards and check data from untrusted sources more strictly in multiple places. For the current stable distribution (woody), these problems have been fixed in version 2.2.2-7.2 The old stable distribution (potato) does not contain KDE packages. For the unstable distribution (sid), these problems will most probably not be fixed but new packages for KDE 3.1 for sid are expected for this year. We recommend that you upgrade your KDE packages. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/k/kdeadmin/kdeadmin_2.2.2-7.2.dsc Size/MD5 checksum: 922 1c987ba703ca3f18c58d09828783cdbd http://security.debian.org/pool/updates/main/k/kdeadmin/kdeadmin_2.2.2-7.2.diff.gz Size/MD5 checksum: 23669 f767d5be73d74af4ffe36a368d364b96 http://security.debian.org/pool/updates/main/k/kdeadmin/kdeadmin_2.2.2.orig.tar.gz Size/MD5 checksum: 848413 d3e8bc7ae67b82d3a3e3f488fb690e1b Alpha architecture: http://security.debian.org/pool/updates/main/k/kdeadmin/kcmlinuz_2.2.2-7.2_alpha.deb Size/MD5 checksum: 153206 e708ef2b34d2e42475616f3dda45cbd3 http://security.debian.org/pool/updates/main/k/kdeadmin/kcron_2.2.2-7.2_alpha.deb Size/MD5 checksum: 273182 2246d41c01dff1a56deee2c53fcf94c7 http://security.debian.org/pool/updates/main/k/kdeadmin/kpackage_2.2.2-7.2_alpha.deb Size/MD5 checksum: 230968 07913b8eb8622e57d3a99cf4f6ec6b69 http://security.debian.org/pool/updates/main/k/kdeadmin/ksysv_2.2.2-7.2_alpha.deb Size/MD5 checksum: 189834 11c550096b7eb87c215d67187048b91f http://security.debian.org/pool/updates/main/k/kdeadmin/kuser_2.2.2-7.2_alpha.deb Size/MD5 checksum: 110280 98e7c0cfd3e2edf630f7885b0a09211d http://security.debian.org/pool/updates/main/k/kdeadmin/kwuftpd_2.2.2-7.2_alpha.deb Size/MD5 checksum: 216204 50b208e8d15a81ff45b46bc84235fa00 http://security.debian.org/pool/updates/main/k/kdeadmin/secpolicy_2.2.2-7.2_alpha.deb Size/MD5 checksum: 23584 025b3e2217e3a12d80a37163da50777c ARM architecture: http://security.debian.org/pool/updates/main/k/kdeadmin/kcmlinuz_2.2.2-7.2_arm.deb Size/MD5 checksum: 144850 9c680a3cf5bbb391fadb4734a7e0530b http://security.debian.org/pool/updates/main/k/kdeadmin/kcron_2.2.2-7.2_arm.deb Size/MD5 checksum: 202178 8716c754bb0f45f63b9c6f6d51c44df4 http://security.debian.org/pool/updates/main/k/kdeadmin/kpackage_2.2.2-7.2_arm.deb Size/MD5 checksum: 186018 3482c5c0af6528d44331b269165b307b http://security.debian.org/pool/updates/main/k/kdeadmin/ksysv_2.2.2-7.2_arm.deb Size/MD5 checksum: 149514 445fbe177f06551ae1bc43866cecddcf http://security.debian.org/pool/updates/main/k/kdeadmin/kuser_2.2.2-7.2_arm.deb Size/MD5 checksum: 91434 852c61ff06504f467a21a2da8d89a015 http://security.debian.org/pool/updates/main/k/kdeadmin/kwuftpd_2.2.2-7.2_arm.deb Size/MD5 checksum: 187684 8e9dfbecb9f6c772e60b68b7b6fe877d http://security.debian.org/pool/updates/main/k/kdeadmin/secpolicy_2.2.2-7.2_arm.deb Size/MD5 checksum: 20394 d92b88ec72d4085ad75b45bc86687c44 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/k/kdeadmin/kcmlinuz_2.2.2-7.2_i386.deb Size/MD5 checksum: 141688 f89893ede2df05e92e463864696f1897 http://security.debian.org/pool/updates/main/k/kdeadmin/kcron_2.2.2-7.2_i386.deb Size/MD5 checksum: 182192 e0d3620de12a3331ea2230d9b749bfae http://security.debian.org/pool/updates/main/k/kdeadmin/kpackage_2.2.2-7.2_i386.deb Size/MD5 checksum: 179986 24a8ff7a51ec008fd1c485f1d0905126 http://security.debian.org/pool/updates/main/k/kdeadmin/ksysv_2.2.2-7.2_i386.deb Size/MD5 checksum: 151736 29c2e6e689fb4bec5ad4c2cf563f68d3 http://security.debian.org/pool/updates/main/k/kdeadmin/kuser_2.2.2-7.2_i386.deb Size/MD5 checksum: 91936 5bc7ee6fa4a9f95b727f1e8d19179962 http://security.debian.org/pool/updates/main/k/kdeadmin/kwuftpd_2.2.2-7.2_i386.deb Size/MD5 checksum: 184704 22218d2ffd1e25e7ca695c534d6d8e5c http://security.debian.org/pool/updates/main/k/kdeadmin/lilo-config_2.2.2-7.2_i386.deb Size/MD5 checksum: 93152 b7266d318e7c3fb098a18cc5c6aac69f http://security.debian.org/pool/updates/main/k/kdeadmin/secpolicy_2.2.2-7.2_i386.deb Size/MD5 checksum: 21666 7c0c4059900ff35c2a6e705cebdb0a21 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/k/kdeadmin/kcmlinuz_2.2.2-7.2_ia64.deb Size/MD5 checksum: 169926 1ab6f22c96e0dbc0e06ac013d1ae8d57 http://security.debian.org/pool/updates/main/k/kdeadmin/kcron_2.2.2-7.2_ia64.deb Size/MD5 checksum: 219624 1336ce2a99c9951e9e79bba6a907c8d2 http://security.debian.org/pool/updates/main/k/kdeadmin/kpackage_2.2.2-7.2_ia64.deb Size/MD5 checksum: 299542 ed0092e573f76061889a9e4ea8a40337 http://security.debian.org/pool/updates/main/k/kdeadmin/ksysv_2.2.2-7.2_ia64.deb Size/MD5 checksum: 228488 e61fc7237e729249c4c4368dcc0080e7 http://security.debian.org/pool/updates/main/k/kdeadmin/kuser_2.2.2-7.2_ia64.deb Size/MD5 checksum: 129938 e7cd718dd2ac79bd396d268fb8ff8a62 http://security.debian.org/pool/updates/main/k/kdeadmin/kwuftpd_2.2.2-7.2_ia64.deb Size/MD5 checksum: 243448 24c2386d863e234db3f5bef9f328ea5c http://security.debian.org/pool/updates/main/k/kdeadmin/secpolicy_2.2.2-7.2_ia64.deb Size/MD5 checksum: 23552 dfd3a70e0d4c3ab8ad4efcccf99d9518 HP Precision architecture: http://security.debian.org/pool/updates/main/k/kdeadmin/kcmlinuz_2.2.2-7.2_hppa.deb Size/MD5 checksum: 154410 d05f80703cce1c8c65516cea5dbcfe8a http://security.debian.org/pool/updates/main/k/kdeadmin/kcron_2.2.2-7.2_hppa.deb Size/MD5 checksum: 214620 383d6e1b41ca864580e32e5c5bbd6a4f http://security.debian.org/pool/updates/main/k/kdeadmin/kpackage_2.2.2-7.2_hppa.deb Size/MD5 checksum: 222352 5e3806e74346ea3f6e688dd69043b89d http://security.debian.org/pool/updates/main/k/kdeadmin/ksysv_2.2.2-7.2_hppa.deb Size/MD5 checksum: 185056 55ebbdd65448061c33e2ba67bf856bf7 http://security.debian.org/pool/updates/main/k/kdeadmin/kuser_2.2.2-7.2_hppa.deb Size/MD5 checksum: 107830 9aad3783b609fc6bbdb8464ae1f2114e http://security.debian.org/pool/updates/main/k/kdeadmin/kwuftpd_2.2.2-7.2_hppa.deb Size/MD5 checksum: 230638 aa3d3c62f36777242af5fa3e6febb1bf http://security.debian.org/pool/updates/main/k/kdeadmin/secpolicy_2.2.2-7.2_hppa.deb Size/MD5 checksum: 22844 dad913929d4fa96a75cddbc3e12a6211 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/k/kdeadmin/kcmlinuz_2.2.2-7.2_m68k.deb Size/MD5 checksum: 140660 81928d11476e54e0d4e65323eb7997cc http://security.debian.org/pool/updates/main/k/kdeadmin/kcron_2.2.2-7.2_m68k.deb Size/MD5 checksum: 176254 ba9e6c6d244cfa9b39f3f5b694cea735 http://security.debian.org/pool/updates/main/k/kdeadmin/kpackage_2.2.2-7.2_m68k.deb Size/MD5 checksum: 175182 c72b39577f44ea72d2fd5d6cb96116b8 http://security.debian.org/pool/updates/main/k/kdeadmin/ksysv_2.2.2-7.2_m68k.deb Size/MD5 checksum: 147776 e16487ddb05b126469238a311bef26ef http://security.debian.org/pool/updates/main/k/kdeadmin/kuser_2.2.2-7.2_m68k.deb Size/MD5 checksum: 90996 a84d498d47f3d1b84f44f6f7c1b31c15 http://security.debian.org/pool/updates/main/k/kdeadmin/kwuftpd_2.2.2-7.2_m68k.deb Size/MD5 checksum: 179546 f7d3e2c057064b5db7e1d21a2af9c5a9 http://security.debian.org/pool/updates/main/k/kdeadmin/secpolicy_2.2.2-7.2_m68k.deb Size/MD5 checksum: 22188 40f0ef43476b5ab15e38f92151ccc2fa Big endian MIPS architecture: http://security.debian.org/pool/updates/main/k/kdeadmin/kcmlinuz_2.2.2-7.2_mips.deb Size/MD5 checksum: 138748 d4fc92d8e63db7c4bc9ce283c3db0bcf http://security.debian.org/pool/updates/main/k/kdeadmin/kcron_2.2.2-7.2_mips.deb Size/MD5 checksum: 171894 e9c3ca67b8efb02cfa223ec6d6bdc9eb http://security.debian.org/pool/updates/main/k/kdeadmin/kpackage_2.2.2-7.2_mips.deb Size/MD5 checksum: 198818 15acce76e7269c632e70cb6fa40c457f http://security.debian.org/pool/updates/main/k/kdeadmin/ksysv_2.2.2-7.2_mips.deb Size/MD5 checksum: 171198 1abfb4306e6b910293f2b0357e3d4102 http://security.debian.org/pool/updates/main/k/kdeadmin/kuser_2.2.2-7.2_mips.deb Size/MD5 checksum: 100994 a8139081a311f207ef86491c1e5c6b5b http://security.debian.org/pool/updates/main/k/kdeadmin/kwuftpd_2.2.2-7.2_mips.deb Size/MD5 checksum: 196970 796e2792ec9ff4cffb90681596aa03da http://security.debian.org/pool/updates/main/k/kdeadmin/secpolicy_2.2.2-7.2_mips.deb Size/MD5 checksum: 20238 8e3ed281344f001e6a530265ada7e8dc Little endian MIPS architecture: http://security.debian.org/pool/updates/main/k/kdeadmin/kcmlinuz_2.2.2-7.2_mipsel.deb Size/MD5 checksum: 137978 75cba1cf426da9a96d0f4d0110b93872 http://security.debian.org/pool/updates/main/k/kdeadmin/kcron_2.2.2-7.2_mipsel.deb Size/MD5 checksum: 168956 7fca70632e404a388d7a0b304ce375dc http://security.debian.org/pool/updates/main/k/kdeadmin/kpackage_2.2.2-7.2_mipsel.deb Size/MD5 checksum: 196288 c54aacd4429b7db7fe18739816ea549d http://security.debian.org/pool/updates/main/k/kdeadmin/ksysv_2.2.2-7.2_mipsel.deb Size/MD5 checksum: 169274 299412cc5d7777fa2bd7eaeb5e5f4066 http://security.debian.org/pool/updates/main/k/kdeadmin/kuser_2.2.2-7.2_mipsel.deb Size/MD5 checksum: 100052 f758b5aa034b8317b41903ffeb89bea3 http://security.debian.org/pool/updates/main/k/kdeadmin/kwuftpd_2.2.2-7.2_mipsel.deb Size/MD5 checksum: 195920 a8eb1cf2f428002162e89032a91bf409 http://security.debian.org/pool/updates/main/k/kdeadmin/secpolicy_2.2.2-7.2_mipsel.deb Size/MD5 checksum: 20212 b50b343b3aefae64983ca7779e3eafe9 PowerPC architecture: http://security.debian.org/pool/updates/main/k/kdeadmin/kcmlinuz_2.2.2-7.2_powerpc.deb Size/MD5 checksum: 143140 e9d58d07bed590dae8393f8507bc104b http://security.debian.org/pool/updates/main/k/kdeadmin/kcron_2.2.2-7.2_powerpc.deb Size/MD5 checksum: 173694 45f02700ffd32dc5f1445ecf7fdc710c http://security.debian.org/pool/updates/main/k/kdeadmin/kpackage_2.2.2-7.2_powerpc.deb Size/MD5 checksum: 186486 67053abf6a72aea2489ff98a46bbe3ab http://security.debian.org/pool/updates/main/k/kdeadmin/ksysv_2.2.2-7.2_powerpc.deb Size/MD5 checksum: 149198 a90cc2acddaa0be636a768b045bf9031 http://security.debian.org/pool/updates/main/k/kdeadmin/kuser_2.2.2-7.2_powerpc.deb Size/MD5 checksum: 90394 ae5d36549896fa3d2bf01ebb824f728d http://security.debian.org/pool/updates/main/k/kdeadmin/kwuftpd_2.2.2-7.2_powerpc.deb Size/MD5 checksum: 183640 ba535d6ac7018426fe2bce0f66fff8bc http://security.debian.org/pool/updates/main/k/kdeadmin/secpolicy_2.2.2-7.2_powerpc.deb Size/MD5 checksum: 20046 a517dc09778f2201871597dae584469e IBM S/390 architecture: http://security.debian.org/pool/updates/main/k/kdeadmin/kcmlinuz_2.2.2-7.2_s390.deb Size/MD5 checksum: 145092 a607f2027b595b3567deb60d707e29b2 http://security.debian.org/pool/updates/main/k/kdeadmin/kcron_2.2.2-7.2_s390.deb Size/MD5 checksum: 157874 a210625ef3dc12004f4ff33226897d28 http://security.debian.org/pool/updates/main/k/kdeadmin/kpackage_2.2.2-7.2_s390.deb Size/MD5 checksum: 187102 15c446268aec70e1003e2dbd2b4a8f6b http://security.debian.org/pool/updates/main/k/kdeadmin/ksysv_2.2.2-7.2_s390.deb Size/MD5 checksum: 157246 1b1be87e7aa8611a729994d047284be1 http://security.debian.org/pool/updates/main/k/kdeadmin/kuser_2.2.2-7.2_s390.deb Size/MD5 checksum: 94466 ec46801de7d047fb3745aa871549bf3d http://security.debian.org/pool/updates/main/k/kdeadmin/kwuftpd_2.2.2-7.2_s390.deb Size/MD5 checksum: 183150 4e8eedda1c9bd1a5d5c99cebc3909532 http://security.debian.org/pool/updates/main/k/kdeadmin/secpolicy_2.2.2-7.2_s390.deb Size/MD5 checksum: 22686 82dd34d13a7d7ef4fa5e5625f84c406e Sun Sparc architecture: http://security.debian.org/pool/updates/main/k/kdeadmin/kcmlinuz_2.2.2-7.2_sparc.deb Size/MD5 checksum: 143920 4526bfae965d9781fbfc20fb105e8cd8 http://security.debian.org/pool/updates/main/k/kdeadmin/kcron_2.2.2-7.2_sparc.deb Size/MD5 checksum: 174906 0647efafe7c2f82ee469ba16339bfe43 http://security.debian.org/pool/updates/main/k/kdeadmin/kpackage_2.2.2-7.2_sparc.deb Size/MD5 checksum: 182022 82c38e45b6c859064165f74cac7677a1 http://security.debian.org/pool/updates/main/k/kdeadmin/ksysv_2.2.2-7.2_sparc.deb Size/MD5 checksum: 153808 d3e7428d284d292482f430a8d7e1459e http://security.debian.org/pool/updates/main/k/kdeadmin/kuser_2.2.2-7.2_sparc.deb Size/MD5 checksum: 91930 d5a23f597056e2aa63ce7b0823903802 http://security.debian.org/pool/updates/main/k/kdeadmin/kwuftpd_2.2.2-7.2_sparc.deb Size/MD5 checksum: 185334 71f00d15eb31577cef473419df247180 http://security.debian.org/pool/updates/main/k/kdeadmin/secpolicy_2.2.2-7.2_sparc.deb Size/MD5 checksum: 20780 955eccfa7c277a049454d10735ce984f These files will be moved into the stable distribution after new KDE packages fhave been uploaded into unstable (sid) and compiled for all architectures. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [email protected] Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>; - -------------------------------------------------------------------------- Debian Security Advisory DSA 236-1 [email protected] http://www.debian.org/security/ Martin Schulze January 22nd, 2003 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : kdelibs Vulnerability : several Problem-type : local, remote Debian-specific: no CVE Id : CAN-2002-1393 The KDE team discovered several vulnerabilities in the K Desktop Environment. In some instances KDE fails to properly quote parameters of instructions passed to a command shell for execution. These parameters may incorporate data such as URLs, filenames and e-mail addresses, and this data may be provided remotely to a victim in an e-mail, a webpage or files on a network filesystem or other untrusted source. By carefully crafting such data an attacker might be able to execute arbitary commands on a vulnerable sytem using the victim's account and privileges. The KDE Project is not aware of any existing exploits of these vulnerabilities. The patches also provide better safe guards and check data from untrusted sources more strictly in multiple places. For the current stable distribution (woody), these problems have been fixed in version 2.2.2-13.woody.6. The old stable distribution (potato) does not contain KDE packages. For the unstable distribution (sid), these problems will most probably not be fixed but new packages for KDE 3.1 for sid are expected for this year. We recommend that you upgrade your KDE packages. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.6.dsc Size/MD5 checksum: 1353 5f403d3db13d953205201675479843eb http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.6.diff.gz Size/MD5 checksum: 54958 dc565cdd77e4fab495787a39698f3ad8 http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2.orig.tar.gz Size/MD5 checksum: 6396699 7a9277a2e727821338f751855c2ce5d3 Architecture independent components: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-doc_2.2.2-13.woody.6_all.deb Size/MD5 checksum: 2564014 4b908d0c48a2581d1f9722ecb31f302d Alpha architecture: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.6_alpha.deb Size/MD5 checksum: 757036 3821fd9cbd17ee52abc4838ef706db89 http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.6_alpha.deb Size/MD5 checksum: 7533618 8f3f4e131e3e37b7ada54d1f94b53772 http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.6_alpha.deb Size/MD5 checksum: 137042 3ec876921572725beab36a288e000c7f http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.6_alpha.deb Size/MD5 checksum: 201636 70241ba4c8942167e7a52942bc1a3d3b http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.6_alpha.deb Size/MD5 checksum: 1022098 4f55fb12b406f722ada2bde298d73488 http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.6_alpha.deb Size/MD5 checksum: 1029298 e2e25898b8bad76d32e5ad7c8a923467 http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.6_alpha.deb Size/MD5 checksum: 197890 f49d2029d624bd81243988ea37d7119b http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.6_alpha.deb Size/MD5 checksum: 174352 51b9351402e9d14f4f452df5132d810b http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.6_alpha.deb Size/MD5 checksum: 177678 9147a08ddc03b52a297292a5585c0a86 http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.6_alpha.deb Size/MD5 checksum: 36912 da90d5e50953757fd14c0a7207ffd1d3 ARM architecture: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.6_arm.deb Size/MD5 checksum: 743224 eca1a5b6414faba5504ffd8fa7af9452 http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.6_arm.deb Size/MD5 checksum: 6589736 3022f814d5374ae021761efb1e25e073 http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.6_arm.deb Size/MD5 checksum: 104228 2c36f53a88220fa1ea1dd00b57726f13 http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.6_arm.deb Size/MD5 checksum: 186222 e9a09d7fd4b3d6fbb1eb510bcac30adf http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.6_arm.deb Size/MD5 checksum: 651562 8361bf373ba5a1cc7d512af7eccf7f34 http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.6_arm.deb Size/MD5 checksum: 655080 9492e09991a9bf590625cb8d2d7274b9 http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.6_arm.deb Size/MD5 checksum: 155136 5a71e196810ae1919b7da4c56a59680d http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.6_arm.deb Size/MD5 checksum: 124478 c2cedf9d502b8d9305cf73c4ed2ddaa5 http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.6_arm.deb Size/MD5 checksum: 127494 9abe565871b1b308396bc09aad4bc7ff http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.6_arm.deb Size/MD5 checksum: 36914 a70c016630ea7d9d277eefaba2824c8e Intel IA-32 architecture: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.6_i386.deb Size/MD5 checksum: 742546 5f07331b0c9a0e61725d0e7f81d73216 http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.6_i386.deb Size/MD5 checksum: 6619234 105366e620237bac742d00e45e871922 http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.6_i386.deb Size/MD5 checksum: 105750 e2086c74a1d2653bccec657a14fd8c54 http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.6_i386.deb Size/MD5 checksum: 182570 8e90b65fe82563cbfaf2e2e7640c029e http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.6_i386.deb Size/MD5 checksum: 624794 66b3d47a86f1ca87ae654b6efe5541ab http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.6_i386.deb Size/MD5 checksum: 629100 98724a2ee31a491804aa7b5db2d5164e http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.6_i386.deb Size/MD5 checksum: 154462 a4e12261f833fa19994502ff4cc5df96 http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.6_i386.deb Size/MD5 checksum: 123100 b0c2e06b9ea6375d5c6184aee734222b http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.6_i386.deb Size/MD5 checksum: 126216 93d578145e10a7582ce299456e9b7088 http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.6_i386.deb Size/MD5 checksum: 36908 3707f77517c7ab8dbfe0b8c1c87237d4 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.6_ia64.deb Size/MD5 checksum: 767278 beb8f1be54f3ab9d699dc429ed7fe0a9 http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.6_ia64.deb Size/MD5 checksum: 8843922 7f0bfd78ca3ebd193988341f4106d256 http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.6_ia64.deb Size/MD5 checksum: 153404 dc9e293451fbe090206ba4ff3726879e http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.6_ia64.deb Size/MD5 checksum: 256680 2a16e33028cbd4c57f782437c672c1ad http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.6_ia64.deb Size/MD5 checksum: 1045260 53cff6b9c9c87e7639bf561770874b67 http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.6_ia64.deb Size/MD5 checksum: 1050334 03bb1671adc028fc6e4cd79ca6960cfe http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.6_ia64.deb Size/MD5 checksum: 199116 cf94f060e30e58450bcc2a4aad8bf1be http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.6_ia64.deb Size/MD5 checksum: 185270 ed585193574913b65c2dff1c506c8aa9 http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.6_ia64.deb Size/MD5 checksum: 190732 74ef3c740d999a632010ee3d2b3fc733 http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.6_ia64.deb Size/MD5 checksum: 36914 34c415116ef8a6b802fbd99f10d7dcbf HP Precision architecture: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.6_hppa.deb Size/MD5 checksum: 749362 c736ea8685c39ed85deab6b2b590161d http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.6_hppa.deb Size/MD5 checksum: 7343502 6f0af2eaf6ce06cc73c952cded61e49c http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.6_hppa.deb Size/MD5 checksum: 117116 653293652c08d41d225b2c0ef23f67d7 http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.6_hppa.deb Size/MD5 checksum: 217674 fe0822c5e9cf6f6b188511ca1443ef66 http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.6_hppa.deb Size/MD5 checksum: 1111174 b605a2edcf240ef3de55ef2519fdcecc http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.6_hppa.deb Size/MD5 checksum: 1115110 c324171c9d1718bfeea12504481d16af http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.6_hppa.deb Size/MD5 checksum: 207106 9a0cd2d9a74eab43745e943a834fb48c http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.6_hppa.deb Size/MD5 checksum: 171570 3dac858ec420b80827ba4831a5b69af4 http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.6_hppa.deb Size/MD5 checksum: 175696 52aa4713ee4d2a67160db75c3d1afc3e http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.6_hppa.deb Size/MD5 checksum: 36918 b9018343f9d21a9214e3c0f61f358093 Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.6_m68k.deb Size/MD5 checksum: 739630 bc5661843134d63e8a1d5bcd1dac0494 http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.6_m68k.deb Size/MD5 checksum: 6484458 2743a7e264d1adc110f8ab888784c46e http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.6_m68k.deb Size/MD5 checksum: 103278 ce4846bd5706c05d25a1801a30b55116 http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.6_m68k.deb Size/MD5 checksum: 178182 1c184a14bee9684d35fd87f261fbbdd7 http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.6_m68k.deb Size/MD5 checksum: 628452 c8af2dc042d41941e17ee1afee68d3cd http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.6_m68k.deb Size/MD5 checksum: 632812 552cce36fc2714583f5ec7442086c4ce http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.6_m68k.deb Size/MD5 checksum: 150784 a40fc209f70da50edf8253f450e49d41 http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.6_m68k.deb Size/MD5 checksum: 120450 13b90cd1575a701389b071234ea51fb7 http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.6_m68k.deb Size/MD5 checksum: 123324 bd88c3074eeeac85b93d6980a4a5dbcb http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.6_m68k.deb Size/MD5 checksum: 36922 eecbb0f9a1e9d62bc18dd0a0544252b6 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.6_mips.deb Size/MD5 checksum: 739530 3a3880906912737432ff5356ad3f7dc3 http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.6_mips.deb Size/MD5 checksum: 6283658 99d00896a8915cbd97f447980cce5871 http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.6_mips.deb Size/MD5 checksum: 106582 ed2c3833174bc5526ca7c42ba0f6f973 http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.6_mips.deb Size/MD5 checksum: 160776 d870858339dfe852f96f5069184d1f3d http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.6_mips.deb Size/MD5 checksum: 620694 10cc05e88f12fb675b30efa0ddb1f112 http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.6_mips.deb Size/MD5 checksum: 624656 6abcdfc5e4b315b0cf39c24bc25d9d70 http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.6_mips.deb Size/MD5 checksum: 175532 eca29cd046da9aa464858dbca384c7cf http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.6_mips.deb Size/MD5 checksum: 123886 b1ecaa64b60ef1c22d021797d89c65cb http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.6_mips.deb Size/MD5 checksum: 126960 ec83a91f4d88e3f096d3df67804b4bd4 http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.6_mips.deb Size/MD5 checksum: 36912 5fa9c60ee2a9ae39723fc2c73309443d Little endian MIPS architecture: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.6_mipsel.deb Size/MD5 checksum: 738864 f2b4fc81f2bd27254f75b1a89388e5a5 http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.6_mipsel.deb Size/MD5 checksum: 6190204 a8e85569c0ce9ddbc3320e053d01bc26 http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.6_mipsel.deb Size/MD5 checksum: 105550 79be3c0abf1849b1edea9c98becee7d6 http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.6_mipsel.deb Size/MD5 checksum: 159036 74036b2dd3ad9bb7dac1df96abd0e0ef http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.6_mipsel.deb Size/MD5 checksum: 613442 8f859310a032a7015ca33eb5e0511ce8 http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.6_mipsel.deb Size/MD5 checksum: 617026 5083aac68798164ebb31993926ecc837 http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.6_mipsel.deb Size/MD5 checksum: 174776 e9c645136c4a6fcf632124e12a9e941c http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.6_mipsel.deb Size/MD5 checksum: 122886 98d39fa8abc9f648a60cf600f95cdf56 http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.6_mipsel.deb Size/MD5 checksum: 125908 2e7232d46c6d2210d63b7969e449afa2 http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.6_mipsel.deb Size/MD5 checksum: 36918 2d75ebb93a44f7700ad170e3a2f0beef PowerPC architecture: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.6_powerpc.deb Size/MD5 checksum: 740462 a9c96eae0295fed86ab7a4eebe51ccf2 http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.6_powerpc.deb Size/MD5 checksum: 6727196 66ac2b21cedc54ecbf0e15df94c828f0 http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.6_powerpc.deb Size/MD5 checksum: 105650 07936a1a6b329e8e00cc15e8dfc7a2c3 http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.6_powerpc.deb Size/MD5 checksum: 182246 194e561449c20237cf2de877a016bf89 http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.6_powerpc.deb Size/MD5 checksum: 690944 919dc4b130d8b219ea265f56d027238c http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.6_powerpc.deb Size/MD5 checksum: 694152 062f6189956872226fbe06af47a49b5d http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.6_powerpc.deb Size/MD5 checksum: 153334 594ed75e7295f687e8920e8521464669 http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.6_powerpc.deb Size/MD5 checksum: 127288 d22f8143438d036cc435c8861b268880 http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.6_powerpc.deb Size/MD5 checksum: 130224 2bc4c8da1566c1069d718c99ad1969cf http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.6_powerpc.deb Size/MD5 checksum: 36914 6aea832d34e5d870c9ce5f69bc410582 IBM S/390 architecture: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.6_s390.deb Size/MD5 checksum: 741954 35c8f7f427c7d56850477999b2e85681 http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.6_s390.deb Size/MD5 checksum: 6741016 f485d66ae4225321e0689178ae3a21b5 http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.6_s390.deb Size/MD5 checksum: 110190 98b0106936f027db9de58ebc0b8b7fa2 http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.6_s390.deb Size/MD5 checksum: 176680 0ea5268cd0b9dc0906b2eb29fccf29b4 http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.6_s390.deb Size/MD5 checksum: 641892 d1fef637391e5b5c54a145cc5f316f2b http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.6_s390.deb Size/MD5 checksum: 647062 cd6dd94b873cb6b41173dc731b013e85 http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.6_s390.deb Size/MD5 checksum: 151130 d34e35e46f3b0753adc326a491c19b8f http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.6_s390.deb Size/MD5 checksum: 129626 bd72b22c6c16da6a89ad570bc0fa0803 http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.6_s390.deb Size/MD5 checksum: 133104 963aed0b662286bb85bcac1e28244ef6 http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.6_s390.deb Size/MD5 checksum: 36916 df4b5fe81af1a603b0144876be0d8046 Sun Sparc architecture: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.6_sparc.deb Size/MD5 checksum: 741334 2e5a84a129b56f0d3025c010932fecea http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.6_sparc.deb Size/MD5 checksum: 6592820 2d2050645c78b7c60705910505b162fa http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.6_sparc.deb Size/MD5 checksum: 117450 2998e8fd299ea48da9710be4f3fac3d1 http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.6_sparc.deb Size/MD5 checksum: 183998 afdafb1138def7257b72368135f14619 http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.6_sparc.deb Size/MD5 checksum: 664618 a00891b3eeedcbd434d8939c261ffc53 http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.6_sparc.deb Size/MD5 checksum: 668594 b302d78b3767fc83e2459145e6ded6e9 http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.6_sparc.deb Size/MD5 checksum: 151502 da2943b8b5abbbc16f06381f95a55c52 http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.6_sparc.deb Size/MD5 checksum: 128404 33a063c7d927e2f0fc1195c991eed1a5 http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.6_sparc.deb Size/MD5 checksum: 131126 93ef5d8403ae7c8abb627d14c19b7a45 http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.6_sparc.deb Size/MD5 checksum: 36912 2bd96dce7884f7f11b3dd70f48726c89 These files will probably be moved into the stable distribution on its next revision. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: [email protected] Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>; - -------------------------------------------------------------------------- Debian Security Advisory DSA 235-1 [email protected] http://www.debian.org/security/ Martin Schulze January 22nd, 2003 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : kdegraphics Vulnerability : several Problem-type : local, remote Debian-specific: no CVE Id : CAN-2002-1393 The KDE team discovered several vulnerabilities in the K Desktop Environment. In some instances KDE fails to properly quote parameters of instructions passed to a command shell for execution. These parameters may incorporate data such as URLs, filenames and e-mail addresses, and this data may be provided remotely to a victim in an e-mail, a webpage or files on a network filesystem or other untrusted source. By carefully crafting such data an attacker might be able to execute arbitary commands on a vulnerable sytem using the victim's account and privileges. The KDE Project is not aware of any existing exploits of these vulnerabilities. The patches also provide better safe guards and check data from untrusted sources more strictly in multiple places. For the current stable distribution (woody), these problems have been fixed in version 2.2.2-6.10 The old stable distribution (potato) does not contain KDE packages. For the unstable distribution (sid), these problems will most probably not be fixed but new packages for KDE 3.1 for sid are expected for this year. We recommend that you upgrade your KDE packages. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_2.2.2-6.10.dsc Size/MD5 checksum: 980 74ac5c707a7c03d6866af25711782b1f http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_2.2.2-6.10.d
Debian GNU/Linux Advisories: kdeadmin, kdelibs, kdegraphics
By
Get the Free Newsletter!
Subscribe to Developer Insider for top news, trends, & analysis