Debians sikkerhedsbulletin

DSA-293-1 kdelibs -- usikker udførelse

Rapporteret den:

23. apr 2003

Berørte pakker:

kdelibs

Sårbar:

Referencer i sikkerhedsdatabaser:

I Bugtraq-databasen (hos SecurityFocus): BugTraq-id 7318.
I Mitres CVE-ordbog: CVE-2003-0204.

Yderligere oplysninger:

KDE-teamet har opdaget en sårbarhed ved den måde, KDE anvender Ghostscript-programmet til behandling af PostScript- (PS) og PDF-filer. En angriber kan via e-email eller websteder levere en ondsindet PostScript- eller PDF-fil, hvilket kan føre til udførelse af vilkårlige kommandoer med rettighederne hørende til den bruger, der kigger på filen, eller når en browser genererer en liste over en mappes indhold sammen med "thumbnails".

I den stabile distribution (woody) er dette problem rettet i version 2.2.2-13.woody.7 af kdelibs og tilknyttede pakker.

Den gamle stabile distribution (potato) er ikke påvirket, da den ikke indeholder KDE.

I den ustabile distribution (sid) vil dette problem snart blive rettet.

I den uofficielle tilbageførelse af KDE 3.1.1 til woody af Ralf Nolden på download.kde.org, er dette problem rettet i version 3.1.1-0woody3 af kdelibs. Ved hjælp af den sædvanlige tilbageførelseslinie til apt-get, vil man modtage opdateringen:

deb http://download.kde.org/stable/latest/Debian stable main

Vi anbefaler at du opgraderer dine kdelibs- og tilknyttede pakker.

Rettet i:

Debian GNU/Linux 3.0 (woody)

Kildekode:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.7.dsc; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.7.diff.gz; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2.orig.tar.gz
Arkitekturuafhængig komponent:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-doc_2.2.2-13.woody.7_all.deb
Alpha:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.7_alpha.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.7_alpha.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.7_alpha.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.7_alpha.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.7_alpha.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.7_alpha.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.7_alpha.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.7_alpha.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.7_alpha.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.7_alpha.deb
ARM:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.7_arm.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.7_arm.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.7_arm.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.7_arm.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.7_arm.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.7_arm.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.7_arm.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.7_arm.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.7_arm.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.7_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.7_i386.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.7_i386.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.7_i386.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.7_i386.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.7_i386.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.7_i386.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.7_i386.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.7_i386.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.7_i386.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.7_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.7_ia64.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.7_ia64.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.7_ia64.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.7_ia64.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.7_ia64.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.7_ia64.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.7_ia64.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.7_ia64.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.7_ia64.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.7_ia64.deb
HPPA:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.7_hppa.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.7_hppa.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.7_hppa.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.7_hppa.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.7_hppa.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.7_hppa.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.7_hppa.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.7_hppa.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.7_hppa.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.7_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.7_m68k.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.7_m68k.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.7_m68k.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.7_m68k.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.7_m68k.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.7_m68k.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.7_m68k.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.7_m68k.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.7_m68k.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.7_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.7_mips.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.7_mips.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.7_mips.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.7_mips.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.7_mips.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.7_mips.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.7_mips.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.7_mips.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.7_mips.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.7_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.7_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.7_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.7_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.7_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.7_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.7_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.7_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.7_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.7_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.7_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.7_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.7_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.7_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.7_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.7_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.7_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.7_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.7_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.7_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.7_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.7_s390.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.7_s390.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.7_s390.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.7_s390.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.7_s390.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.7_s390.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.7_s390.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.7_s390.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.7_s390.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.7_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.7_sparc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.7_sparc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.7_sparc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.7_sparc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.7_sparc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.7_sparc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.7_sparc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.7_sparc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.7_sparc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.7_sparc.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.