Debian: kdemultimedia Multiple local/remote vulnerabilities

    Date24 Jan 2003
    CategoryDebian
    2646
    Posted ByLinuxSecurity Advisories
    The KDE team discovered several vulnerabilities in the K DesktopEnvironment. In some instances KDE fails to properly quote parametersof instructions passed to a command shell for execution.
    
    --------------------------------------------------------------------------
    Debian Security Advisory DSA 243-1                     This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                             Martin Schulze
    January 24th, 2003                       http://www.debian.org/security/faq
    --------------------------------------------------------------------------
    
    Package        : kdemultimedia
    Vulnerability  : several
    Problem-type   : local, remote
    Debian-specific: no
    CVE Id         : CAN-2002-1393
    
    The KDE team discovered several vulnerabilities in the K Desktop
    Environment.  In some instances KDE fails to properly quote parameters
    of instructions passed to a command shell for execution.  These
    parameters may incorporate data such as URLs, filenames and e-mail
    addresses, and this data may be provided remotely to a victim in an
    e-mail, a webpage or files on a network filesystem or other untrusted
    source.
    
    By carefully crafting such data an attacker might be able to execute
    arbitary commands on a vulnerable system using the victim's account and
    privileges.  The KDE Project is not aware of any existing exploits of
    these vulnerabilities.  The patches also provide better safe guards
    and check data from untrusted sources more strictly in multiple
    places.
    
    For the current stable distribution (woody), these problems have been
    fixed in version 2.2.2-8.2.  Please note that we are unable to provide
    updated packages for both MIPS architectures since the compilation of
    kdemultimedia triggers an internal compiler error on these machines.
    
    The old stable distribution (potato) does not contain KDE packages.
    
    For the unstable distribution (sid), these problems will most probably
    not be fixed but new packages for KDE 3.1 for sid are expected for
    this year.
    
    We recommend that you upgrade your KDE packages.
    
    
    Upgrade Instructions
    --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    --------------------------------
    
      Source archives:
    
         http://security.debian.org/pool/updates/main/k/kdemultimedia/kdemultimedia_2.2.2-8.2.dsc
          Size/MD5 checksum:      931 ea6ccb34bf852ac29e6d73613081e334
         http://security.debian.org/pool/updates/main/k/kdemultimedia/kdemultimedia_2.2.2-8.2.diff.gz
          Size/MD5 checksum:    12438 c24bc332097a53ec3e5c84cb7bf2b8bf
         http://security.debian.org/pool/updates/main/k/kdemultimedia/kdemultimedia_2.2.2.orig.tar.gz
          Size/MD5 checksum:  4745846 013333cc85b267c3d0d4c50c14bcd2f8
    
      Alpha architecture:
    
         http://security.debian.org/pool/updates/main/k/kdemultimedia/artsbuilder_2.2.2-8.2_alpha.deb
          Size/MD5 checksum:  1275504 e7f689aadb6cf5cd54f59e54198d7cf2
         http://security.debian.org/pool/updates/main/k/kdemultimedia/kdemultimedia-dev_2.2.2-8.2_alpha.deb
          Size/MD5 checksum:   101364 b37dfc4b2e96279203d2a2a7e1ee81fe
         http://security.debian.org/pool/updates/main/k/kdemultimedia/kmid_2.2.2-8.2_alpha.deb
          Size/MD5 checksum:   262362 37011939bfaf4c5a04ffa018416b5265
         http://security.debian.org/pool/updates/main/k/kdemultimedia/kmidi_2.2.2-8.2_alpha.deb
          Size/MD5 checksum:  1340624 2728558b23aaefef50f75eabf2b26604
         http://security.debian.org/pool/updates/main/k/kdemultimedia/kmix_2.2.2-8.2_alpha.deb
          Size/MD5 checksum:   203918 fb82f8fdca725ecb9a326f7cad423114
         http://security.debian.org/pool/updates/main/k/kdemultimedia/kscd_2.2.2-8.2_alpha.deb
          Size/MD5 checksum:   285524 ce32bdcf10cd2ad2be0e7417a4ecaa1e
         http://security.debian.org/pool/updates/main/k/kdemultimedia/libarts-mpeglib_2.2.2-8.2_alpha.deb
          Size/MD5 checksum:   154388 73c1fe5523d24c4b34e5a925218ef3dc
         http://security.debian.org/pool/updates/main/k/kdemultimedia/mpeglib_2.2.2-8.2_alpha.deb
          Size/MD5 checksum:   348174 0fea85342c407fbb0d4cc5738452181a
         http://security.debian.org/pool/updates/main/k/kdemultimedia/noatun_2.2.2-8.2_alpha.deb
          Size/MD5 checksum:  2110060 9a109e0d1556957de7eb7e82e363208c
    
      ARM architecture:
    
         http://security.debian.org/pool/updates/main/k/kdemultimedia/artsbuilder_2.2.2-8.2_arm.deb
          Size/MD5 checksum:   950728 ad369aee8147668de76c89427a393e3e
         http://security.debian.org/pool/updates/main/k/kdemultimedia/kdemultimedia-dev_2.2.2-8.2_arm.deb
          Size/MD5 checksum:   101472 aa9b29b7db2b3010291bb4ed4ba4f0af
         http://security.debian.org/pool/updates/main/k/kdemultimedia/kmid_2.2.2-8.2_arm.deb
          Size/MD5 checksum:   242928 77e820262c24fec76a28825159a52aff
         http://security.debian.org/pool/updates/main/k/kdemultimedia/kmidi_2.2.2-8.2_arm.deb
          Size/MD5 checksum:  1299456 581e9c81c34e41dca90ef16cc5f5f181
         http://security.debian.org/pool/updates/main/k/kdemultimedia/kmix_2.2.2-8.2_arm.deb
          Size/MD5 checksum:   157540 ddcb9807571ac18edc8a2c09f3de05bf
         http://security.debian.org/pool/updates/main/k/kdemultimedia/kscd_2.2.2-8.2_arm.deb
          Size/MD5 checksum:   272882 1b7f67d78b30e2a0e0d67dbb8e2e9e48
         http://security.debian.org/pool/updates/main/k/kdemultimedia/libarts-mpeglib_2.2.2-8.2_arm.deb
          Size/MD5 checksum:   108140 a9ded96aec60fa509989ff0f5f0ecc6f
         http://security.debian.org/pool/updates/main/k/kdemultimedia/mpeglib_2.2.2-8.2_arm.deb
          Size/MD5 checksum:   282098 70ed5afd1b77ffe7d7b44ee50dc14bbb
         http://security.debian.org/pool/updates/main/k/kdemultimedia/noatun_2.2.2-8.2_arm.deb
          Size/MD5 checksum:  1894054 beb1cec62d08b7d8a1064ccf5c708529
    
      Intel IA-32 architecture:
    
         http://security.debian.org/pool/updates/main/k/kdemultimedia/artsbuilder_2.2.2-8.2_i386.deb
          Size/MD5 checksum:   931028 6450d390f27aeda571691a66a55f4ba9
         http://security.debian.org/pool/updates/main/k/kdemultimedia/kdemultimedia-dev_2.2.2-8.2_i386.deb
          Size/MD5 checksum:   101392 e4df2c898c92a9a18d8c8a7fa9d378a5
         http://security.debian.org/pool/updates/main/k/kdemultimedia/kmid_2.2.2-8.2_i386.deb
          Size/MD5 checksum:   239934 77aa1ad61cf050076bd8218d405c466e
         http://security.debian.org/pool/updates/main/k/kdemultimedia/kmidi_2.2.2-8.2_i386.deb
          Size/MD5 checksum:  1266742 d56661fb5dd3d8330fba30193827abdb
         http://security.debian.org/pool/updates/main/k/kdemultimedia/kmix_2.2.2-8.2_i386.deb
          Size/MD5 checksum:   155428 75467801fdabb111a9c512e1b3d3492a
         http://security.debian.org/pool/updates/main/k/kdemultimedia/kscd_2.2.2-8.2_i386.deb
          Size/MD5 checksum:   264210 90f8a72fa1d963bd19b7250f545aa686
         http://security.debian.org/pool/updates/main/k/kdemultimedia/libarts-mpeglib_2.2.2-8.2_i386.deb
          Size/MD5 checksum:   105290 85551cf9bc507da3de697307e697f823
         http://security.debian.org/pool/updates/main/k/kdemultimedia/mpeglib_2.2.2-8.2_i386.deb
          Size/MD5 checksum:   311584 da769f99a16b43d30100d4b7e1235fd4
         http://security.debian.org/pool/updates/main/k/kdemultimedia/noatun_2.2.2-8.2_i386.deb
          Size/MD5 checksum:  1889708 4b751663b1a6760f6f8285dca2b2dcd1
    
      Intel IA-64 architecture:
    
         http://security.debian.org/pool/updates/main/k/kdemultimedia/artsbuilder_2.2.2-8.2_ia64.deb
          Size/MD5 checksum:  1328734 c459f61f0574f743d76328386ae8d637
         http://security.debian.org/pool/updates/main/k/kdemultimedia/kdemultimedia-dev_2.2.2-8.2_ia64.deb
          Size/MD5 checksum:   101360 fe282c59e381da90a57e8862bf0d3199
         http://security.debian.org/pool/updates/main/k/kdemultimedia/kmid_2.2.2-8.2_ia64.deb
          Size/MD5 checksum:   288342 e15b85fb995adb6c1e4a068815729d01
         http://security.debian.org/pool/updates/main/k/kdemultimedia/kmidi_2.2.2-8.2_ia64.deb
          Size/MD5 checksum:  1495738 53a5e5db9c035792dda5342b55ee224f
         http://security.debian.org/pool/updates/main/k/kdemultimedia/kmix_2.2.2-8.2_ia64.deb
          Size/MD5 checksum:   231210 552566ad2ac4e37789be84c087b80695
         http://security.debian.org/pool/updates/main/k/kdemultimedia/kscd_2.2.2-8.2_ia64.deb
          Size/MD5 checksum:   369002 93635ae5e67906b035ce4118a261862d
         http://security.debian.org/pool/updates/main/k/kdemultimedia/libarts-mpeglib_2.2.2-8.2_ia64.deb
          Size/MD5 checksum:   151300 c1a47e9a2de01ec9021ea7ed86d33aa1
         http://security.debian.org/pool/updates/main/k/kdemultimedia/mpeglib_2.2.2-8.2_ia64.deb
          Size/MD5 checksum:   511050 67b3787c8570595104af81d9a2883767
         http://security.debian.org/pool/updates/main/k/kdemultimedia/noatun_2.2.2-8.2_ia64.deb
          Size/MD5 checksum:  2225366 68ea74f7708e8583a9f0f445bfcc90d4
    
      HP Precision architecture:
    
         http://security.debian.org/pool/updates/main/k/kdemultimedia/artsbuilder_2.2.2-8.2_hppa.deb
          Size/MD5 checksum:  1461794 26afcf3486140212b5f3300e68a85b7d
         http://security.debian.org/pool/updates/main/k/kdemultimedia/kdemultimedia-dev_2.2.2-8.2_hppa.deb
          Size/MD5 checksum:   101404 24023dd9c8c5fb8925a4adf3e4682122
         http://security.debian.org/pool/updates/main/k/kdemultimedia/kmid_2.2.2-8.2_hppa.deb
          Size/MD5 checksum:   274952 a428d9cdb9f0bf35aa0b55ba67e8118c
         http://security.debian.org/pool/updates/main/k/kdemultimedia/kmidi_2.2.2-8.2_hppa.deb
          Size/MD5 checksum:  1328916 f6ddd1a1d3ecd22fb29bb7c60cf71f6e
         http://security.debian.org/pool/updates/main/k/kdemultimedia/kmix_2.2.2-8.2_hppa.deb
          Size/MD5 checksum:   206838 e01ff343760e76afe7be65e7387795be
         http://security.debian.org/pool/updates/main/k/kdemultimedia/kscd_2.2.2-8.2_hppa.deb
          Size/MD5 checksum:   291196 51170047d6b913d561a445bd3a03b4d3
         http://security.debian.org/pool/updates/main/k/kdemultimedia/libarts-mpeglib_2.2.2-8.2_hppa.deb
          Size/MD5 checksum:   286880 abbb60e4eb50c883d6087422fa927f13
         http://security.debian.org/pool/updates/main/k/kdemultimedia/mpeglib_2.2.2-8.2_hppa.deb
          Size/MD5 checksum:   337658 ed18ef7ace0bd76e30f3aaaca7a4980c
         http://security.debian.org/pool/updates/main/k/kdemultimedia/noatun_2.2.2-8.2_hppa.deb
          Size/MD5 checksum:  2170100 f7339c2116773ea1972c456a93ed1c2e
    
      Motorola 680x0 architecture:
    
         http://security.debian.org/pool/updates/main/k/kdemultimedia/artsbuilder_2.2.2-8.2_m68k.deb
          Size/MD5 checksum:   947918 394990d923d2cb54e1d903fa9102e2dd
         http://security.debian.org/pool/updates/main/k/kdemultimedia/kdemultimedia-dev_2.2.2-8.2_m68k.deb
          Size/MD5 checksum:   101602 5eb78569b4c39d0f84fcc9b56121b3f6
         http://security.debian.org/pool/updates/main/k/kdemultimedia/kmid_2.2.2-8.2_m68k.deb
          Size/MD5 checksum:   241304 73097cf737026374ff956a626fea2bb7
         http://security.debian.org/pool/updates/main/k/kdemultimedia/kmidi_2.2.2-8.2_m68k.deb
          Size/MD5 checksum:  1246882 356e3b535226807555f95cd6c9886145
         http://security.debian.org/pool/updates/main/k/kdemultimedia/kmix_2.2.2-8.2_m68k.deb
          Size/MD5 checksum:   154944 436b551976c798d407d194d15753ce31
         http://security.debian.org/pool/updates/main/k/kdemultimedia/kscd_2.2.2-8.2_m68k.deb
          Size/MD5 checksum:   258416 1adedbfe8c922bc1b3ee0ffebf8d3af7
         http://security.debian.org/pool/updates/main/k/kdemultimedia/libarts-mpeglib_2.2.2-8.2_m68k.deb
          Size/MD5 checksum:   108026 1f85c7f95f3468773c3a5aa8c031f2c6
         http://security.debian.org/pool/updates/main/k/kdemultimedia/mpeglib_2.2.2-8.2_m68k.deb
          Size/MD5 checksum:   292346 c7d2a634fa3d55f864b548200ba4910f
         http://security.debian.org/pool/updates/main/k/kdemultimedia/noatun_2.2.2-8.2_m68k.deb
          Size/MD5 checksum:  1893268 53291c3cf2b6187a1e9a71bb90452507
    
      PowerPC architecture:
    
         http://security.debian.org/pool/updates/main/k/kdemultimedia/artsbuilder_2.2.2-8.2_powerpc.deb
          Size/MD5 checksum:   996950 2158b7aee4fa4f99edeac9096d5a0f84
         http://security.debian.org/pool/updates/main/k/kdemultimedia/kdemultimedia-dev_2.2.2-8.2_powerpc.deb
          Size/MD5 checksum:   101376 cf015241d26b5b0c5b57445de503d722
         http://security.debian.org/pool/updates/main/k/kdemultimedia/kmid_2.2.2-8.2_powerpc.deb
          Size/MD5 checksum:   243686 6ff1aaa97401db67b1471d7a2848fe0e
         http://security.debian.org/pool/updates/main/k/kdemultimedia/kmidi_2.2.2-8.2_powerpc.deb
          Size/MD5 checksum:  1281376 9421d9cd1040e995ecf5b484375d6c92
         http://security.debian.org/pool/updates/main/k/kdemultimedia/kmix_2.2.2-8.2_powerpc.deb
          Size/MD5 checksum:   157280 854a1fb4af22184c6c314bb930e7318d
         http://security.debian.org/pool/updates/main/k/kdemultimedia/kscd_2.2.2-8.2_powerpc.deb
          Size/MD5 checksum:   271618 33fa16c2854408c3afcd9f4b881deaad
         http://security.debian.org/pool/updates/main/k/kdemultimedia/libarts-mpeglib_2.2.2-8.2_powerpc.deb
          Size/MD5 checksum:   118688 3857b9db12df3f2ecb7814997fdfe189
         http://security.debian.org/pool/updates/main/k/kdemultimedia/mpeglib_2.2.2-8.2_powerpc.deb
          Size/MD5 checksum:   226308 b0caf9978bd8122d190ab12f5b2b7075
         http://security.debian.org/pool/updates/main/k/kdemultimedia/noatun_2.2.2-8.2_powerpc.deb
          Size/MD5 checksum:  1915652 e9e29f0aecd6da93ba2afd63f4175989
    
      IBM S/390 architecture:
    
         http://security.debian.org/pool/updates/main/k/kdemultimedia/artsbuilder_2.2.2-8.2_s390.deb
          Size/MD5 checksum:   949144 4fdc485750c31fb4066e472b15428ca8
         http://security.debian.org/pool/updates/main/k/kdemultimedia/kdemultimedia-dev_2.2.2-8.2_s390.deb
          Size/MD5 checksum:   101394 e20bf973dfe70f0f61f908f8dd8209f9
         http://security.debian.org/pool/updates/main/k/kdemultimedia/kmid_2.2.2-8.2_s390.deb
          Size/MD5 checksum:   247156 b45eac6b57ed5ce311106c2bfb305bf5
         http://security.debian.org/pool/updates/main/k/kdemultimedia/kmidi_2.2.2-8.2_s390.deb
          Size/MD5 checksum:  1282880 1eb6591f76839234d78fc4e33a45b299
         http://security.debian.org/pool/updates/main/k/kdemultimedia/kmix_2.2.2-8.2_s390.deb
          Size/MD5 checksum:   168072 d2b12dce4cc9d796669e2229b5e383d1
         http://security.debian.org/pool/updates/main/k/kdemultimedia/kscd_2.2.2-8.2_s390.deb
          Size/MD5 checksum:   271944 916a16b3026ecec61d66f85c5d4c8ab0
         http://security.debian.org/pool/updates/main/k/kdemultimedia/libarts-mpeglib_2.2.2-8.2_s390.deb
          Size/MD5 checksum:   113444 5e4288362c2cba05aecda5ba10fe9bf7
         http://security.debian.org/pool/updates/main/k/kdemultimedia/mpeglib_2.2.2-8.2_s390.deb
          Size/MD5 checksum:   343568 3bc187ac0018b58e062e2009b1a6ea34
         http://security.debian.org/pool/updates/main/k/kdemultimedia/noatun_2.2.2-8.2_s390.deb
          Size/MD5 checksum:  1916274 a735f195d97b50ef4c7313df82ace682
    
      Sun Sparc architecture:
    
         http://security.debian.org/pool/updates/main/k/kdemultimedia/artsbuilder_2.2.2-8.2_sparc.deb
          Size/MD5 checksum:   973512 85018e1174bbbe96dddc637610a8605e
         http://security.debian.org/pool/updates/main/k/kdemultimedia/kdemultimedia-dev_2.2.2-8.2_sparc.deb
          Size/MD5 checksum:   101402 7ab750a27ee344ffd4ede95c2ffa3bb7
         http://security.debian.org/pool/updates/main/k/kdemultimedia/kmid_2.2.2-8.2_sparc.deb
          Size/MD5 checksum:   244520 d55726594ee67d0872fd6c5ec4676ab4
         http://security.debian.org/pool/updates/main/k/kdemultimedia/kmidi_2.2.2-8.2_sparc.deb
          Size/MD5 checksum:  1279162 0cb391dc3b6dc1aad65a2e82b3d3420f
         http://security.debian.org/pool/updates/main/k/kdemultimedia/kmix_2.2.2-8.2_sparc.deb
          Size/MD5 checksum:   159528 bc102f8f6df7798f0dce414689e99572
         http://security.debian.org/pool/updates/main/k/kdemultimedia/kscd_2.2.2-8.2_sparc.deb
          Size/MD5 checksum:   270228 406add52cdba3149c9f119cb46d063b7
         http://security.debian.org/pool/updates/main/k/kdemultimedia/libarts-mpeglib_2.2.2-8.2_sparc.deb
          Size/MD5 checksum:   113428 d9216a2fd6f74d729fac7107abf9cc7f
         http://security.debian.org/pool/updates/main/k/kdemultimedia/mpeglib_2.2.2-8.2_sparc.deb
          Size/MD5 checksum:   319032 5d2b5119edbb8df2212138a04f5ed3ce
         http://security.debian.org/pool/updates/main/k/kdemultimedia/noatun_2.2.2-8.2_sparc.deb
          Size/MD5 checksum:  1919588 a0d7a348e1c032352232e919f6c30279
    
    
      These files will be moved into the stable distribution after new KDE
      packages have been uploaded into unstable (sid) and compiled for
      all architectures.
    
    ---------------------------------------------------------------------------------
    For apt-get: deb  http://security.debian.org/ stable/updates main
    For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and  http://packages.debian.org/
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"67","type":"x","order":"1","pct":57.26,"resources":[]},{"id":"88","title":"Should be more technical","votes":"16","type":"x","order":"2","pct":13.68,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"34","type":"x","order":"3","pct":29.06,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.