Linux Security
Linux Security
Linux Security

Debian: kdemultimedia Multiple local/remote vulnerabilities

Date 24 Jan 2003
Posted By LinuxSecurity Advisories
The KDE team discovered several vulnerabilities in the K DesktopEnvironment. In some instances KDE fails to properly quote parametersof instructions passed to a command shell for execution.

Debian Security Advisory DSA 243-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.                             Martin Schulze
January 24th, 2003             

Package        : kdemultimedia
Vulnerability  : several
Problem-type   : local, remote
Debian-specific: no
CVE Id         : CAN-2002-1393

The KDE team discovered several vulnerabilities in the K Desktop
Environment.  In some instances KDE fails to properly quote parameters
of instructions passed to a command shell for execution.  These
parameters may incorporate data such as URLs, filenames and e-mail
addresses, and this data may be provided remotely to a victim in an
e-mail, a webpage or files on a network filesystem or other untrusted

By carefully crafting such data an attacker might be able to execute
arbitary commands on a vulnerable system using the victim's account and
privileges.  The KDE Project is not aware of any existing exploits of
these vulnerabilities.  The patches also provide better safe guards
and check data from untrusted sources more strictly in multiple

For the current stable distribution (woody), these problems have been
fixed in version 2.2.2-8.2.  Please note that we are unable to provide
updated packages for both MIPS architectures since the compilation of
kdemultimedia triggers an internal compiler error on these machines.

The old stable distribution (potato) does not contain KDE packages.

For the unstable distribution (sid), these problems will most probably
not be fixed but new packages for KDE 3.1 for sid are expected for
this year.

We recommend that you upgrade your KDE packages.

Upgrade Instructions

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

  Source archives:
      Size/MD5 checksum:      931 ea6ccb34bf852ac29e6d73613081e334
      Size/MD5 checksum:    12438 c24bc332097a53ec3e5c84cb7bf2b8bf
      Size/MD5 checksum:  4745846 013333cc85b267c3d0d4c50c14bcd2f8

  Alpha architecture:
      Size/MD5 checksum:  1275504 e7f689aadb6cf5cd54f59e54198d7cf2
      Size/MD5 checksum:   101364 b37dfc4b2e96279203d2a2a7e1ee81fe
      Size/MD5 checksum:   262362 37011939bfaf4c5a04ffa018416b5265
      Size/MD5 checksum:  1340624 2728558b23aaefef50f75eabf2b26604
      Size/MD5 checksum:   203918 fb82f8fdca725ecb9a326f7cad423114
      Size/MD5 checksum:   285524 ce32bdcf10cd2ad2be0e7417a4ecaa1e
      Size/MD5 checksum:   154388 73c1fe5523d24c4b34e5a925218ef3dc
      Size/MD5 checksum:   348174 0fea85342c407fbb0d4cc5738452181a
      Size/MD5 checksum:  2110060 9a109e0d1556957de7eb7e82e363208c

  ARM architecture:
      Size/MD5 checksum:   950728 ad369aee8147668de76c89427a393e3e
      Size/MD5 checksum:   101472 aa9b29b7db2b3010291bb4ed4ba4f0af
      Size/MD5 checksum:   242928 77e820262c24fec76a28825159a52aff
      Size/MD5 checksum:  1299456 581e9c81c34e41dca90ef16cc5f5f181
      Size/MD5 checksum:   157540 ddcb9807571ac18edc8a2c09f3de05bf
      Size/MD5 checksum:   272882 1b7f67d78b30e2a0e0d67dbb8e2e9e48
      Size/MD5 checksum:   108140 a9ded96aec60fa509989ff0f5f0ecc6f
      Size/MD5 checksum:   282098 70ed5afd1b77ffe7d7b44ee50dc14bbb
      Size/MD5 checksum:  1894054 beb1cec62d08b7d8a1064ccf5c708529

  Intel IA-32 architecture:
      Size/MD5 checksum:   931028 6450d390f27aeda571691a66a55f4ba9
      Size/MD5 checksum:   101392 e4df2c898c92a9a18d8c8a7fa9d378a5
      Size/MD5 checksum:   239934 77aa1ad61cf050076bd8218d405c466e
      Size/MD5 checksum:  1266742 d56661fb5dd3d8330fba30193827abdb
      Size/MD5 checksum:   155428 75467801fdabb111a9c512e1b3d3492a
      Size/MD5 checksum:   264210 90f8a72fa1d963bd19b7250f545aa686
      Size/MD5 checksum:   105290 85551cf9bc507da3de697307e697f823
      Size/MD5 checksum:   311584 da769f99a16b43d30100d4b7e1235fd4
      Size/MD5 checksum:  1889708 4b751663b1a6760f6f8285dca2b2dcd1

  Intel IA-64 architecture:
      Size/MD5 checksum:  1328734 c459f61f0574f743d76328386ae8d637
      Size/MD5 checksum:   101360 fe282c59e381da90a57e8862bf0d3199
      Size/MD5 checksum:   288342 e15b85fb995adb6c1e4a068815729d01
      Size/MD5 checksum:  1495738 53a5e5db9c035792dda5342b55ee224f
      Size/MD5 checksum:   231210 552566ad2ac4e37789be84c087b80695
      Size/MD5 checksum:   369002 93635ae5e67906b035ce4118a261862d
      Size/MD5 checksum:   151300 c1a47e9a2de01ec9021ea7ed86d33aa1
      Size/MD5 checksum:   511050 67b3787c8570595104af81d9a2883767
      Size/MD5 checksum:  2225366 68ea74f7708e8583a9f0f445bfcc90d4

  HP Precision architecture:
      Size/MD5 checksum:  1461794 26afcf3486140212b5f3300e68a85b7d
      Size/MD5 checksum:   101404 24023dd9c8c5fb8925a4adf3e4682122
      Size/MD5 checksum:   274952 a428d9cdb9f0bf35aa0b55ba67e8118c
      Size/MD5 checksum:  1328916 f6ddd1a1d3ecd22fb29bb7c60cf71f6e
      Size/MD5 checksum:   206838 e01ff343760e76afe7be65e7387795be
      Size/MD5 checksum:   291196 51170047d6b913d561a445bd3a03b4d3
      Size/MD5 checksum:   286880 abbb60e4eb50c883d6087422fa927f13
      Size/MD5 checksum:   337658 ed18ef7ace0bd76e30f3aaaca7a4980c
      Size/MD5 checksum:  2170100 f7339c2116773ea1972c456a93ed1c2e

  Motorola 680x0 architecture:
      Size/MD5 checksum:   947918 394990d923d2cb54e1d903fa9102e2dd
      Size/MD5 checksum:   101602 5eb78569b4c39d0f84fcc9b56121b3f6
      Size/MD5 checksum:   241304 73097cf737026374ff956a626fea2bb7
      Size/MD5 checksum:  1246882 356e3b535226807555f95cd6c9886145
      Size/MD5 checksum:   154944 436b551976c798d407d194d15753ce31
      Size/MD5 checksum:   258416 1adedbfe8c922bc1b3ee0ffebf8d3af7
      Size/MD5 checksum:   108026 1f85c7f95f3468773c3a5aa8c031f2c6
      Size/MD5 checksum:   292346 c7d2a634fa3d55f864b548200ba4910f
      Size/MD5 checksum:  1893268 53291c3cf2b6187a1e9a71bb90452507

  PowerPC architecture:
      Size/MD5 checksum:   996950 2158b7aee4fa4f99edeac9096d5a0f84
      Size/MD5 checksum:   101376 cf015241d26b5b0c5b57445de503d722
      Size/MD5 checksum:   243686 6ff1aaa97401db67b1471d7a2848fe0e
      Size/MD5 checksum:  1281376 9421d9cd1040e995ecf5b484375d6c92
      Size/MD5 checksum:   157280 854a1fb4af22184c6c314bb930e7318d
      Size/MD5 checksum:   271618 33fa16c2854408c3afcd9f4b881deaad
      Size/MD5 checksum:   118688 3857b9db12df3f2ecb7814997fdfe189
      Size/MD5 checksum:   226308 b0caf9978bd8122d190ab12f5b2b7075
      Size/MD5 checksum:  1915652 e9e29f0aecd6da93ba2afd63f4175989

  IBM S/390 architecture:
      Size/MD5 checksum:   949144 4fdc485750c31fb4066e472b15428ca8
      Size/MD5 checksum:   101394 e20bf973dfe70f0f61f908f8dd8209f9
      Size/MD5 checksum:   247156 b45eac6b57ed5ce311106c2bfb305bf5
      Size/MD5 checksum:  1282880 1eb6591f76839234d78fc4e33a45b299
      Size/MD5 checksum:   168072 d2b12dce4cc9d796669e2229b5e383d1
      Size/MD5 checksum:   271944 916a16b3026ecec61d66f85c5d4c8ab0
      Size/MD5 checksum:   113444 5e4288362c2cba05aecda5ba10fe9bf7
      Size/MD5 checksum:   343568 3bc187ac0018b58e062e2009b1a6ea34
      Size/MD5 checksum:  1916274 a735f195d97b50ef4c7313df82ace682

  Sun Sparc architecture:
      Size/MD5 checksum:   973512 85018e1174bbbe96dddc637610a8605e
      Size/MD5 checksum:   101402 7ab750a27ee344ffd4ede95c2ffa3bb7
      Size/MD5 checksum:   244520 d55726594ee67d0872fd6c5ec4676ab4
      Size/MD5 checksum:  1279162 0cb391dc3b6dc1aad65a2e82b3d3420f
      Size/MD5 checksum:   159528 bc102f8f6df7798f0dce414689e99572
      Size/MD5 checksum:   270228 406add52cdba3149c9f119cb46d063b7
      Size/MD5 checksum:   113428 d9216a2fd6f74d729fac7107abf9cc7f
      Size/MD5 checksum:   319032 5d2b5119edbb8df2212138a04f5ed3ce
      Size/MD5 checksum:  1919588 a0d7a348e1c032352232e919f6c30279

  These files will be moved into the stable distribution after new KDE
  packages have been uploaded into unstable (sid) and compiled for
  all architectures.

For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
Package info: `apt-cache show ' and


LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"64","type":"x","order":"1","pct":76.19,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"13","type":"x","order":"2","pct":15.48,"resources":[]},{"id":"181","title":"Hardly ever","votes":"7","type":"x","order":"3","pct":8.33,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.



bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.