Linux Security
Linux Security
Linux Security

Debian: kdepim multiple vulnerabilities

Date 23 Jan 2003
Posted By LinuxSecurity Advisories
The KDE team discovered several vulnerabilities in the K Desktop Environment.

- --------------------------------------------------------------------------
Debian Security Advisory DSA 238-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.                             Martin Schulze
January 23rd, 2003             
- --------------------------------------------------------------------------

Package        : kdepim
Vulnerability  : several
Problem-type   : local, remote
Debian-specific: no
CVE Id         : CAN-2002-1393

The KDE team discovered several vulnerabilities in the K Desktop
Environment.  In some instances KDE fails to properly quote parameters
of instructions passed to a command shell for execution.  These
parameters may incorporate data such as URLs, filenames and e-mail
addresses, and this data may be provided remotely to a victim in an
e-mail, a webpage or files on a network filesystem or other untrusted

By carefully crafting such data an attacker might be able to execute
arbitary commands on a vulnerable sytem using the victim's account and
privileges.  The KDE Project is not aware of any existing exploits of
these vulnerabilities.  The patches also provide better safe guards
and check data from untrusted sources more strictly in multiple

For the current stable distribution (woody), these problems have been fixed
in version 2.2.2-5.2.

The old stable distribution (potato) does not contain KDE packages.

For the unstable distribution (sid), these problems will most probably
not be fixed but new packages for KDE 3.1 for sid are expected for
this year.

We recommend that you upgrade your KDE packages.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:
      Size/MD5 checksum:      817 3a9b6d07e71b4a78fff95f1e0d5f3df1
      Size/MD5 checksum:   104449 81c061d65307d74cb877766b57b22693
      Size/MD5 checksum:  2426387 e090f1aad8ebd1a3ea1ecd42d51532f9

  Alpha architecture:
      Size/MD5 checksum:   109240 6c5235a3331c8d3a774f7830e048f3d8
      Size/MD5 checksum:    22648 3a055bcaee8f6f88afe80b30e6f2211d
      Size/MD5 checksum:   456832 578b1f4eac0aebac76e90fe4010fcfb9
      Size/MD5 checksum:   716432 50b9d71558a64615f1392cbe93033355
      Size/MD5 checksum:   824996 27aa213fa013720f5f5a926aed891845

  ARM architecture:
      Size/MD5 checksum:    84314 8fbc92a65edc80b03d56629677366371
      Size/MD5 checksum:    22646 7d035230f1ea1179e69ea25b167c7a96
      Size/MD5 checksum:   362892 5261b05a017c810ec3a59aecb937f0b2
      Size/MD5 checksum:   620202 c638b1d0ff98cd9d78ca3bb8ddebabee
      Size/MD5 checksum:   724560 b4cb3ab202e12b3e4ce1180280b7b7c4

  Intel IA-32 architecture:
      Size/MD5 checksum:    84642 1cde319e7dc3939d6de153ebf9128140
      Size/MD5 checksum:    22638 072fc2043003c57ee1288b461fe5080e
      Size/MD5 checksum:   359282 60abc8750287b7acd90aea5f96ad681c
      Size/MD5 checksum:   598284 3272ea2762c45f9a97c868433750bf6c
      Size/MD5 checksum:   718354 6195ea202df4bf7895e4ab1d4ea6599c

  Intel IA-64 architecture:
      Size/MD5 checksum:   127432 1e767af46b537f450c90b90a57838b75
      Size/MD5 checksum:    22638 03c37216be4a1abb7dafe8b2a50f03aa
      Size/MD5 checksum:   570572 f08e48aa1974ed09b0a6c47755ce67d0
      Size/MD5 checksum:   835716 bec4be6dd27d531d6fb750dbbdb1c46b
      Size/MD5 checksum:   934750 4e99292ff76e5a479493334e08fc9130

  Motorola 680x0 architecture:
      Size/MD5 checksum:    83214 757f6ab819882d9e343d6ce0d89188ef
      Size/MD5 checksum:    22654 b5ed90d92e9b2c7129e63b37e62ef621
      Size/MD5 checksum:   358008 6f392d9a4d5b2023bd3e07d1f7b76c75
      Size/MD5 checksum:   603922 607c929b8cef38dc36a80afb052b0c35
      Size/MD5 checksum:   718006 daa16707658d414cfdca7fe733ef0d52

  Big endian MIPS architecture:
      Size/MD5 checksum:    97910 31149d82dcb3083d01f8c7517b2015e5
      Size/MD5 checksum:    22644 058da04155cde7131a7180a6a4344044
      Size/MD5 checksum:   358636 515217cc3e833710e408ce48a72a60fb
      Size/MD5 checksum:   609670 67fd35ad1b2d52ba94a05857bb1db109
      Size/MD5 checksum:   753496 00c8309e2c0424ab3fa9d7cf1fc4ba4d

  Little endian MIPS architecture:
      Size/MD5 checksum:    96896 402ca43606d340cf3321a94427072907
      Size/MD5 checksum:    22640 5a622f10523f96b078facae719331bff
      Size/MD5 checksum:   354500 17d31d36e4df790f94807547423f80a9
      Size/MD5 checksum:   601432 f4f0895538784636439876e0e9d50c57
      Size/MD5 checksum:   747728 66a47df6ee7a6bd4c592daf5e27a98d7

  PowerPC architecture:
      Size/MD5 checksum:    83602 b4447af57694f46b4529e25d455d9adf
      Size/MD5 checksum:    22646 97b6c879dac3dc6964ac824ef06f9eae
      Size/MD5 checksum:   378898 1b6470873c9f4fd72f9cda1807b9eeb7
      Size/MD5 checksum:   619312 925ede2755bca091cbfa2d76f4fec7f2
      Size/MD5 checksum:   706400 e5a8766555d252c21ad05622a0dbb096

  IBM S/390 architecture:
      Size/MD5 checksum:    89224 bcbc4decf43c4abcb2342d5c9426358a
      Size/MD5 checksum:    22646 667cd0dd6c8ddc215d217b9ae0bba217
      Size/MD5 checksum:   381256 c93f67e2659bb26b3cff53d367cdb499
      Size/MD5 checksum:   630936 8caf19f27a5fd8eb8725c5fdb3d81d78
      Size/MD5 checksum:   722916 02c65a4811bf33d857537f42e32f6816

  Sun Sparc architecture:
      Size/MD5 checksum:    85026 21d3784c9a950f51f66fd1443acb988f
      Size/MD5 checksum:    22642 26d51be237a50eb27143ff95e704eac0
      Size/MD5 checksum:   374682 0a2973a2b7d14f52b3e0a3b842b08115
      Size/MD5 checksum:   619716 c99a61aa3e6479d3d59c631f1eb9aad8
      Size/MD5 checksum:   714040 3a53cdeb21da38b61e8742a100456885

  These files will be moved into the stable distribution after new KDE
  packages fhave been uploaded into unstable (sid) and compiled for
  all architectures.  

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
Package info: `apt-cache show ' and

LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"64","type":"x","order":"1","pct":76.19,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"13","type":"x","order":"2","pct":15.48,"resources":[]},{"id":"181","title":"Hardly ever","votes":"7","type":"x","order":"3","pct":8.33,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.



bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.