Debian: kdepim multiple vulnerabilities

    Date23 Jan 2003
    CategoryDebian
    3083
    Posted ByLinuxSecurity Advisories
    The KDE team discovered several vulnerabilities in the K Desktop Environment.
    
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 238-1                     This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                             Martin Schulze
    January 23rd, 2003                       http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : kdepim
    Vulnerability  : several
    Problem-type   : local, remote
    Debian-specific: no
    CVE Id         : CAN-2002-1393
    
    The KDE team discovered several vulnerabilities in the K Desktop
    Environment.  In some instances KDE fails to properly quote parameters
    of instructions passed to a command shell for execution.  These
    parameters may incorporate data such as URLs, filenames and e-mail
    addresses, and this data may be provided remotely to a victim in an
    e-mail, a webpage or files on a network filesystem or other untrusted
    source.
    
    By carefully crafting such data an attacker might be able to execute
    arbitary commands on a vulnerable sytem using the victim's account and
    privileges.  The KDE Project is not aware of any existing exploits of
    these vulnerabilities.  The patches also provide better safe guards
    and check data from untrusted sources more strictly in multiple
    places.
    
    For the current stable distribution (woody), these problems have been fixed
    in version 2.2.2-5.2.
    
    The old stable distribution (potato) does not contain KDE packages.
    
    For the unstable distribution (sid), these problems will most probably
    not be fixed but new packages for KDE 3.1 for sid are expected for
    this year.
    
    We recommend that you upgrade your KDE packages.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
         http://security.debian.org/pool/updates/main/k/kdepim/kdepim_2.2.2-5.2.dsc
          Size/MD5 checksum:      817 3a9b6d07e71b4a78fff95f1e0d5f3df1
         http://security.debian.org/pool/updates/main/k/kdepim/kdepim_2.2.2-5.2.diff.gz
          Size/MD5 checksum:   104449 81c061d65307d74cb877766b57b22693
         http://security.debian.org/pool/updates/main/k/kdepim/kdepim_2.2.2.orig.tar.gz
          Size/MD5 checksum:  2426387 e090f1aad8ebd1a3ea1ecd42d51532f9
    
      Alpha architecture:
    
         http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_alpha.deb
          Size/MD5 checksum:   109240 6c5235a3331c8d3a774f7830e048f3d8
         http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_alpha.deb
          Size/MD5 checksum:    22648 3a055bcaee8f6f88afe80b30e6f2211d
         http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_alpha.deb
          Size/MD5 checksum:   456832 578b1f4eac0aebac76e90fe4010fcfb9
         http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_alpha.deb
          Size/MD5 checksum:   716432 50b9d71558a64615f1392cbe93033355
         http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_alpha.deb
          Size/MD5 checksum:   824996 27aa213fa013720f5f5a926aed891845
    
      ARM architecture:
    
         http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_arm.deb
          Size/MD5 checksum:    84314 8fbc92a65edc80b03d56629677366371
         http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_arm.deb
          Size/MD5 checksum:    22646 7d035230f1ea1179e69ea25b167c7a96
         http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_arm.deb
          Size/MD5 checksum:   362892 5261b05a017c810ec3a59aecb937f0b2
         http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_arm.deb
          Size/MD5 checksum:   620202 c638b1d0ff98cd9d78ca3bb8ddebabee
         http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_arm.deb
          Size/MD5 checksum:   724560 b4cb3ab202e12b3e4ce1180280b7b7c4
    
      Intel IA-32 architecture:
    
         http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_i386.deb
          Size/MD5 checksum:    84642 1cde319e7dc3939d6de153ebf9128140
         http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_i386.deb
          Size/MD5 checksum:    22638 072fc2043003c57ee1288b461fe5080e
         http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_i386.deb
          Size/MD5 checksum:   359282 60abc8750287b7acd90aea5f96ad681c
         http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_i386.deb
          Size/MD5 checksum:   598284 3272ea2762c45f9a97c868433750bf6c
         http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_i386.deb
          Size/MD5 checksum:   718354 6195ea202df4bf7895e4ab1d4ea6599c
    
      Intel IA-64 architecture:
    
         http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_ia64.deb
          Size/MD5 checksum:   127432 1e767af46b537f450c90b90a57838b75
         http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_ia64.deb
          Size/MD5 checksum:    22638 03c37216be4a1abb7dafe8b2a50f03aa
         http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_ia64.deb
          Size/MD5 checksum:   570572 f08e48aa1974ed09b0a6c47755ce67d0
         http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_ia64.deb
          Size/MD5 checksum:   835716 bec4be6dd27d531d6fb750dbbdb1c46b
         http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_ia64.deb
          Size/MD5 checksum:   934750 4e99292ff76e5a479493334e08fc9130
    
      Motorola 680x0 architecture:
    
         http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_m68k.deb
          Size/MD5 checksum:    83214 757f6ab819882d9e343d6ce0d89188ef
         http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_m68k.deb
          Size/MD5 checksum:    22654 b5ed90d92e9b2c7129e63b37e62ef621
         http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_m68k.deb
          Size/MD5 checksum:   358008 6f392d9a4d5b2023bd3e07d1f7b76c75
         http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_m68k.deb
          Size/MD5 checksum:   603922 607c929b8cef38dc36a80afb052b0c35
         http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_m68k.deb
          Size/MD5 checksum:   718006 daa16707658d414cfdca7fe733ef0d52
    
      Big endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_mips.deb
          Size/MD5 checksum:    97910 31149d82dcb3083d01f8c7517b2015e5
         http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_mips.deb
          Size/MD5 checksum:    22644 058da04155cde7131a7180a6a4344044
         http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_mips.deb
          Size/MD5 checksum:   358636 515217cc3e833710e408ce48a72a60fb
         http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_mips.deb
          Size/MD5 checksum:   609670 67fd35ad1b2d52ba94a05857bb1db109
         http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_mips.deb
          Size/MD5 checksum:   753496 00c8309e2c0424ab3fa9d7cf1fc4ba4d
    
      Little endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_mipsel.deb
          Size/MD5 checksum:    96896 402ca43606d340cf3321a94427072907
         http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_mipsel.deb
          Size/MD5 checksum:    22640 5a622f10523f96b078facae719331bff
         http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_mipsel.deb
          Size/MD5 checksum:   354500 17d31d36e4df790f94807547423f80a9
         http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_mipsel.deb
          Size/MD5 checksum:   601432 f4f0895538784636439876e0e9d50c57
         http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_mipsel.deb
          Size/MD5 checksum:   747728 66a47df6ee7a6bd4c592daf5e27a98d7
    
      PowerPC architecture:
    
         http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_powerpc.deb
          Size/MD5 checksum:    83602 b4447af57694f46b4529e25d455d9adf
         http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_powerpc.deb
          Size/MD5 checksum:    22646 97b6c879dac3dc6964ac824ef06f9eae
         http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_powerpc.deb
          Size/MD5 checksum:   378898 1b6470873c9f4fd72f9cda1807b9eeb7
         http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_powerpc.deb
          Size/MD5 checksum:   619312 925ede2755bca091cbfa2d76f4fec7f2
         http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_powerpc.deb
          Size/MD5 checksum:   706400 e5a8766555d252c21ad05622a0dbb096
    
      IBM S/390 architecture:
    
         http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_s390.deb
          Size/MD5 checksum:    89224 bcbc4decf43c4abcb2342d5c9426358a
         http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_s390.deb
          Size/MD5 checksum:    22646 667cd0dd6c8ddc215d217b9ae0bba217
         http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_s390.deb
          Size/MD5 checksum:   381256 c93f67e2659bb26b3cff53d367cdb499
         http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_s390.deb
          Size/MD5 checksum:   630936 8caf19f27a5fd8eb8725c5fdb3d81d78
         http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_s390.deb
          Size/MD5 checksum:   722916 02c65a4811bf33d857537f42e32f6816
    
      Sun Sparc architecture:
    
         http://security.debian.org/pool/updates/main/k/kdepim/kandy_2.2.2-5.2_sparc.deb
          Size/MD5 checksum:    85026 21d3784c9a950f51f66fd1443acb988f
         http://security.debian.org/pool/updates/main/k/kdepim/kdepim-dev_2.2.2-5.2_sparc.deb
          Size/MD5 checksum:    22642 26d51be237a50eb27143ff95e704eac0
         http://security.debian.org/pool/updates/main/k/kdepim/kdepim-libs_2.2.2-5.2_sparc.deb
          Size/MD5 checksum:   374682 0a2973a2b7d14f52b3e0a3b842b08115
         http://security.debian.org/pool/updates/main/k/kdepim/korganizer_2.2.2-5.2_sparc.deb
          Size/MD5 checksum:   619716 c99a61aa3e6479d3d59c631f1eb9aad8
         http://security.debian.org/pool/updates/main/k/kdepim/kpilot_2.2.2-5.2_sparc.deb
          Size/MD5 checksum:   714040 3a53cdeb21da38b61e8742a100456885
    
    
      These files will be moved into the stable distribution after new KDE
      packages fhave been uploaded into unstable (sid) and compiled for
      all architectures.  
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb  http://security.debian.org/ stable/updates main
    For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and  http://packages.debian.org/
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"39","type":"x","order":"1","pct":50,"resources":[]},{"id":"88","title":"Should be more technical","votes":"11","type":"x","order":"2","pct":14.1,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"28","type":"x","order":"3","pct":35.9,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.