- --------------------------------------------------------------------------
Debian Security Advisory DSA 238-1                     security@debian.org 
Debian -- Security Information                              Martin Schulze
January 23rd, 2003                       Debian -- Debian security FAQ 
- --------------------------------------------------------------------------

Package        : kdepim
Vulnerability  : several
Problem-type   : local, remote
Debian-specific: no
CVE Id         : CAN-2002-1393

The KDE team discovered several vulnerabilities in the K Desktop
Environment.  In some instances KDE fails to properly quote parametersof instructions passed to a command shell for execution.  These
parameters may incorporate data such as URLs, filenames and e-mail
addresses, and this data may be provided remotely to a victim in an
e-mail, a webpage or files on a network filesystem or other untrusted
source.

By carefully crafting such data an attacker might be able to execute
arbitary commands on a vulnerable sytem using the victim's account and
privileges.  The KDE Project is not aware of any existing exploits of
these vulnerabilities.  The patches also provide better safe guards
and check data from untrusted sources more strictly in multiple
places.

For the current stable distribution (woody), these problems have been fixed
in version 2.2.2-5.2.

The old stable distribution (potato) does not contain KDE packages.

For the unstable distribution (sid), these problems will most probably
not be fixed but new packages for KDE 3.1 for sid are expected for
this year.

We recommend that you upgrade your KDE packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

      
      Size/MD5 checksum:      817 3a9b6d07e71b4a78fff95f1e0d5f3df1
      
      Size/MD5 checksum:   104449 81c061d65307d74cb877766b57b22693
      
      Size/MD5 checksum:  2426387 e090f1aad8ebd1a3ea1ecd42d51532f9

  Alpha architecture:

      
      Size/MD5 checksum:   109240 6c5235a3331c8d3a774f7830e048f3d8
      
      Size/MD5 checksum:    22648 3a055bcaee8f6f88afe80b30e6f2211d
      
      Size/MD5 checksum:   456832 578b1f4eac0aebac76e90fe4010fcfb9
      
      Size/MD5 checksum:   716432 50b9d71558a64615f1392cbe93033355
      
      Size/MD5 checksum:   824996 27aa213fa013720f5f5a926aed891845

  ARM architecture:

      
      Size/MD5 checksum:    84314 8fbc92a65edc80b03d56629677366371
      
      Size/MD5 checksum:    22646 7d035230f1ea1179e69ea25b167c7a96
      
      Size/MD5 checksum:   362892 5261b05a017c810ec3a59aecb937f0b2
      
      Size/MD5 checksum:   620202 c638b1d0ff98cd9d78ca3bb8ddebabee
      
      Size/MD5 checksum:   724560 b4cb3ab202e12b3e4ce1180280b7b7c4

  Intel IA-32 architecture:

      
      Size/MD5 checksum:    84642 1cde319e7dc3939d6de153ebf9128140
      
      Size/MD5 checksum:    22638 072fc2043003c57ee1288b461fe5080e
      
      Size/MD5 checksum:   359282 60abc8750287b7acd90aea5f96ad681c
      
      Size/MD5 checksum:   598284 3272ea2762c45f9a97c868433750bf6c
      
      Size/MD5 checksum:   718354 6195ea202df4bf7895e4ab1d4ea6599c

  Intel IA-64 architecture:

      
      Size/MD5 checksum:   127432 1e767af46b537f450c90b90a57838b75
      
      Size/MD5 checksum:    22638 03c37216be4a1abb7dafe8b2a50f03aa
      
      Size/MD5 checksum:   570572 f08e48aa1974ed09b0a6c47755ce67d0
      
      Size/MD5 checksum:   835716 bec4be6dd27d531d6fb750dbbdb1c46b
      
      Size/MD5 checksum:   934750 4e99292ff76e5a479493334e08fc9130

  Motorola 680x0 architecture:

      
      Size/MD5 checksum:    83214 757f6ab819882d9e343d6ce0d89188ef
      
      Size/MD5 checksum:    22654 b5ed90d92e9b2c7129e63b37e62ef621
      
      Size/MD5 checksum:   358008 6f392d9a4d5b2023bd3e07d1f7b76c75
      
      Size/MD5 checksum:   603922 607c929b8cef38dc36a80afb052b0c35
      
      Size/MD5 checksum:   718006 daa16707658d414cfdca7fe733ef0d52

  Big endian MIPS architecture:

      
      Size/MD5 checksum:    97910 31149d82dcb3083d01f8c7517b2015e5
      
      Size/MD5 checksum:    22644 058da04155cde7131a7180a6a4344044
      
      Size/MD5 checksum:   358636 515217cc3e833710e408ce48a72a60fb
      
      Size/MD5 checksum:   609670 67fd35ad1b2d52ba94a05857bb1db109
      
      Size/MD5 checksum:   753496 00c8309e2c0424ab3fa9d7cf1fc4ba4d

  Little endian MIPS architecture:

      
      Size/MD5 checksum:    96896 402ca43606d340cf3321a94427072907
      
      Size/MD5 checksum:    22640 5a622f10523f96b078facae719331bff
      
      Size/MD5 checksum:   354500 17d31d36e4df790f94807547423f80a9
      
      Size/MD5 checksum:   601432 f4f0895538784636439876e0e9d50c57
      
      Size/MD5 checksum:   747728 66a47df6ee7a6bd4c592daf5e27a98d7

  PowerPC architecture:

      
      Size/MD5 checksum:    83602 b4447af57694f46b4529e25d455d9adf
      
      Size/MD5 checksum:    22646 97b6c879dac3dc6964ac824ef06f9eae
      
      Size/MD5 checksum:   378898 1b6470873c9f4fd72f9cda1807b9eeb7
      
      Size/MD5 checksum:   619312 925ede2755bca091cbfa2d76f4fec7f2
      
      Size/MD5 checksum:   706400 e5a8766555d252c21ad05622a0dbb096

  IBM S/390 architecture:

      
      Size/MD5 checksum:    89224 bcbc4decf43c4abcb2342d5c9426358a
      
      Size/MD5 checksum:    22646 667cd0dd6c8ddc215d217b9ae0bba217
      
      Size/MD5 checksum:   381256 c93f67e2659bb26b3cff53d367cdb499
      
      Size/MD5 checksum:   630936 8caf19f27a5fd8eb8725c5fdb3d81d78
      
      Size/MD5 checksum:   722916 02c65a4811bf33d857537f42e32f6816

  Sun Sparc architecture:

      
      Size/MD5 checksum:    85026 21d3784c9a950f51f66fd1443acb988f
      
      Size/MD5 checksum:    22642 26d51be237a50eb27143ff95e704eac0
      
      Size/MD5 checksum:   374682 0a2973a2b7d14f52b3e0a3b842b08115
      
      Size/MD5 checksum:   619716 c99a61aa3e6479d3d59c631f1eb9aad8
      
      Size/MD5 checksum:   714040 3a53cdeb21da38b61e8742a100456885


  These files will be moved into the stable distribution after new KDE
  packages fhave been uploaded into unstable (sid) and compiled for
  all architectures.  

- ---------------------------------------------------------------------------------
For apt-get: deb  Debian -- Security Information  stable/updates main
For dpkg-ftp:    dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and  http://packages.debian.org/

Debian: kdepim multiple vulnerabilities

January 23, 2003
The KDE team discovered several vulnerabilities in the K Desktop Environment.

Summary

The KDE team discovered several vulnerabilities in the K Desktop
Environment. In some instances KDE fails to properly quote parametersof instructions passed to a command shell for execution. These
parameters may incorporate data such as URLs, filenames and e-mail
addresses, and this data may be provided remotely to a victim in an
e-mail, a webpage or files on a network filesystem or other untrusted
source.

By carefully crafting such data an attacker might be able to execute
arbitary commands on a vulnerable sytem using the victim's account and
privileges. The KDE Project is not aware of any existing exploits of
these vulnerabilities. The patches also provide better safe guards
and check data from untrusted sources more strictly in multiple
places.

For the current stable distribution (woody), these problems have been fixed
in version 2.2.2-5.2.

The old stable distribution (potato) does not contain KDE packages.

For the unstable distribution (sid), these problems will most probably
not be fixed but new packages for KDE 3.1 for sid are expected for
this year.

We recommend that you upgrade your KDE packages.


Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody

Source archives:


Size/MD5 checksum: 817 3a9b6d07e71b4a78fff95f1e0d5f3df1

Size/MD5 checksum: 104449 81c061d65307d74cb877766b57b22693

Size/MD5 checksum: 2426387 e090f1aad8ebd1a3ea1ecd42d51532f9

Alpha architecture:


Size/MD5 checksum: 109240 6c5235a3331c8d3a774f7830e048f3d8

Size/MD5 checksum: 22648 3a055bcaee8f6f88afe80b30e6f2211d

Size/MD5 checksum: 456832 578b1f4eac0aebac76e90fe4010fcfb9

Size/MD5 checksum: 716432 50b9d71558a64615f1392cbe93033355

Size/MD5 checksum: 824996 27aa213fa013720f5f5a926aed891845

ARM architecture:


Size/MD5 checksum: 84314 8fbc92a65edc80b03d56629677366371

Size/MD5 checksum: 22646 7d035230f1ea1179e69ea25b167c7a96

Size/MD5 checksum: 362892 5261b05a017c810ec3a59aecb937f0b2

Size/MD5 checksum: 620202 c638b1d0ff98cd9d78ca3bb8ddebabee

Size/MD5 checksum: 724560 b4cb3ab202e12b3e4ce1180280b7b7c4

Intel IA-32 architecture:


Size/MD5 checksum: 84642 1cde319e7dc3939d6de153ebf9128140

Size/MD5 checksum: 22638 072fc2043003c57ee1288b461fe5080e

Size/MD5 checksum: 359282 60abc8750287b7acd90aea5f96ad681c

Size/MD5 checksum: 598284 3272ea2762c45f9a97c868433750bf6c

Size/MD5 checksum: 718354 6195ea202df4bf7895e4ab1d4ea6599c

Intel IA-64 architecture:


Size/MD5 checksum: 127432 1e767af46b537f450c90b90a57838b75

Size/MD5 checksum: 22638 03c37216be4a1abb7dafe8b2a50f03aa

Size/MD5 checksum: 570572 f08e48aa1974ed09b0a6c47755ce67d0

Size/MD5 checksum: 835716 bec4be6dd27d531d6fb750dbbdb1c46b

Size/MD5 checksum: 934750 4e99292ff76e5a479493334e08fc9130

Motorola 680x0 architecture:


Size/MD5 checksum: 83214 757f6ab819882d9e343d6ce0d89188ef

Size/MD5 checksum: 22654 b5ed90d92e9b2c7129e63b37e62ef621

Size/MD5 checksum: 358008 6f392d9a4d5b2023bd3e07d1f7b76c75

Size/MD5 checksum: 603922 607c929b8cef38dc36a80afb052b0c35

Size/MD5 checksum: 718006 daa16707658d414cfdca7fe733ef0d52

Big endian MIPS architecture:


Size/MD5 checksum: 97910 31149d82dcb3083d01f8c7517b2015e5

Size/MD5 checksum: 22644 058da04155cde7131a7180a6a4344044

Size/MD5 checksum: 358636 515217cc3e833710e408ce48a72a60fb

Size/MD5 checksum: 609670 67fd35ad1b2d52ba94a05857bb1db109

Size/MD5 checksum: 753496 00c8309e2c0424ab3fa9d7cf1fc4ba4d

Little endian MIPS architecture:


Size/MD5 checksum: 96896 402ca43606d340cf3321a94427072907

Size/MD5 checksum: 22640 5a622f10523f96b078facae719331bff

Size/MD5 checksum: 354500 17d31d36e4df790f94807547423f80a9

Size/MD5 checksum: 601432 f4f0895538784636439876e0e9d50c57

Size/MD5 checksum: 747728 66a47df6ee7a6bd4c592daf5e27a98d7

PowerPC architecture:


Size/MD5 checksum: 83602 b4447af57694f46b4529e25d455d9adf

Size/MD5 checksum: 22646 97b6c879dac3dc6964ac824ef06f9eae

Size/MD5 checksum: 378898 1b6470873c9f4fd72f9cda1807b9eeb7

Size/MD5 checksum: 619312 925ede2755bca091cbfa2d76f4fec7f2

Size/MD5 checksum: 706400 e5a8766555d252c21ad05622a0dbb096

IBM S/390 architecture:


Size/MD5 checksum: 89224 bcbc4decf43c4abcb2342d5c9426358a

Size/MD5 checksum: 22646 667cd0dd6c8ddc215d217b9ae0bba217

Size/MD5 checksum: 381256 c93f67e2659bb26b3cff53d367cdb499

Size/MD5 checksum: 630936 8caf19f27a5fd8eb8725c5fdb3d81d78

Size/MD5 checksum: 722916 02c65a4811bf33d857537f42e32f6816

Sun Sparc architecture:


Size/MD5 checksum: 85026 21d3784c9a950f51f66fd1443acb988f

Size/MD5 checksum: 22642 26d51be237a50eb27143ff95e704eac0

Size/MD5 checksum: 374682 0a2973a2b7d14f52b3e0a3b842b08115

Size/MD5 checksum: 619716 c99a61aa3e6479d3d59c631f1eb9aad8

Size/MD5 checksum: 714040 3a53cdeb21da38b61e8742a100456885


These files will be moved into the stable distribution after new KDE
packages fhave been uploaded into unstable (sid) and compiled for
all architectures.

For apt-get: deb Debian -- Security Information stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/





Severity
Package : kdepim
Vulnerability : several
Problem-type : local, remote
Debian-specific: no
CVE Id : CAN-2002-1393

Related News

30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
2.Motherboard Esm H320
2 - 3 min read
The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved