Debian: New kdelibs packages fix backup file information leak

    Date09 Nov 2005
    CategoryDebian
    5704
    Posted ByJoe Shakespeare
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 804-2                     This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                             Martin Schulze
    November 10th, 2005                     http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : kdelibs
    Vulnerability  : insecure permissions
    Problem-Type   : local
    Debian-specific: no
    CVE ID         : CAN-2005-1920
    
    Lennert Buytenhek discoverd that that patch to cure this information
    leak was only included but not applied, hence, this update.  For
    completeness we're copying the original advisory text:
    
       KDE developers have reported a vulnerability in the backup file
       handling of Kate and Kwrite.  The backup files are created with
       default permissions, even if the original file had more strict
       permissions set.  This could disclose information unintendedly.
    
    For the stable distribution (sarge) this problem has been fixed in
    version 3.3.2-6.3.
    
    For the unstable distribution (sid) these problems have been fixed in
    version 3.4.1-1.
    
    We recommend that you upgrade your kate package.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.3.2-6.3.dsc
          Size/MD5 checksum:     1255 4cc793318c704d5f1cb868030981ff57
        http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.3.2-6.3.diff.gz
          Size/MD5 checksum:   404229 e920360631a76024156c41be8b0d2d8f
        http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.3.2.orig.tar.gz
          Size/MD5 checksum: 18250342 04f10ddfa8bf9e359f391012806edc04
    
      Architecture independent components:
    
        http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-data_3.3.2-6.3_all.deb
          Size/MD5 checksum:  7094534 d789cc4683b501ad590346c23910be9e
        http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-doc_3.3.2-6.3_all.deb
          Size/MD5 checksum: 11535490 2dd64157788a25339fb308b66458dfc4
        http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.3.2-6.3_all.deb
          Size/MD5 checksum:    27830 8d7466f5b7749c403f8391250ac758c2
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.3_alpha.deb
          Size/MD5 checksum:   995196 5f9857ea5b00a14e6cc354b9768fceb1
        http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.3_alpha.deb
          Size/MD5 checksum:  9283662 ed728107ba0e7de7540fa3dcc46b477a
        http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.3_alpha.deb
          Size/MD5 checksum:  1245858 65320a7b96a6be3dfbcca9c318e708e5
    
      AMD64 architecture:
    
        http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.3_amd64.deb
          Size/MD5 checksum:   923188 5a528318ef92909773877e2ee983a4d5
        http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.3_amd64.deb
          Size/MD5 checksum:  8514424 40d7c81a90bbea20c226dab00cd3342c
        http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.3_amd64.deb
          Size/MD5 checksum:  1241540 2811001f5f19093f5fe551199b91fe41
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.3_arm.deb
          Size/MD5 checksum:   810844 39cab7f30f96450c373f32ca334967a9
        http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.3_arm.deb
          Size/MD5 checksum:  7595134 60546b0285bf8e894834870adaf13ecf
        http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.3_arm.deb
          Size/MD5 checksum:  1239196 1bdb9ee72fb2f76fee68d72861f496ca
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.3_i386.deb
          Size/MD5 checksum:   863314 15c9af4d49acd3c3a379e3182199242a
        http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.3_i386.deb
          Size/MD5 checksum:  8203078 fd52873f261beda4c1555322bdd87d9e
        http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.3_i386.deb
          Size/MD5 checksum:  1239110 bce6dd6e7e1d15a4c88f7d8eeff9506e
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.3_ia64.deb
          Size/MD5 checksum:  1148358 1a0c4d409176aa931f06bfaa8b341232
        http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.3_ia64.deb
          Size/MD5 checksum: 10773582 3ba603f7856d4261fbe02e4fafecbadf
        http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.3_ia64.deb
          Size/MD5 checksum:  1253394 d290b52e71350afbf918c21482eb4ebd
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.3_hppa.deb
          Size/MD5 checksum:   945060 a4f44240a21de6e464b170fe438a2f92
        http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.3_hppa.deb
          Size/MD5 checksum:  9306058 32dc28d4a85258230bf74440b7a463bc
        http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.3_hppa.deb
          Size/MD5 checksum:  1243456 2292057e1b77a5d9c519828f9e772cdc
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.3_m68k.deb
          Size/MD5 checksum:   837404 7ac4a4561a707881e55135da2cb0b9ca
        http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.3_m68k.deb
          Size/MD5 checksum:  7917390 f254d07d6338bf0f56d5f2446a0bd1d6
        http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.3_m68k.deb
          Size/MD5 checksum:  1237552 d36cf5bd1c6bba2026b7f9b1c5c964cb
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.3_mips.deb
          Size/MD5 checksum:   876114 2c246872e48005f205e45aa199f3d745
        http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.3_mips.deb
          Size/MD5 checksum:  7427108 896f75f3b75ae461ab2d91c194e5707d
        http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.3_mips.deb
          Size/MD5 checksum:  1238296 31fa531f08ff2f549d0fb3a47e92e279
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.3_mipsel.deb
          Size/MD5 checksum:   872144 f25c55dd931a5265b39399eceeee0878
        http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.3_mipsel.deb
          Size/MD5 checksum:  7298310 447c32f5c2b0f99b0e999a5b41e8c42d
        http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.3_mipsel.deb
          Size/MD5 checksum:  1238076 d99597a2b1d71aa3dd31ec99d1e7ae85
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.3_powerpc.deb
          Size/MD5 checksum:   903310 49855558e4435ff145561fe08baf2784
        http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.3_powerpc.deb
          Size/MD5 checksum:  7923194 c70cce93713c796edac94c60269b8986
        http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.3_powerpc.deb
          Size/MD5 checksum:  1242262 19ab356e9d7d75fc2ef2283e1cc734af
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.3_s390.deb
          Size/MD5 checksum:   892260 ab44f79cf338d47e4e8e0676a519eaf3
        http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.3_s390.deb
          Size/MD5 checksum:  8637096 20c0facec3660440c1442453ca141e5b
        http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.3_s390.deb
          Size/MD5 checksum:  1239604 f247f4e8a7f45ed40cea9bc5f4565b46
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.3_sparc.deb
          Size/MD5 checksum:   824478 b9439a32114155d605cb5a6198658a3c
        http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.3_sparc.deb
          Size/MD5 checksum:  7746846 34dde44f7991164605c5f0c065265e46
        http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.3_sparc.deb
          Size/MD5 checksum:  1238884 33bd1f4555c64370c54fcd5f0ff82ff5
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"4","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"2","type":"x","order":"2","pct":28.57,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":14.29,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.