Debian-Sicherheitsankündigung

DSA-167-1 kdelibs -- Site-übergreifendes Skripting

Datum des Berichts:

16. Sep 2002

Betroffene Pakete:

Konquerer

Verwundbar:

Sicherheitsdatenbanken-Referenzen:

In Mitres CVE-Verzeichnis: CVE-2002-1151.

Weitere Informationen:

Ein Site-übergreifendes Skripting-Problem wurde in Konqueror entdeckt, einem beliebten Browser für KDE und andere Programme, die KHTML verwenden. Das KDE-Team berichtet, dass Konquerors Site-übergreifender Skripting-Schutz versäumt, die Domains bei sub-(i)frames korrekt zu initialisieren. Als Resultat ist es über JavaScript möglich, auf fremde Unterframes zuzugreifen, die im HTML-Quellcode definiert sind. Benutzer von Konqueror und anderer KDE-Software, die die KHTML-Rendering-Maschine verwendet, könnten Opfer von Cookie-Dieben werden und von weiteren Site-übergreifenden Skripting-Angriffen.

Dieses Problem wurde in Version 2.2.2-13.woody.3 für die aktuelle stable Distribution (Woody) und in Version 2.2.2-14 für die unstable Distribution (Sid) behoben. Die alte stable Distribution (Potato) ist nicht davon betroffen, da sie kein KDE enthält.

Wir empfehlen Ihnen, Ihr kdelibs Paket zu aktualisieren und Konqueror neu zu starten.

Behoben in:

Debian GNU/Linux 3.0 (woody)

Quellcode:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.3.dsc; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.3.diff.gz; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2.orig.tar.gz
Architektur-unabhängige Dateien:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-doc_2.2.2-13.woody.3_all.deb
Alpha:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.3_alpha.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.3_alpha.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.3_alpha.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.3_alpha.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.3_alpha.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.3_alpha.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.3_alpha.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.3_alpha.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.3_alpha.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.3_alpha.deb
ARM:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.3_arm.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.3_arm.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.3_arm.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.3_arm.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.3_arm.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.3_arm.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.3_arm.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.3_arm.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.3_arm.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.3_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.3_i386.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.3_i386.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.3_i386.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.3_i386.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.3_i386.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.3_i386.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.3_i386.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.3_i386.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.3_i386.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.3_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.3_ia64.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.3_ia64.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.3_ia64.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.3_ia64.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.3_ia64.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.3_ia64.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.3_ia64.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.3_ia64.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.3_ia64.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.3_ia64.deb
HP Precision:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.3_hppa.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.3_hppa.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.3_hppa.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.3_hppa.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.3_hppa.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.3_hppa.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.3_hppa.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.3_hppa.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.3_hppa.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.3_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.3_m68k.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.3_m68k.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.3_m68k.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.3_m68k.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.3_m68k.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.3_m68k.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.3_m68k.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.3_m68k.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.3_m68k.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.3_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.3_mips.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.3_mips.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.3_mips.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.3_mips.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.3_mips.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.3_mips.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.3_mips.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.3_mips.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.3_mips.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.3_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.3_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.3_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.3_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.3_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.3_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.3_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.3_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.3_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.3_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.3_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.3_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.3_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.3_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.3_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.3_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.3_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.3_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.3_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.3_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.3_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.3_s390.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.3_s390.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.3_s390.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.3_s390.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.3_s390.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.3_s390.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.3_s390.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.3_s390.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.3_s390.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.3_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.3_sparc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.3_sparc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.3_sparc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.3_sparc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.3_sparc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.3_sparc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.3_sparc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.3_sparc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.3_sparc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.3_sparc.deb

MD5-Prüfsummen der aufgeführten Dateien stehen in der ursprünglichen Sicherheitsankündigung zur Verfügung.