Aviso de seguridad de Debian

DSA-518-1 kdelibs -- entrada no saneada

Fecha del informe:

14 de jun de 2004

Paquetes afectados:

kdelibs

Vulnerable:

Sí

Referencias a bases de datos de seguridad:

En la base de datos de Bugtraq (en SecurityFocus): Id. en BugTraq 10358.
En el diccionario CVE de Mitre: CVE-2004-0411.

Información adicional:

iDEFENSE identificó una vulnerabilidad en el navegador web Opera que podían usar los atacantes remotos para crear o truncar archivos arbitrarios en la máquina de las víctimas. El equipo de KDE descubrió que existía una vulnerabilidad similar en KDE.

Un atacante remoto podía incitar a un usuario a abrir una URI de telnet cuidadosamente modificada, que pudiera crear o truncar un archivo en el directorio personal de las víctimas. En las versiones 3.2 y posteriores de KDE, al usuario se le pide confirmación explícita de la apertura de la URI de telnet.

Para la distribución estable (woody), este problema se ha corregido en la versión 2.2.2-13.woody.10.

Le recomendamos que actuclice las bibliotecas de KDE.

Arreglado en:

Debian GNU/Linux 3.0 (woody)

Fuentes:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.10.dsc; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2-13.woody.10.diff.gz; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_2.2.2.orig.tar.gz
Componentes independientes de la arquitectura:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-doc_2.2.2-13.woody.10_all.deb
Alpha:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.10_alpha.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.10_alpha.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.10_alpha.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.10_alpha.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.10_alpha.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.10_alpha.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.10_alpha.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.10_alpha.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.10_alpha.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.10_alpha.deb
ARM:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.10_arm.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.10_arm.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.10_arm.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.10_arm.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.10_arm.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.10_arm.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.10_arm.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.10_arm.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.10_arm.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.10_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.10_i386.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.10_i386.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.10_i386.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.10_i386.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.10_i386.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.10_i386.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.10_i386.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.10_i386.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.10_i386.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.10_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.10_ia64.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.10_ia64.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.10_ia64.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.10_ia64.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.10_ia64.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.10_ia64.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.10_ia64.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.10_ia64.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.10_ia64.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.10_ia64.deb
HPPA:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.10_hppa.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.10_hppa.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.10_hppa.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.10_hppa.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.10_hppa.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.10_hppa.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.10_hppa.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.10_hppa.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.10_hppa.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.10_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.10_m68k.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.10_m68k.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.10_m68k.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.10_m68k.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.10_m68k.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.10_m68k.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.10_m68k.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.10_m68k.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.10_m68k.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.10_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.10_mips.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.10_mips.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.10_mips.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.10_mips.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.10_mips.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.10_mips.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.10_mips.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.10_mips.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.10_mips.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.10_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.10_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.10_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.10_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.10_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.10_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.10_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.10_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.10_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.10_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.10_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.10_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.10_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.10_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.10_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.10_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.10_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.10_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.10_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.10_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.10_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.10_s390.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.10_s390.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.10_s390.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.10_s390.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.10_s390.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.10_s390.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.10_s390.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.10_s390.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.10_s390.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.10_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dev_2.2.2-13.woody.10_sparc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3_2.2.2-13.woody.10_sparc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-bin_2.2.2-13.woody.10_sparc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs3-cups_2.2.2-13.woody.10_sparc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts_2.2.2-13.woody.10_sparc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-alsa_2.2.2-13.woody.10_sparc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libarts-dev_2.2.2-13.woody.10_sparc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid_2.2.2-13.woody.10_sparc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-alsa_2.2.2-13.woody.10_sparc.deb; http://security.debian.org/pool/updates/main/k/kdelibs/libkmid-dev_2.2.2-13.woody.10_sparc.deb

Las sumas MD5 de los ficheros que se listan están disponibles en el aviso original.