[debian-users:36012] Forward: [SECURITY] [DSA 234-1] New kdeadmin packages fix several vulnerabilities

[Kenshi Muto <kmuto@xxxxxxxxxxxxxxx>]

現在の Debian 安定版 (3.0 woody) にセキュリティに関する深刻な問題が発見
されました。

対象パッケージ: kdeadmin

対処済みのパッケージに更新するには、

deb http://security.debian.org/ stable/updates main contrib non-free

を /etc/apt/sources.list に追加し、

apt-get update ; apt-get upgrade

を実行してください。

詳細については添付のアナウンスをご覧ください。

--- Begin Message ---

• From: joey@xxxxxxxxxxxx (Martin Schulze)
• Subject: [SECURITY] [DSA 234-1] New kdeadmin packages fix several vulnerabilities
• Date: Wed, 22 Jan 2003 15:17:47 +0100 (CET)
• Content-disposition: inline
• List-help: <mailto:debian-security-announce-request@lists.debian.org?subject=help>
• List-post: <mailto:debian-security-announce@lists.debian.org>
• List-subscribe: <mailto:debian-security-announce-request@lists.debian.org?subject=subscribe>
• List-unsubscribe: <mailto:debian-security-announce-request@lists.debian.org?subject=unsubscribe>
• Old-return-path: <joey@xxxxxxxxxxxx>
• Priority: urgent
• Resent-date: Wed, 22 Jan 2003 08:18:41 -0600 (CST)
• Resent-from: debian-security-announce@lists.debian.org
• Resent-message-id: <LxfpyC.A.bzE.BhqL-@murphy>
• Resent-sender: debian-security-announce-request@lists.debian.org
• X-debian: PGP check passed for security officers
• X-loop: debian-security-announce@lists.debian.org
• X-mailing-list: <debian-security-announce@lists.debian.org>
• X-original-to: kmuto@xxxxxxxxxxxxxxx
• X-virus-scanned: by AMaViS new-20020517
• Message-id: <m18bLhL-000ogqC@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
• User-agent: dsa-launch $Revision: 1.12 $

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 234-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
January 22nd, 2003                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : kdeadmin
Vulnerability  : several
Problem-type   : local, remote
Debian-specific: no
CVE Id         : CAN-2002-1393

The KDE team discovered several vulnerabilities in the K Desktop
Environment.  In some instances KDE fails to properly quote parameters
of instructions passed to a command shell for execution.  These
parameters may incorporate data such as URLs, filenames and e-mail
addresses, and this data may be provided remotely to a victim in an
e-mail, a webpage or files on a network filesystem or other untrusted
source.

By carefully crafting such data an attacker might be able to execute
arbitary commands on a vulnerable sytem using the victim's account and
privileges.  The KDE Project is not aware of any existing exploits of
these vulnerabilities.  The patches also provide better safe guards
and check data from untrusted sources more strictly in multiple
places.

For the current stable distribution (woody), these problems have been fixed
in version 2.2.2-7.2

The old stable distribution (potato) does not contain KDE packages.

For the unstable distribution (sid), these problems will most probably
not be fixed but new packages for KDE 3.1 for sid are expected for
this year.

We recommend that you upgrade your KDE packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/k/kdeadmin/kdeadmin_2.2.2-7.2.dsc
      Size/MD5 checksum:      922 1c987ba703ca3f18c58d09828783cdbd
    http://security.debian.org/pool/updates/main/k/kdeadmin/kdeadmin_2.2.2-7.2.diff.gz
      Size/MD5 checksum:    23669 f767d5be73d74af4ffe36a368d364b96
    http://security.debian.org/pool/updates/main/k/kdeadmin/kdeadmin_2.2.2.orig.tar.gz
      Size/MD5 checksum:   848413 d3e8bc7ae67b82d3a3e3f488fb690e1b

  Alpha architecture:

    http://security.debian.org/pool/updates/main/k/kdeadmin/kcmlinuz_2.2.2-7.2_alpha.deb
      Size/MD5 checksum:   153206 e708ef2b34d2e42475616f3dda45cbd3
    http://security.debian.org/pool/updates/main/k/kdeadmin/kcron_2.2.2-7.2_alpha.deb
      Size/MD5 checksum:   273182 2246d41c01dff1a56deee2c53fcf94c7
    http://security.debian.org/pool/updates/main/k/kdeadmin/kpackage_2.2.2-7.2_alpha.deb
      Size/MD5 checksum:   230968 07913b8eb8622e57d3a99cf4f6ec6b69
    http://security.debian.org/pool/updates/main/k/kdeadmin/ksysv_2.2.2-7.2_alpha.deb
      Size/MD5 checksum:   189834 11c550096b7eb87c215d67187048b91f
    http://security.debian.org/pool/updates/main/k/kdeadmin/kuser_2.2.2-7.2_alpha.deb
      Size/MD5 checksum:   110280 98e7c0cfd3e2edf630f7885b0a09211d
    http://security.debian.org/pool/updates/main/k/kdeadmin/kwuftpd_2.2.2-7.2_alpha.deb
      Size/MD5 checksum:   216204 50b208e8d15a81ff45b46bc84235fa00
    http://security.debian.org/pool/updates/main/k/kdeadmin/secpolicy_2.2.2-7.2_alpha.deb
      Size/MD5 checksum:    23584 025b3e2217e3a12d80a37163da50777c

  ARM architecture:

    http://security.debian.org/pool/updates/main/k/kdeadmin/kcmlinuz_2.2.2-7.2_arm.deb
      Size/MD5 checksum:   144850 9c680a3cf5bbb391fadb4734a7e0530b
    http://security.debian.org/pool/updates/main/k/kdeadmin/kcron_2.2.2-7.2_arm.deb
      Size/MD5 checksum:   202178 8716c754bb0f45f63b9c6f6d51c44df4
    http://security.debian.org/pool/updates/main/k/kdeadmin/kpackage_2.2.2-7.2_arm.deb
      Size/MD5 checksum:   186018 3482c5c0af6528d44331b269165b307b
    http://security.debian.org/pool/updates/main/k/kdeadmin/ksysv_2.2.2-7.2_arm.deb
      Size/MD5 checksum:   149514 445fbe177f06551ae1bc43866cecddcf
    http://security.debian.org/pool/updates/main/k/kdeadmin/kuser_2.2.2-7.2_arm.deb
      Size/MD5 checksum:    91434 852c61ff06504f467a21a2da8d89a015
    http://security.debian.org/pool/updates/main/k/kdeadmin/kwuftpd_2.2.2-7.2_arm.deb
      Size/MD5 checksum:   187684 8e9dfbecb9f6c772e60b68b7b6fe877d
    http://security.debian.org/pool/updates/main/k/kdeadmin/secpolicy_2.2.2-7.2_arm.deb
      Size/MD5 checksum:    20394 d92b88ec72d4085ad75b45bc86687c44

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/k/kdeadmin/kcmlinuz_2.2.2-7.2_i386.deb
      Size/MD5 checksum:   141688 f89893ede2df05e92e463864696f1897
    http://security.debian.org/pool/updates/main/k/kdeadmin/kcron_2.2.2-7.2_i386.deb
      Size/MD5 checksum:   182192 e0d3620de12a3331ea2230d9b749bfae
    http://security.debian.org/pool/updates/main/k/kdeadmin/kpackage_2.2.2-7.2_i386.deb
      Size/MD5 checksum:   179986 24a8ff7a51ec008fd1c485f1d0905126
    http://security.debian.org/pool/updates/main/k/kdeadmin/ksysv_2.2.2-7.2_i386.deb
      Size/MD5 checksum:   151736 29c2e6e689fb4bec5ad4c2cf563f68d3
    http://security.debian.org/pool/updates/main/k/kdeadmin/kuser_2.2.2-7.2_i386.deb
      Size/MD5 checksum:    91936 5bc7ee6fa4a9f95b727f1e8d19179962
    http://security.debian.org/pool/updates/main/k/kdeadmin/kwuftpd_2.2.2-7.2_i386.deb
      Size/MD5 checksum:   184704 22218d2ffd1e25e7ca695c534d6d8e5c
    http://security.debian.org/pool/updates/main/k/kdeadmin/lilo-config_2.2.2-7.2_i386.deb
      Size/MD5 checksum:    93152 b7266d318e7c3fb098a18cc5c6aac69f
    http://security.debian.org/pool/updates/main/k/kdeadmin/secpolicy_2.2.2-7.2_i386.deb
      Size/MD5 checksum:    21666 7c0c4059900ff35c2a6e705cebdb0a21

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/k/kdeadmin/kcmlinuz_2.2.2-7.2_ia64.deb
      Size/MD5 checksum:   169926 1ab6f22c96e0dbc0e06ac013d1ae8d57
    http://security.debian.org/pool/updates/main/k/kdeadmin/kcron_2.2.2-7.2_ia64.deb
      Size/MD5 checksum:   219624 1336ce2a99c9951e9e79bba6a907c8d2
    http://security.debian.org/pool/updates/main/k/kdeadmin/kpackage_2.2.2-7.2_ia64.deb
      Size/MD5 checksum:   299542 ed0092e573f76061889a9e4ea8a40337
    http://security.debian.org/pool/updates/main/k/kdeadmin/ksysv_2.2.2-7.2_ia64.deb
      Size/MD5 checksum:   228488 e61fc7237e729249c4c4368dcc0080e7
    http://security.debian.org/pool/updates/main/k/kdeadmin/kuser_2.2.2-7.2_ia64.deb
      Size/MD5 checksum:   129938 e7cd718dd2ac79bd396d268fb8ff8a62
    http://security.debian.org/pool/updates/main/k/kdeadmin/kwuftpd_2.2.2-7.2_ia64.deb
      Size/MD5 checksum:   243448 24c2386d863e234db3f5bef9f328ea5c
    http://security.debian.org/pool/updates/main/k/kdeadmin/secpolicy_2.2.2-7.2_ia64.deb
      Size/MD5 checksum:    23552 dfd3a70e0d4c3ab8ad4efcccf99d9518

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/k/kdeadmin/kcmlinuz_2.2.2-7.2_hppa.deb
      Size/MD5 checksum:   154410 d05f80703cce1c8c65516cea5dbcfe8a
    http://security.debian.org/pool/updates/main/k/kdeadmin/kcron_2.2.2-7.2_hppa.deb
      Size/MD5 checksum:   214620 383d6e1b41ca864580e32e5c5bbd6a4f
    http://security.debian.org/pool/updates/main/k/kdeadmin/kpackage_2.2.2-7.2_hppa.deb
      Size/MD5 checksum:   222352 5e3806e74346ea3f6e688dd69043b89d
    http://security.debian.org/pool/updates/main/k/kdeadmin/ksysv_2.2.2-7.2_hppa.deb
      Size/MD5 checksum:   185056 55ebbdd65448061c33e2ba67bf856bf7
    http://security.debian.org/pool/updates/main/k/kdeadmin/kuser_2.2.2-7.2_hppa.deb
      Size/MD5 checksum:   107830 9aad3783b609fc6bbdb8464ae1f2114e
    http://security.debian.org/pool/updates/main/k/kdeadmin/kwuftpd_2.2.2-7.2_hppa.deb
      Size/MD5 checksum:   230638 aa3d3c62f36777242af5fa3e6febb1bf
    http://security.debian.org/pool/updates/main/k/kdeadmin/secpolicy_2.2.2-7.2_hppa.deb
      Size/MD5 checksum:    22844 dad913929d4fa96a75cddbc3e12a6211

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/k/kdeadmin/kcmlinuz_2.2.2-7.2_m68k.deb
      Size/MD5 checksum:   140660 81928d11476e54e0d4e65323eb7997cc
    http://security.debian.org/pool/updates/main/k/kdeadmin/kcron_2.2.2-7.2_m68k.deb
      Size/MD5 checksum:   176254 ba9e6c6d244cfa9b39f3f5b694cea735
    http://security.debian.org/pool/updates/main/k/kdeadmin/kpackage_2.2.2-7.2_m68k.deb
      Size/MD5 checksum:   175182 c72b39577f44ea72d2fd5d6cb96116b8
    http://security.debian.org/pool/updates/main/k/kdeadmin/ksysv_2.2.2-7.2_m68k.deb
      Size/MD5 checksum:   147776 e16487ddb05b126469238a311bef26ef
    http://security.debian.org/pool/updates/main/k/kdeadmin/kuser_2.2.2-7.2_m68k.deb
      Size/MD5 checksum:    90996 a84d498d47f3d1b84f44f6f7c1b31c15
    http://security.debian.org/pool/updates/main/k/kdeadmin/kwuftpd_2.2.2-7.2_m68k.deb
      Size/MD5 checksum:   179546 f7d3e2c057064b5db7e1d21a2af9c5a9
    http://security.debian.org/pool/updates/main/k/kdeadmin/secpolicy_2.2.2-7.2_m68k.deb
      Size/MD5 checksum:    22188 40f0ef43476b5ab15e38f92151ccc2fa

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/k/kdeadmin/kcmlinuz_2.2.2-7.2_mips.deb
      Size/MD5 checksum:   138748 d4fc92d8e63db7c4bc9ce283c3db0bcf
    http://security.debian.org/pool/updates/main/k/kdeadmin/kcron_2.2.2-7.2_mips.deb
      Size/MD5 checksum:   171894 e9c3ca67b8efb02cfa223ec6d6bdc9eb
    http://security.debian.org/pool/updates/main/k/kdeadmin/kpackage_2.2.2-7.2_mips.deb
      Size/MD5 checksum:   198818 15acce76e7269c632e70cb6fa40c457f
    http://security.debian.org/pool/updates/main/k/kdeadmin/ksysv_2.2.2-7.2_mips.deb
      Size/MD5 checksum:   171198 1abfb4306e6b910293f2b0357e3d4102
    http://security.debian.org/pool/updates/main/k/kdeadmin/kuser_2.2.2-7.2_mips.deb
      Size/MD5 checksum:   100994 a8139081a311f207ef86491c1e5c6b5b
    http://security.debian.org/pool/updates/main/k/kdeadmin/kwuftpd_2.2.2-7.2_mips.deb
      Size/MD5 checksum:   196970 796e2792ec9ff4cffb90681596aa03da
    http://security.debian.org/pool/updates/main/k/kdeadmin/secpolicy_2.2.2-7.2_mips.deb
      Size/MD5 checksum:    20238 8e3ed281344f001e6a530265ada7e8dc

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/k/kdeadmin/kcmlinuz_2.2.2-7.2_mipsel.deb
      Size/MD5 checksum:   137978 75cba1cf426da9a96d0f4d0110b93872
    http://security.debian.org/pool/updates/main/k/kdeadmin/kcron_2.2.2-7.2_mipsel.deb
      Size/MD5 checksum:   168956 7fca70632e404a388d7a0b304ce375dc
    http://security.debian.org/pool/updates/main/k/kdeadmin/kpackage_2.2.2-7.2_mipsel.deb
      Size/MD5 checksum:   196288 c54aacd4429b7db7fe18739816ea549d
    http://security.debian.org/pool/updates/main/k/kdeadmin/ksysv_2.2.2-7.2_mipsel.deb
      Size/MD5 checksum:   169274 299412cc5d7777fa2bd7eaeb5e5f4066
    http://security.debian.org/pool/updates/main/k/kdeadmin/kuser_2.2.2-7.2_mipsel.deb
      Size/MD5 checksum:   100052 f758b5aa034b8317b41903ffeb89bea3
    http://security.debian.org/pool/updates/main/k/kdeadmin/kwuftpd_2.2.2-7.2_mipsel.deb
      Size/MD5 checksum:   195920 a8eb1cf2f428002162e89032a91bf409
    http://security.debian.org/pool/updates/main/k/kdeadmin/secpolicy_2.2.2-7.2_mipsel.deb
      Size/MD5 checksum:    20212 b50b343b3aefae64983ca7779e3eafe9

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/k/kdeadmin/kcmlinuz_2.2.2-7.2_powerpc.deb
      Size/MD5 checksum:   143140 e9d58d07bed590dae8393f8507bc104b
    http://security.debian.org/pool/updates/main/k/kdeadmin/kcron_2.2.2-7.2_powerpc.deb
      Size/MD5 checksum:   173694 45f02700ffd32dc5f1445ecf7fdc710c
    http://security.debian.org/pool/updates/main/k/kdeadmin/kpackage_2.2.2-7.2_powerpc.deb
      Size/MD5 checksum:   186486 67053abf6a72aea2489ff98a46bbe3ab
    http://security.debian.org/pool/updates/main/k/kdeadmin/ksysv_2.2.2-7.2_powerpc.deb
      Size/MD5 checksum:   149198 a90cc2acddaa0be636a768b045bf9031
    http://security.debian.org/pool/updates/main/k/kdeadmin/kuser_2.2.2-7.2_powerpc.deb
      Size/MD5 checksum:    90394 ae5d36549896fa3d2bf01ebb824f728d
    http://security.debian.org/pool/updates/main/k/kdeadmin/kwuftpd_2.2.2-7.2_powerpc.deb
      Size/MD5 checksum:   183640 ba535d6ac7018426fe2bce0f66fff8bc
    http://security.debian.org/pool/updates/main/k/kdeadmin/secpolicy_2.2.2-7.2_powerpc.deb
      Size/MD5 checksum:    20046 a517dc09778f2201871597dae584469e

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/k/kdeadmin/kcmlinuz_2.2.2-7.2_s390.deb
      Size/MD5 checksum:   145092 a607f2027b595b3567deb60d707e29b2
    http://security.debian.org/pool/updates/main/k/kdeadmin/kcron_2.2.2-7.2_s390.deb
      Size/MD5 checksum:   157874 a210625ef3dc12004f4ff33226897d28
    http://security.debian.org/pool/updates/main/k/kdeadmin/kpackage_2.2.2-7.2_s390.deb
      Size/MD5 checksum:   187102 15c446268aec70e1003e2dbd2b4a8f6b
    http://security.debian.org/pool/updates/main/k/kdeadmin/ksysv_2.2.2-7.2_s390.deb
      Size/MD5 checksum:   157246 1b1be87e7aa8611a729994d047284be1
    http://security.debian.org/pool/updates/main/k/kdeadmin/kuser_2.2.2-7.2_s390.deb
      Size/MD5 checksum:    94466 ec46801de7d047fb3745aa871549bf3d
    http://security.debian.org/pool/updates/main/k/kdeadmin/kwuftpd_2.2.2-7.2_s390.deb
      Size/MD5 checksum:   183150 4e8eedda1c9bd1a5d5c99cebc3909532
    http://security.debian.org/pool/updates/main/k/kdeadmin/secpolicy_2.2.2-7.2_s390.deb
      Size/MD5 checksum:    22686 82dd34d13a7d7ef4fa5e5625f84c406e

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/k/kdeadmin/kcmlinuz_2.2.2-7.2_sparc.deb
      Size/MD5 checksum:   143920 4526bfae965d9781fbfc20fb105e8cd8
    http://security.debian.org/pool/updates/main/k/kdeadmin/kcron_2.2.2-7.2_sparc.deb
      Size/MD5 checksum:   174906 0647efafe7c2f82ee469ba16339bfe43
    http://security.debian.org/pool/updates/main/k/kdeadmin/kpackage_2.2.2-7.2_sparc.deb
      Size/MD5 checksum:   182022 82c38e45b6c859064165f74cac7677a1
    http://security.debian.org/pool/updates/main/k/kdeadmin/ksysv_2.2.2-7.2_sparc.deb
      Size/MD5 checksum:   153808 d3e7428d284d292482f430a8d7e1459e
    http://security.debian.org/pool/updates/main/k/kdeadmin/kuser_2.2.2-7.2_sparc.deb
      Size/MD5 checksum:    91930 d5a23f597056e2aa63ce7b0823903802
    http://security.debian.org/pool/updates/main/k/kdeadmin/kwuftpd_2.2.2-7.2_sparc.deb
      Size/MD5 checksum:   185334 71f00d15eb31577cef473419df247180
    http://security.debian.org/pool/updates/main/k/kdeadmin/secpolicy_2.2.2-7.2_sparc.deb
      Size/MD5 checksum:    20780 955eccfa7c277a049454d10735ce984f


  These files will be moved into the stable distribution after new KDE
  packages fhave been uploaded into unstable (sid) and compiled for
  all architectures.  

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+LqgLW5ql+IAeqTIRAiUIAJwMf5I8a22a0e3xOHpYF2TBMFLrrQCgg7Ss
ziXbtlEVVEfkz+ReQMkvVFs=
=XlEW
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

--- End Message ---