lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040821064010.1850.qmail@updates.mandrakesoft.com>
Date: 21 Aug 2004 06:40:10 -0000
From: Mandrake Linux Security Team <security@...ux-mandrake.com>
To: bugtraq@...urityfocus.com
Subject: MDKSA-2004:086 - Updated kdelibs and kdebase packages fix multiple vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           kdelibs/kdebase
 Advisory ID:            MDKSA-2004:086
 Date:                   August 20th, 2004

 Affected versions:	 10.0, 9.2
 ______________________________________________________________________

 Problem Description:

 A number of vulnerabilities were discovered in KDE that are corrected
 with these update packages.
 
 The integrity of symlinks used by KDE are not ensured and as a result
 can be abused by local attackers to create or truncate arbitrary files
 or to prevent KDE applications from functioning correctly
 (CAN-2004-0689).
 
 The DCOPServer creates temporary files in an insecure manner.  These
 temporary files are used for authentication-related purposes, so this
 could potentially allow a local attacker to compromise the account of
 any user running a KDE application (CAN-2004-0690).  Note that only
 KDE 3.2.x is affected by this vulnerability.
 
 The Konqueror web browser allows websites to load web pages into a
 frame of any other frame-based web page that the user may have open.
 This could potentially allow a malicious website to make Konqueror
 insert its own frames into the page of an otherwise trusted website
 (CAN-02004-0721).
 
 The Konqueror web browser also allows websites to set cookies for
 certain country-specific top-level domains.  This can be done to
 make Konqueror send the cookies to all other web sites operating
 under the same domain, which can be abused to become part of a
 session fixation attack.  All country-specific secondary top-level
 domains that use more than 2 characters in the secondary part of the
 domain name, and that use a secondary part other than com, net, mil,
 org, gove, edu, or int are affected (CAN-2004-0746).
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0689
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0690
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0721
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0746
  http://www.kde.org/info/security/advisory-20040811-1.txt
  http://www.kde.org/info/security/advisory-20040811-2.txt
  http://www.kde.org/info/security/advisory-20040811-3.txt
  http://www.kde.org/info/security/advisory-20040820-1.txt
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 510438b78f3516746d4b4ed60ac212b3  10.0/RPMS/kdebase-3.2-79.2.100mdk.i586.rpm
 c8cf4ce9cf1d249b4a2bed3c66528803  10.0/RPMS/kdebase-common-3.2-79.2.100mdk.i586.rpm
 d38633d8cba665bbe1237813e45b0f7b  10.0/RPMS/kdebase-kate-3.2-79.2.100mdk.i586.rpm
 5854609ecb04e39b0bc07e9a33778488  10.0/RPMS/kdebase-kcontrol-data-3.2-79.2.100mdk.i586.rpm
 48727a4e1dd5df1bd52276f03ae8edd3  10.0/RPMS/kdebase-kdeprintfax-3.2-79.2.100mdk.i586.rpm
 52fc69771ec698ba332870cbfa618a60  10.0/RPMS/kdebase-kdm-3.2-79.2.100mdk.i586.rpm
 d3ae0bc755db0665e12472a2e22ebd90  10.0/RPMS/kdebase-kdm-config-file-3.2-79.2.100mdk.i586.rpm
 85d8b0ebf0421963f652424b0441145c  10.0/RPMS/kdebase-kmenuedit-3.2-79.2.100mdk.i586.rpm
 222d9900d8f30961f04b870c5a949a1f  10.0/RPMS/kdebase-konsole-3.2-79.2.100mdk.i586.rpm
 554b091c26d0461831323389292cc72d  10.0/RPMS/kdebase-nsplugins-3.2-79.2.100mdk.i586.rpm
 487748d51da06a36180d18a0cedda4c5  10.0/RPMS/kdebase-progs-3.2-79.2.100mdk.i586.rpm
 0f4088f33543e6f0f263537964cfccee  10.0/RPMS/kdelibs-common-3.2-36.3.100mdk.i586.rpm
 9cc536b2ffd48b6b5354ba8967638d3e  10.0/RPMS/libkdebase4-3.2-79.2.100mdk.i586.rpm
 32ed1e7ed670e6c01716f491b8181e8d  10.0/RPMS/libkdebase4-devel-3.2-79.2.100mdk.i586.rpm
 ea55a16ba1f7cd6ea2dabd274ce023bf  10.0/RPMS/libkdebase4-kate-3.2-79.2.100mdk.i586.rpm
 df122aa36fd811d3d97aafcff1d6aed7  10.0/RPMS/libkdebase4-kate-devel-3.2-79.2.100mdk.i586.rpm
 598709de41b8101c44e0a82e52718340  10.0/RPMS/libkdebase4-kmenuedit-3.2-79.2.100mdk.i586.rpm
 71f277606a8b5d17ca3f7a09aba486f7  10.0/RPMS/libkdebase4-konsole-3.2-79.2.100mdk.i586.rpm
 bceb452042e0c72d475139f4efe7a0c5  10.0/RPMS/libkdebase4-nsplugins-3.2-79.2.100mdk.i586.rpm
 ffc1728d50b17dd3cae6f1e2ad0589e2  10.0/RPMS/libkdebase4-nsplugins-devel-3.2-79.2.100mdk.i586.rpm
 82d343a84048b56353c97b72b771ea81  10.0/RPMS/libkdecore4-3.2-36.3.100mdk.i586.rpm
 7fd56a29040d0708e5d4650228c3534d  10.0/RPMS/libkdecore4-devel-3.2-36.3.100mdk.i586.rpm
 d2a3e8c4391af933ebc2e48cc4aa8dee  10.0/SRPMS/kdebase-3.2-79.2.100mdk.src.rpm
 93330083dd59710108f6977107562aaf  10.0/SRPMS/kdelibs-3.2-36.3.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 8edf6ee3527aef3399db27ee98d39c6f  amd64/10.0/RPMS/kdebase-3.2-79.2.100mdk.amd64.rpm
 58b4defe043743d137f05b27bb7c0c87  amd64/10.0/RPMS/kdebase-common-3.2-79.2.100mdk.amd64.rpm
 6bc0bdb8dcebfd4f9a010a8a257c67f6  amd64/10.0/RPMS/kdebase-kate-3.2-79.2.100mdk.amd64.rpm
 0cd79e56ddf5fcdaa08bb9d6d60103f8  amd64/10.0/RPMS/kdebase-kcontrol-data-3.2-79.2.100mdk.amd64.rpm
 0c7e8f118a150dbe63eac16476571cec  amd64/10.0/RPMS/kdebase-kdeprintfax-3.2-79.2.100mdk.amd64.rpm
 f659c4d625218bde4dbf87cf0c457faa  amd64/10.0/RPMS/kdebase-kdm-3.2-79.2.100mdk.amd64.rpm
 2065540f835e04eb269c1ab3e070289b  amd64/10.0/RPMS/kdebase-kdm-config-file-3.2-79.2.100mdk.amd64.rpm
 02a45357b22c1374d6919b70997b4b8d  amd64/10.0/RPMS/kdebase-kmenuedit-3.2-79.2.100mdk.amd64.rpm
 6db6c45484be318eb53d5cbeef9a6e0e  amd64/10.0/RPMS/kdebase-konsole-3.2-79.2.100mdk.amd64.rpm
 567cae5415e7b1d3d8091d264ca98ea2  amd64/10.0/RPMS/kdebase-nsplugins-3.2-79.2.100mdk.amd64.rpm
 6c597ced6b9590ebfc5ed1b8fef8190c  amd64/10.0/RPMS/kdebase-progs-3.2-79.2.100mdk.amd64.rpm
 c7c0135d79620f0a6002d546408e7be0  amd64/10.0/RPMS/kdelibs-common-3.2-36.3.100mdk.amd64.rpm
 57e18c9dca64cb6d4201f49719a0f591  amd64/10.0/RPMS/lib64kdebase4-3.2-79.2.100mdk.amd64.rpm
 aec6a23128624c32cf8ff302e15a0dce  amd64/10.0/RPMS/lib64kdebase4-devel-3.2-79.2.100mdk.amd64.rpm
 d331d129437e959fe5952645205c602b  amd64/10.0/RPMS/lib64kdebase4-kate-3.2-79.2.100mdk.amd64.rpm
 eac31119b4c7450e59bc4f855fef8ee3  amd64/10.0/RPMS/lib64kdebase4-kate-devel-3.2-79.2.100mdk.amd64.rpm
 7692a8d3eb9085c4e01a6f82d22e54ea  amd64/10.0/RPMS/lib64kdebase4-kmenuedit-3.2-79.2.100mdk.amd64.rpm
 0dfd8eb1e9389b810cd541cbe78bbb37  amd64/10.0/RPMS/lib64kdebase4-konsole-3.2-79.2.100mdk.amd64.rpm
 8611b9991340db56c60c4cc25cbe5a95  amd64/10.0/RPMS/lib64kdebase4-nsplugins-3.2-79.2.100mdk.amd64.rpm
 a72df10c2073f103963b763b68e1d6eb  amd64/10.0/RPMS/lib64kdebase4-nsplugins-devel-3.2-79.2.100mdk.amd64.rpm
 249dd74dd637791186829757f06a1291  amd64/10.0/RPMS/lib64kdecore4-3.2-36.3.100mdk.amd64.rpm
 308cf4ac4d2eddb590e8e867175c2311  amd64/10.0/RPMS/lib64kdecore4-devel-3.2-36.3.100mdk.amd64.rpm
 d2a3e8c4391af933ebc2e48cc4aa8dee  amd64/10.0/SRPMS/kdebase-3.2-79.2.100mdk.src.rpm
 93330083dd59710108f6977107562aaf  amd64/10.0/SRPMS/kdelibs-3.2-36.3.100mdk.src.rpm

 Mandrakelinux 9.2:
 7a437fd66146531dd156af9466460b7f  9.2/RPMS/kdebase-3.1.3-79.2.92mdk.i586.rpm
 46678bcc9b2e2af5f5b83b419d022522  9.2/RPMS/kdebase-common-3.1.3-79.2.92mdk.i586.rpm
 abee5d0c191812f382c6247ca87ad466  9.2/RPMS/kdebase-kate-3.1.3-79.2.92mdk.i586.rpm
 9afe4816f3316c153105f6fe60eb5c27  9.2/RPMS/kdebase-kdeprintfax-3.1.3-79.2.92mdk.i586.rpm
 314684650edf45d258955afd7a0cd71a  9.2/RPMS/kdebase-kdm-3.1.3-79.2.92mdk.i586.rpm
 cebc25881d037ce59f3de2cc3ba7f3f3  9.2/RPMS/kdebase-kdm-config-file-3.1.3-79.2.92mdk.i586.rpm
 538d05e93fd88a3c57cb358b5cd36dd4  9.2/RPMS/kdebase-konsole-3.1.3-79.2.92mdk.i586.rpm
 d48c6377c5b580d668135c4afdddf3d1  9.2/RPMS/kdebase-nsplugins-3.1.3-79.2.92mdk.i586.rpm
 f2ad83707508d33d9dd63d77ec2d82e8  9.2/RPMS/kdebase-progs-3.1.3-79.2.92mdk.i586.rpm
 beca2c6a0458a32f8433cfd3702733e6  9.2/RPMS/kdelibs-common-3.1.3-35.3.92mdk.i586.rpm
 285672f9688c2fb212b51398dc3085c1  9.2/RPMS/libkdebase4-3.1.3-79.2.92mdk.i586.rpm
 382e809df95c5b9ecf3cf64521a71816  9.2/RPMS/libkdebase4-devel-3.1.3-79.2.92mdk.i586.rpm
 d6ff93e7d16d284a96c6113c784ae60f  9.2/RPMS/libkdebase4-kate-3.1.3-79.2.92mdk.i586.rpm
 9e710e6502f32e9fa12e621e9cfdf4d0  9.2/RPMS/libkdebase4-kate-devel-3.1.3-79.2.92mdk.i586.rpm
 47a2a05820b54bec347afd26da339203  9.2/RPMS/libkdebase4-konsole-3.1.3-79.2.92mdk.i586.rpm
 4863e95228969e3ed2f9daa2278d4276  9.2/RPMS/libkdebase4-nsplugins-3.1.3-79.2.92mdk.i586.rpm
 85dabe0527172fdf9202c724776d9d62  9.2/RPMS/libkdebase4-nsplugins-devel-3.1.3-79.2.92mdk.i586.rpm
 f0add02f5422c3f62cfbecd0f2a26b2d  9.2/RPMS/libkdecore4-3.1.3-35.3.92mdk.i586.rpm
 e8923bf7bc65c13bdd8fd18208ab550e  9.2/RPMS/libkdecore4-devel-3.1.3-35.3.92mdk.i586.rpm
 c54061baeb0b3498ccf8d776dc36fd9d  9.2/SRPMS/kdebase-3.1.3-79.2.92mdk.src.rpm
 0e24de240e1a84326df7332499b452c7  9.2/SRPMS/kdelibs-3.1.3-35.3.92mdk.src.rpm

 Mandrakelinux 9.2/AMD64:
 daf7342d2c27f510597058428738a5d3  amd64/9.2/RPMS/kdebase-3.1.3-79.2.92mdk.amd64.rpm
 b03fbd0ebd368d78616c99adbfcbfdd2  amd64/9.2/RPMS/kdebase-common-3.1.3-79.2.92mdk.amd64.rpm
 46c62f4ef453fa25213ff26d47e46057  amd64/9.2/RPMS/kdebase-kate-3.1.3-79.2.92mdk.amd64.rpm
 5ec5e4dd405ce0605780553ddbd47604  amd64/9.2/RPMS/kdebase-kdeprintfax-3.1.3-79.2.92mdk.amd64.rpm
 f124a86ffaa161f8101344c0bda1ae39  amd64/9.2/RPMS/kdebase-kdm-3.1.3-79.2.92mdk.amd64.rpm
 36da16dd458a163090098aeefe5eb619  amd64/9.2/RPMS/kdebase-kdm-config-file-3.1.3-79.2.92mdk.amd64.rpm
 7c12240ad3e6b73fd0b24ae4d98fc0da  amd64/9.2/RPMS/kdebase-konsole-3.1.3-79.2.92mdk.amd64.rpm
 b8c04a16954a7374b6194415f6e5e15a  amd64/9.2/RPMS/kdebase-nsplugins-3.1.3-79.2.92mdk.amd64.rpm
 6f855be2d1961dc75c5f1283cd25e71b  amd64/9.2/RPMS/kdebase-progs-3.1.3-79.2.92mdk.amd64.rpm
 b9a0ba03005f212d8f2c8f5b952ef8e2  amd64/9.2/RPMS/kdelibs-common-3.1.3-35.3.92mdk.amd64.rpm
 999bf091090905ea8d07aec1ec97fed2  amd64/9.2/RPMS/lib64kdebase4-3.1.3-79.2.92mdk.amd64.rpm
 b744accc86241864b23662265a6f2c9f  amd64/9.2/RPMS/lib64kdebase4-devel-3.1.3-79.2.92mdk.amd64.rpm
 596fefe16698fecd8d7ce04f19d048ff  amd64/9.2/RPMS/lib64kdebase4-kate-3.1.3-79.2.92mdk.amd64.rpm
 caa45d71983b623a59923b18f6bb4f69  amd64/9.2/RPMS/lib64kdebase4-kate-devel-3.1.3-79.2.92mdk.amd64.rpm
 7dd01ca77c94ff3a018dd5779605e67c  amd64/9.2/RPMS/lib64kdebase4-konsole-3.1.3-79.2.92mdk.amd64.rpm
 1d3f7e3e031df08ed17f77df6505cb47  amd64/9.2/RPMS/lib64kdebase4-nsplugins-3.1.3-79.2.92mdk.amd64.rpm
 f6f15ceb62c4abde32406bc1ae75b864  amd64/9.2/RPMS/lib64kdebase4-nsplugins-devel-3.1.3-79.2.92mdk.amd64.rpm
 9478889d65eff687203a5ccf19ca3a28  amd64/9.2/RPMS/lib64kdecore4-3.1.3-35.3.92mdk.amd64.rpm
 3c53063491a5f3a5ca4e51708fd85763  amd64/9.2/RPMS/lib64kdecore4-devel-3.1.3-35.3.92mdk.amd64.rpm
 c54061baeb0b3498ccf8d776dc36fd9d  amd64/9.2/SRPMS/kdebase-3.1.3-79.2.92mdk.src.rpm
 0e24de240e1a84326df7332499b452c7  amd64/9.2/SRPMS/kdelibs-3.1.3-35.3.92mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFBJu5KmqjQ0CJFipgRAlWiAKDXTRUqWqhoeRAivy7VOzPKCq/V4wCfZN8o
GMqJ2higHvhiSI/uKyg5Xyg=
=ER04
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ