lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <m1EDJn5-000ofnC__15262.7921001569$1126209420$gmane$org@finlandia.Infodrom.North.DE>
Date: Thu, 8 Sep 2005 12:37:59 +0200 (CEST)
From: joey@...odrom.org (Martin Schulze)
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 804-1] New kdelibs packages fix backup file information leak


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 804-1                     security@...ian.org
http://www.debian.org/security/                             Martin Schulze
September 8th, 2005                     http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : kdelibs
Vulnerability  : insecure permissions
Problem-Type   : local
Debian-specific: no
CVE ID         : CAN-2005-1920

KDE developers have reported a vulnerability in the backup file
handling of Kate and Kwrite.  The backup files are created with
default permissions, even if the original file had more strict
permissions set.  This could disclose information unintendedly.

For the stable distribution (sarge) this problem has been fixed in
version 3.3.2-6.2.

For the unstable distribution (sid) these problems have been fixed in
version 3.4.1-1.

We recommend that you upgrade your kate package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.3.2-6.2.dsc
      Size/MD5 checksum:     1255 483c95e5daf87366aed15fc25d1f5cb0
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.3.2-6.2.diff.gz
      Size/MD5 checksum:   404164 7c221eb2cb7f110c4e6c0e124a72ead1
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.3.2.orig.tar.gz
      Size/MD5 checksum: 18250342 04f10ddfa8bf9e359f391012806edc04

  Architecture independent components:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-data_3.3.2-6.2_all.deb
      Size/MD5 checksum:  7094348 a4ba83e80051d39338be12beeb6c6db7
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-doc_3.3.2-6.2_all.deb
      Size/MD5 checksum: 11533148 dfd0916af8c7a6f9250797d0582b026e
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.3.2-6.2_all.deb
      Size/MD5 checksum:    27804 b09d44d53b16bbee369864a97f7a1a65

  Alpha architecture:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_alpha.deb
      Size/MD5 checksum:   995486 2c34cfea7388d0fddebb298d28208230
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_alpha.deb
      Size/MD5 checksum:  9282802 8ff374e3fb8301721fae64795d105a25
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_alpha.deb
      Size/MD5 checksum:  1245828 12902a2bc48712b8dc2078d504e93ce1

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_amd64.deb
      Size/MD5 checksum:   923202 2f294881d0f02bd5fb8150e970d4e92e
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_amd64.deb
      Size/MD5 checksum:  8513542 c51108afe37b9627a0cf3b6be0bd1b1a
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_amd64.deb
      Size/MD5 checksum:  1240540 c1d112b699ab6446589e3364501ea5e2

  ARM architecture:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_arm.deb
      Size/MD5 checksum:   811038 6ab24a7d469012e6055dade8ad5776e3
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_arm.deb
      Size/MD5 checksum:  7594720 8522c2252a063b90a403a8332ff4e77a
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_arm.deb
      Size/MD5 checksum:  1239128 419560c0b5fbf685f96e603167bfbb85

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_i386.deb
      Size/MD5 checksum:   863944 f632bf601e9d365cfa328846b381d975
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_i386.deb
      Size/MD5 checksum:  8205918 5424c3b4cc9157af8c6397947925fedc
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_i386.deb
      Size/MD5 checksum:  1240090 58196248a56aa65666ea4f9b797e59b3

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_ia64.deb
      Size/MD5 checksum:  1148720 a2699e42dbff841c5f76a4723bd2ab68
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_ia64.deb
      Size/MD5 checksum: 10772880 4ed5ce9902a27e30beec5203cfc5383a
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_ia64.deb
      Size/MD5 checksum:  1253362 08f1fdf4719e826bdbfc08ec7db96176

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_hppa.deb
      Size/MD5 checksum:   945552 80bba0f50f46cf3df8d4128babef70b6
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_hppa.deb
      Size/MD5 checksum:  9305578 8a9dfcf80dd6933cf67315218213cbee
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_hppa.deb
      Size/MD5 checksum:  1243438 467722d7eaed3a16e2a54af3591abc9a

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_m68k.deb
      Size/MD5 checksum:   837964 ccb138a26e097177edc77e518b9431ce
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_m68k.deb
      Size/MD5 checksum:  7916544 fa76d9fe08d0f84b46365b980a52402a
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_m68k.deb
      Size/MD5 checksum:  1237598 9bd963ab4e7f04135a3f33f90c944d4a

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_mips.deb
      Size/MD5 checksum:   876822 727b1bd6c50a8acf90740811dbfc316d
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_mips.deb
      Size/MD5 checksum:  7426328 da9a3aa25f8ccc04a1be6b65a1741d5b
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_mips.deb
      Size/MD5 checksum:  1238184 7a5e3a18453b67a5f959a39db973e597

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_mipsel.deb
      Size/MD5 checksum:   873134 343b7aa8020f606fdd158e21f007e652
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_mipsel.deb
      Size/MD5 checksum:  7298044 34c6038b2437b771c778eb7bc8c9ab83
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_mipsel.deb
      Size/MD5 checksum:  1238048 30537a2615302d85bc1fb40713bc3405

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_powerpc.deb
      Size/MD5 checksum:   903792 c09601d486c2763fd09fcfb4fd5f09ad
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_powerpc.deb
      Size/MD5 checksum:  7922190 9b82276bacc75ae5853c639ca78957d6
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_powerpc.deb
      Size/MD5 checksum:  1242190 fb0894185ff11865d871ed9e724682f1

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_s390.deb
      Size/MD5 checksum:   892444 9ef1bc507ee96a815fabfb7b2b417cd8
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_s390.deb
      Size/MD5 checksum:  8636302 82321ab6e9bfc4a1e472e3689eb1fb6f
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_s390.deb
      Size/MD5 checksum:  1239584 7f1460f0299a51fbb10dbeca8ee7af2f

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-bin_3.3.2-6.2_sparc.deb
      Size/MD5 checksum:   825002 d8b9497e79340e9e6010f1093e2324c7
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4_3.3.2-6.2_sparc.deb
      Size/MD5 checksum:  7745946 7da1e6a7ab6a5db078923d0108c6f2ce
    http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.3.2-6.2_sparc.deb
      Size/MD5 checksum:  1238828 6a9d2330a6596a12a6d23202ca079089


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDIBSGW5ql+IAeqTIRAtU8AJ9t5BCMs0N5bdgpusP3AEVWRDYIjQCfSfF8
T/bdAstxqI5gau17gAxRiiU=
=x6Mi
-----END PGP SIGNATURE-----



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ