lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20100217182518.GA2984@galadriel.inutil.org>
Date: Wed, 17 Feb 2010 19:25:18 +0100
From: Moritz Muehlenhoff <jmm@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 1998-1] New kdelibs packages fix arbitrary code execution

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1998-1                  security@...ian.org
http://www.debian.org/security/                       Moritz Muehlenhoff
February 17, 2010                     http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : kdelibs
Vulnerability  : buffer overflow
Problem type   : local(remote)
Debian-specific: no
CVE Id(s)      : CVE-2009-0689

Maksymilian Arciemowicz discovered a buffer overflow in the internal 
string routines of the KDE core libraries, which could lead to the 
execution of arbitrary code.

For the stable distribution (lenny), this problem has been fixed in
version 4:3.5.10.dfsg.1-0lenny4.

For the unstable distribution (sid), this problem has been fixed in
version 4:3.5.10.dfsg.1-3.

We recommend that you upgrade your kdelibs packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-0lenny4.dsc
    Size/MD5 checksum:     2245 d0ec82902906597bc47d5033ba82a546
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.10.dfsg.1.orig.tar.gz
    Size/MD5 checksum: 18639393 4bcfee29b0f939415791f5032a72e7b0
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-0lenny4.diff.gz
    Size/MD5 checksum:   409534 9d3508a67c82971b2fab757172ddfcd9

Architecture independent packages:

  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-data_3.5.10.dfsg.1-0lenny4_all.deb
    Size/MD5 checksum:  8698880 a93e01cfe79111bd513209880aabb48a
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-doc_3.5.10.dfsg.1-0lenny4_all.deb
    Size/MD5 checksum: 26411552 00bd0960371d80dfa174b4aaf351a551
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs_3.5.10.dfsg.1-0lenny4_all.deb
    Size/MD5 checksum:    30238 037ad749ea0182c797f16c1dd281265e

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny4_alpha.deb
    Size/MD5 checksum:  1454014 14d233f2f53832ac2a28f75cfdd03130
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny4_alpha.deb
    Size/MD5 checksum: 11645354 55fed46d40bdce28aae67cf985ec401c
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny4_alpha.deb
    Size/MD5 checksum: 46898502 68ab0f7e5a5056f125405d915b300008

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny4_amd64.deb
    Size/MD5 checksum:  1449660 36f93450d57a36d9a8d4d1d2db9d43ca
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny4_amd64.deb
    Size/MD5 checksum: 11082858 07111fb035bfe0eda0b2441b1bba80f8
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny4_amd64.deb
    Size/MD5 checksum: 27426528 08898808eb9eed7b871aa571d2f9a237

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny4_arm.deb
    Size/MD5 checksum:  9641676 8b316ebf3bfdd478029185a7e6d47f49
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny4_arm.deb
    Size/MD5 checksum:  1442674 3b01d0efad56cd690c9cdb3e00ecee4a
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny4_arm.deb
    Size/MD5 checksum: 47034292 ce8b22299bdfbb94c9b66ad3d21d4f6f

armel architecture (ARM EABI)

  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny4_armel.deb
    Size/MD5 checksum:  1433914 9a3ae9c8a3139fbd27764e9af28d2737
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny4_armel.deb
    Size/MD5 checksum:  9563740 29b380d8ab706310db8912f5f67137b3
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny4_armel.deb
    Size/MD5 checksum: 46539978 b24b2a5df34e29c70e5d2a280b466609

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny4_hppa.deb
    Size/MD5 checksum: 11577906 010821c103e2172acd60ac9454e07975
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny4_hppa.deb
    Size/MD5 checksum:  1448464 af5119ddb9de50bb95ae2ab6760399f9
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny4_hppa.deb
    Size/MD5 checksum: 27838586 00cfe209f75d904751d8fec86f1ca4d3

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny4_i386.deb
    Size/MD5 checksum: 10395042 52ecd0a337e5732836367ab53d97f88f
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny4_i386.deb
    Size/MD5 checksum: 26698244 909b074ce6bcaefe3d401126d2615f8d
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny4_i386.deb
    Size/MD5 checksum:  1440406 c556151bb5a316eb9ab31c3935b41f3b

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny4_ia64.deb
    Size/MD5 checksum: 27256656 fa2b74b8ebf132cc51f03a3a67f88b94
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny4_ia64.deb
    Size/MD5 checksum:  1447294 359e619f9c448ea152da8ec75171ec56
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny4_ia64.deb
    Size/MD5 checksum: 14729196 b68fd5722d194f338f2c198a5a8ad3f3

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny4_mips.deb
    Size/MD5 checksum:  1395642 4355fac1721fff347677de60f2d0c6b0
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny4_mips.deb
    Size/MD5 checksum: 28275256 333044fb5317d479f48d52e6168000d9
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny4_mips.deb
    Size/MD5 checksum:  9435400 02ec40a4e98c07881e383b746d7b288b

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny4_mipsel.deb
    Size/MD5 checksum:  9302160 8258f05da522076b668b6e7f269dbacd
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny4_mipsel.deb
    Size/MD5 checksum: 27203156 6a4dd375e27a80dde7f39c0f2060f1ff
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny4_mipsel.deb
    Size/MD5 checksum:  1395886 65428046928c7f67b9ef5239ef60b9d4

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny4_powerpc.deb
    Size/MD5 checksum: 28204250 f6ac77dac3bde9ca597da9145b33713b
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny4_powerpc.deb
    Size/MD5 checksum:  1458744 9603268bf627bbacd0e7a12c3a94802f
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny4_powerpc.deb
    Size/MD5 checksum: 10958986 a498e9f65725b5f735a9d56dca1e0829

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny4_s390.deb
    Size/MD5 checksum: 11137838 f676f7a433624b3cb47cfc8e3441644c
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny4_s390.deb
    Size/MD5 checksum:  1399242 db48b7910f27162734b8bad742e9b8cb
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny4_s390.deb
    Size/MD5 checksum: 27719212 c1070ae61e00d808e636c183639f3ff8

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4c2a_3.5.10.dfsg.1-0lenny4_sparc.deb
    Size/MD5 checksum:  9967244 0990757031afe40d7a01e8794a37dc94
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1-0lenny4_sparc.deb
    Size/MD5 checksum:  1438956 42fe0dbcd6228aee3b4643836c3ff4f7
  http://security.debian.org/pool/updates/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1-0lenny4_sparc.deb
    Size/MD5 checksum: 25484970 83d65503f4397d63079bdaa28660a43b


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@...ts.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkt8ND0ACgkQXm3vHE4uyloSbQCfa8eSJgwBWWlJWqdJaZ3gbq8V
fzUAn0AoDNhC8n2v+4Xuo1+lW0dqsHDE
=8mTC
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ