[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050503161459.GA8257@box79162.elkhouse.de>
Date: Tue May 3 17:15:06 2005
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-115-1] Kommander vulnerability
===========================================================
Ubuntu Security Notice USN-115-1 May 03, 2005
kdewebdev vulnerability
CAN-2005-0754
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
kommander
The problem can be corrected by upgrading the affected package to
version 4:3.4.0-0ubuntu2.2. In general, a standard system upgrade is
sufficient to effect the necessary changes.
Details follow:
Eckhart W?rner discovered that Kommander opens files from remote and
possibly untrusted locations without user confirmation. Since
Kommander files can contain scripts, this would allow an attacker to
execute arbitrary code with the privileges of the user opening the
file.
The updated Kommander will not automatically open files from remote
locations, and files which do not end with ".kmdr" any more.
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kdewebdev_3.4.0-0ubuntu2.2.diff.gz
Size/MD5: 178816 caef0228cc742bc8ce4f1b9f36f79130
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kdewebdev_3.4.0-0ubuntu2.2.dsc
Size/MD5: 1000 d9b0ddb8278bed92e2dc21b02aecb872
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kdewebdev_3.4.0.orig.tar.gz
Size/MD5: 7496452 4820f77ff59dc9030204b87aa840d065
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/k/kdewebdev/kdewebdev-doc-html_3.4.0-0ubuntu2.2_all.deb
Size/MD5: 134006 100e2fd20ba38c9d36e0f99eeff01b91
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kdewebdev_3.4.0-0ubuntu2.2_all.deb
Size/MD5: 8654 ed38515d0ce6a68d2206f7fc2926d04d
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/quanta-data_3.4.0-0ubuntu2.2_all.deb
Size/MD5: 945488 3478cb60faa98a2982964615b7c19288
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kfilereplace_3.4.0-0ubuntu2.2_amd64.deb
Size/MD5: 630252 6b7a50e32f6fb999702c8b9826fb5894
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kimagemapeditor_3.4.0-0ubuntu2.2_amd64.deb
Size/MD5: 321990 9504f89bd51d05ee52144a4c9c576ed2
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/klinkstatus_3.4.0-0ubuntu2.2_amd64.deb
Size/MD5: 257710 9f7b62f0bf9b5f0ee953d5f5a2cc603f
http://security.ubuntu.com/ubuntu/pool/universe/k/kdewebdev/kommander-dev_3.4.0-0ubuntu2.2_amd64.deb
Size/MD5: 17264 e3b592579a57f3a9b38755f5ccbf73dc
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kommander_3.4.0-0ubuntu2.2_amd64.deb
Size/MD5: 1273682 d74bf73034c8466fa2e6e5349fd1883f
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kxsldbg_3.4.0-0ubuntu2.2_amd64.deb
Size/MD5: 612816 49cf9a1a50feb57d41ee8fad177783de
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/quanta_3.4.0-0ubuntu2.2_amd64.deb
Size/MD5: 2303362 06d52ac9c6950e823f024462c672d9f8
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kfilereplace_3.4.0-0ubuntu2.2_i386.deb
Size/MD5: 621532 7a39076580bd640fd3eb03272a45e86d
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kimagemapeditor_3.4.0-0ubuntu2.2_i386.deb
Size/MD5: 303930 0bfb95c32d38b92d40970e4777870a38
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/klinkstatus_3.4.0-0ubuntu2.2_i386.deb
Size/MD5: 244456 66bd475678215a77ddf4bc8836d43386
http://security.ubuntu.com/ubuntu/pool/universe/k/kdewebdev/kommander-dev_3.4.0-0ubuntu2.2_i386.deb
Size/MD5: 17278 11edfa83396992ef6f40b2599217d649
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kommander_3.4.0-0ubuntu2.2_i386.deb
Size/MD5: 1186942 0851867caf4b8ef2484bd1e52d0b4602
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kxsldbg_3.4.0-0ubuntu2.2_i386.deb
Size/MD5: 585286 bf3a98696e5e23b7fb0cb3c3feb0ee94
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/quanta_3.4.0-0ubuntu2.2_i386.deb
Size/MD5: 2245404 cbca7afe4b85ef7954dfd03400c48a48
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kfilereplace_3.4.0-0ubuntu2.2_powerpc.deb
Size/MD5: 621254 5877b724876958b7f09751363a333692
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kimagemapeditor_3.4.0-0ubuntu2.2_powerpc.deb
Size/MD5: 295570 ff0c924ae08e790cbd549cf7cc39a5c4
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/klinkstatus_3.4.0-0ubuntu2.2_powerpc.deb
Size/MD5: 245248 3a5540697b21cdff954e2a4480fdb37b
http://security.ubuntu.com/ubuntu/pool/universe/k/kdewebdev/kommander-dev_3.4.0-0ubuntu2.2_powerpc.deb
Size/MD5: 17270 2a07e2649555b97ede553fbc87f9ed39
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kommander_3.4.0-0ubuntu2.2_powerpc.deb
Size/MD5: 1191350 fdf63a65144291d03f25ed4db54e292f
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kxsldbg_3.4.0-0ubuntu2.2_powerpc.deb
Size/MD5: 583446 87189bdf29e9d71e8cb8efdd660482b9
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/quanta_3.4.0-0ubuntu2.2_powerpc.deb
Size/MD5: 2174200 143110597047409de76a0b6266ee2e23
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050503/b1756e85/attachment.bin
Powered by blists - more mailing lists