lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050721092711.GB15909@piware.de>
Date: Thu Jul 21 10:39:05 2005
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-150-1] KDE library vulnerability

===========================================================
Ubuntu Security Notice USN-150-1	      July 21, 2005
kdelibs vulnerability
CAN-2005-1920
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

kdelibs4

The problem can be corrected by upgrading the affected package to
version 4:3.4.0-0ubuntu3.3. In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Kate and Kwrite create a backup file before saving a modified file.
These backup files were created with default permissions, even if the
original file had more strict permissions set, so that other local
users could possibly read the backup file even if they are not
permitted to read the original file.

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.0-0ubuntu3.3.diff.gz
      Size/MD5:   358430 a8ea51e8e6fee9c82b2224e844698f68
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.0-0ubuntu3.3.dsc
      Size/MD5:     1334 f5cd48f8456e4f17df93e6531972cd1a
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.0.orig.tar.gz
      Size/MD5: 20024253 471740de13cfed37d35eb180fc1b9b38

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.4.0-0ubuntu3.3_all.deb
      Size/MD5:  8012946 34fea4958effee0bd5023accfed2cf5e
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-doc_3.4.0-0ubuntu3.3_all.deb
      Size/MD5: 12073028 9b5073d96a623e02613723547542d440
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.4.0-0ubuntu3.3_all.deb
      Size/MD5:    20140 73ea0c759d078ccc98cbb2874b499e7c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.0-0ubuntu3.3_amd64.deb
      Size/MD5:   921514 359b27d378a663a10766aa793c759e11
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.0-0ubuntu3.3_amd64.deb
      Size/MD5:  1303422 ed1a2de56e3060aed872399dafb09936
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4_3.4.0-0ubuntu3.3_amd64.deb
      Size/MD5:  8969178 d31c4f092a67ad5e176dc8c748f4d759

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.0-0ubuntu3.3_i386.deb
      Size/MD5:   839502 e5c1926a15a11fa9cfd5aa96be7fc80a
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.0-0ubuntu3.3_i386.deb
      Size/MD5:  1300806 8e97350ddc67c93e33c2596e41dd4ac8
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4_3.4.0-0ubuntu3.3_i386.deb
      Size/MD5:  8396554 86311699499de6ca7d92ba3fbe88fb95

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-bin_3.4.0-0ubuntu3.3_powerpc.deb
      Size/MD5:   904426 a3957d296c1a1de06b02b90e6c69cc0f
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4-dev_3.4.0-0ubuntu3.3_powerpc.deb
      Size/MD5:  1304172 5ca784e03ea3c2d9d95240da53dca4a7
    http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs4_3.4.0-0ubuntu3.3_powerpc.deb
      Size/MD5:  8367822 1406ddf6609da78750a2d9f5e46fa6ec
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050721/6750f067/attachment.bin

Powered by blists - more mailing lists