SecurityFocus BUGTRAQ Mailing List: BugTraqLink Number One Link Number One Link Number Two Link Number Two Link Number One Link Number One Link Number Two Link Number Two Entire Site Advisories Calendar Columnists Elsewhere Guest Feature Infocus Library Links Mailing Lists (all) -- BUGTRAQ -- FOCUS-IDS -- FOCUS-IH -- FOCUS-LINUX -- FOCUS-MS -- FOCUS-SUN -- FOCUS-VIRUS -- FORENSICS -- INCIDENTS -- PEN-TEST -- SEC JOBS -- SF NEWS -- VULN-DEV News Products Services Tools Vulns BUGTRAQ ARCHIVE [ Message Index ] [ Thread Index ][ Reply ] [ prev Msg by Date ][ next Msg by Date ] To: BugTraq Subject: [CLA-2003:747] Conectiva Security Announcement - kde Date: Sep 19 2003 8:44PM Author: Conectiva Updates Message-ID: <200309192044.RAA09384@frajuto.distro.conectiva> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- CONECTIVA LINUX SECURITY ANNOUNCEMENT - -------------------------------------------------------------------------- PACKAGE : kde SUMMARY : Several vulnerabilities (kdm, konqueror, ps/pdf file handling) DATE : 2003-09-19 17:44:00 ID : CLA-2003:747 RELEVANT RELEASES : 8, 9 - ------------------------------------------------------------------------- DESCRIPTION KDE is a very popular graphical desktop environment available for GNU/Linux and other operating systems. This update includes fixes for several vulnerabilities in the KDE versions distributed with Conectiva Linux: - Konqueror Referrer Leaking Website Authentication Credentials[1]. Konqueror may inadvertently forward (via the HTTP-referrer header) authentication credentials to websites in clear text. An attacker can create a scenario were the user visits a malicious website using a link from a authenticated site and thus gain the authentication credentials. The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN-2003-0459 to this issue[2]. - KDM privilege escalation with specific PAM modules[3]. It has been reported that under certain specific PAM configurations, kdm may give root access to a local user. This is caused because of a flaw in the pam_setcred() function call. The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN-2003-0690 to this issue[4]. - KDM weak session cookies[3]. KDM generates session cookies (used as an authentication schema) in an unsafe manner (with not enough entropy), allowing attackers to more easily guess it. The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN-2003-0692 to this issue[5]. - PS/PDF file handling vulnerability[6]. (Conectiva Linux 8 only)* In several cases, kde applications call the ghostview program to handle PS and PDF files in an insecure way (without the -DPARANOIDSAFER or -SAFER parameters), which may allow attackers to execute commands using crafted PS/PDF files. Since these files may came from remote or untrusted sources (e-mail, web sites and network connections), remote attackers can exploit this vulnerability to execute arbitrary commands in the user's context using such sources as attack vectors. The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN-2003-0204 to this issue[7]. * A previous announcement[8] (CLSA-2003:668) has already included the fixes for Conectiva Linux 9. Please note that the KDE packages for Conectiva Linux 8 are being updated to the 3.0.5b version[9], added of patches for the two first aforementioned vulnerabilities. In the case of Conectiva Linux 9, only the affected packages are being updated (with patches). KDE users from Conectiva Linux 7.0 are also vulnerable to these issues and to a "Konqueror Embedded SSL vulnerability"[10]. It's recommended that these users upgrade to Conectiva Linux 8 or Conectiva Linux 9, which contain several improvements for desktop users. SOLUTION It is recommended that all KDE users upgrade their packages. Please note that after the new packages installation, you must restart KDE in order to run the new version. REFERENCES: 1.http://www.kde.org/info/security/advisory-20030729-1.txt 2.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0459 3.http://www.kde.org/info/security/advisory-20030916-1.txt 4.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0690 5.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0692 6.http://www.kde.org/info/security/advisory-20030409-1.txt 7.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0204 8.http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000668&idioma=en 9.http://www.kde.org/info/3.0.5b.php 10.http://www.kde.org/info/security/advisory-20030602-1.txt UPDATED PACKAGES ftp://atualizacoes.conectiva.com.br/8/RPMS/kde-common-3.0.5b-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-3.0.5b-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-common-3.0.5b-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-core-3.0.5b-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-devel-3.0.5b-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-devel-static-3.0.5b-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-kaddressbook-3.0.5b-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-kappfinder-3.0.5b-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-kate-3.0.5b-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-kcontrol-3.0.5b-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-kcontrol-doc-3.0.5b-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-kdesktop-3.0.5b-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-khelpcenter-3.0.5b-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-khelpcenter-doc-3.0.5b-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-kicker-3.0.5b-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-kicker-doc-3.0.5b-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-kio-audiocd-3.0.5b-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-kmenuedit-3.0.5b-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-kmenuedit-doc-3.0.5b-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-kscreensaver-3.0.5b-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-ksysguard-3.0.5b-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-ksysguard-doc-3.0.5b-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-ktip-3.0.5b-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-kwin-3.0.5b-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-kxkb-3.0.5b-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-libkonq-3.0.5b-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-nsplugins-3.0.5b-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-sounds-3.0.5b-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-themes-3.0.5b-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-wallpapers-3.0.5b-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdegraphics-3.0.5b-1U80_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdegraphics-common-3.0.5b-1U80_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdegraphics-devel-3.0.5b-1U80_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdegraphics-kamera-3.0.5b-1U80_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdegraphics-kcoloredit-3.0.5b-1U80_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdegraphics-kdvi-3.0.5b-1U80_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdegraphics-kdvi-doc-3.0.5b-1U80_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdegraphics-kfax-3.0.5b-1U80_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdegraphics-kfract-3.0.5b-1U80_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdegraphics-kfract-doc-3.0.5b-1U80_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdegraphics-kghostview-3.0.5b-1U80_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdegraphics-kghostview-doc-3.0.5b-1U80_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdegraphics-kiconedit-3.0.5b-1U80_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdegraphics-kiconedit-doc-3.0.5b-1U80_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdegraphics-kooka-3.0.5b-1U80_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdegraphics-kpaint-3.0.5b-1U80_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdegraphics-kpaint-doc-3.0.5b-1U80_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdegraphics-kruler-3.0.5b-1U80_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdegraphics-ksnapshot-3.0.5b-1U80_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdegraphics-ksnapshot-doc-3.0.5b-1U80_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdegraphics-kuickshow-3.0.5b-1U80_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdegraphics-kview-3.0.5b-1U80_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdegraphics-kview-doc-3.0.5b-1U80_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdelibs-artsinterface-3.0.5b-1U80_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdelibs-config-3.0.5b-1U80_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdelibs-docbook-3.0.5b-1U80_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdelibs3-3.0.5b-1U80_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdelibs3-devel-3.0.5b-1U80_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdm-3.0.5b-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/kdm-doc-3.0.5b-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/konqueror-3.0.5b-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/konqueror-doc-3.0.5b-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/konsole-3.0.5b-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/konsole-doc-3.0.5b-1U80_3cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/SRPMS/kdebase-3.0.5b-1U80_3cl.src.rpm ftp://atualizacoes.conectiva.com.br/8/SRPMS/kdegraphics-3.0.5b-1U80_2cl.src.rpm ftp://atualizacoes.conectiva.com.br/8/SRPMS/kdelibs3-3.0.5b-1U80_2cl.src.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kdelibs3-3.1.2-28927U90_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/RPMS/kdm-3.1.2-28535U90_4cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/SRPMS/kdebase-3.1.2-28535U90_4cl.src.rpm ftp://atualizacoes.conectiva.com.br/9/SRPMS/kdelibs3-3.1.2-28927U90_2cl.src.rpm ADDITIONAL INSTRUCTIONS The apt tool can be used to perform RPM packages upgrades: - run: apt-get update - after that, execute: apt-get upgrade Detailed instructions reagarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en - ------------------------------------------------------------------------- All packages are signed with Conectiva's GPG key. The key and instructions on how to import it can be found at http://distro.conectiva.com.br/seguranca/chave/?idioma=en Instructions on how to check the signatures of the RPM packages can be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en - ------------------------------------------------------------------------- All our advisories and generic update instructions can be viewed at http://distro.conectiva.com.br/atualizacoes/?idioma=en - ------------------------------------------------------------------------- Copyright (c) 2003 Conectiva Inc. http://www.conectiva.com - ------------------------------------------------------------------------- subscribe: conectiva-updates-subscribe papaleguas conectiva com br unsubscribe: conectiva-updates-unsubscribe papaleguas conectiva com br -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE/a2rI42jd0JmAcZARArExAJ4tTOBVpIWuFL5rfyB8iPRO31aOiQCeIYAb OpkH1u630X0KluRaTZbNwFs= =2/aO -----END PGP SIGNATURE----- Want to link to this message? Use this URL: Disclaimer, Terms & Conditions About this List Featured Lists: ARIS Users bugtraq bugtraq-es bugtraq-french NEW bugtraq-jp firewalls focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics forensics-es honeypots incidents libnet pen-test secevents secpapers secprog sectools secureshell security-basics security-management NEW securityjobs vpn vuln-dev webappsec Newsletters: sf-news ms-secnews linux-secnews [ more . . . ] Privacy Statement Copyright © 1999-2003 SecurityFocus