DESCRIPTION
KDE is a very popular graphical desktop environment available for
GNU/Linux and other operating systems.
This update includes fixes for several vulnerabilities in the KDE
versions distributed with Conectiva Linux:
- Konqueror Referrer Leaking Website Authentication Credentials[1].
Konqueror may inadvertently forward (via the HTTP-referrer header)
authentication credentials to websites in clear text. An attacker can
create a scenario were the user visits a malicious website using a
link from a authenticated site and thus gain the authentication
credentials. The Common Vulnerabilities and Exposures (CVE) project
has assigned the name CAN-2003-0459 to this issue[2].
- KDM privilege escalation with specific PAM modules[3].
It has been reported that under certain specific PAM configurations,
kdm may give root access to a local user. This is caused because of a
flaw in the pam_setcred() function call. The Common Vulnerabilities
and Exposures (CVE) project has assigned the name CAN-2003-0690 to
this issue[4].
- KDM weak session cookies[3].
KDM generates session cookies (used as an authentication schema) in
an unsafe manner (with not enough entropy), allowing attackers to
more easily guess it. The Common Vulnerabilities and Exposures (CVE)
project has assigned the name CAN-2003-0692 to this issue[5].
- PS/PDF file handling vulnerability[6]. (Conectiva Linux 8 only)*
In several cases, kde applications call the ghostview program to
handle PS and PDF files in an insecure way (without the
-DPARANOIDSAFER or -SAFER parameters), which may allow attackers to
execute commands using crafted PS/PDF files. Since these files may
came from remote or untrusted sources (e-mail, web sites and network
connections), remote attackers can exploit this vulnerability to
execute arbitrary commands in the user's context using such sources
as attack vectors. The Common Vulnerabilities and Exposures (CVE)
project has assigned the name CAN-2003-0204 to this issue[7].
* A previous announcement[8] (CLSA-2003:668) has already included the
fixes for Conectiva Linux 9.
Please note that the KDE packages for Conectiva Linux 8 are being
updated to the 3.0.5b version[9], added of patches for the two first
aforementioned vulnerabilities. In the case of Conectiva Linux 9,
only the affected packages are being updated (with patches).
KDE users from Conectiva Linux 7.0 are also vulnerable to these
issues and to a "Konqueror Embedded SSL vulnerability"[10]. It's
recommended that these users upgrade to Conectiva Linux 8 or
Conectiva Linux 9, which contain several improvements for desktop
users.
SOLUTION
It is recommended that all KDE users upgrade their packages. Please
note that after the new packages installation, you must restart KDE
in order to run the new version.
ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:
- run: apt-get update
- after that, execute: apt-get upgrade
Detailed instructions reagarding the use of apt and upgrade examples
can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en
- ------------------------------------------------------------------------
-
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
- ------------------------------------------------------------------------
-
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en
- ------------------------------------------------------------------------
-
Copyright (c) 2003 Conectiva Inc.
http://www.conectiva.com
Hash: SHA1
- ------------------------------------------------------------------------
--
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- ------------------------------------------------------------------------
--
PACKAGE : kde
SUMMARY : Several vulnerabilities (kdm, konqueror, ps/pdf file handling)
DATE : 2003-09-19 17:44:00
ID : CLA-2003:747
RELEVANT
RELEASES : 8, 9
- ------------------------------------------------------------------------
-
DESCRIPTION
KDE is a very popular graphical desktop environment available for
GNU/Linux and other operating systems.
This update includes fixes for several vulnerabilities in the KDE
versions distributed with Conectiva Linux:
- Konqueror Referrer Leaking Website Authentication Credentials[1].
Konqueror may inadvertently forward (via the HTTP-referrer header)
authentication credentials to websites in clear text. An attacker can
create a scenario were the user visits a malicious website using a
link from a authenticated site and thus gain the authentication
credentials. The Common Vulnerabilities and Exposures (CVE) project
has assigned the name CAN-2003-0459 to this issue[2].
- KDM privilege escalation with specific PAM modules[3].
It has been reported that under certain specific PAM configurations,
kdm may give root access to a local user. This is caused because of a
flaw in the pam_setcred() function call. The Common Vulnerabilities
and Exposures (CVE) project has assigned the name CAN-2003-0690 to
this issue[4].
- KDM weak session cookies[3].
KDM generates session cookies (used as an authentication schema) in
an unsafe manner (with not enough entropy), allowing attackers to
more easily guess it. The Common Vulnerabilities and Exposures (CVE)
project has assigned the name CAN-2003-0692 to this issue[5].
- PS/PDF file handling vulnerability[6]. (Conectiva Linux 8 only)*
In several cases, kde applications call the ghostview program to
handle PS and PDF files in an insecure way (without the
-DPARANOIDSAFER or -SAFER parameters), which may allow attackers to
execute commands using crafted PS/PDF files. Since these files may
came from remote or untrusted sources (e-mail, web sites and network
connections), remote attackers can exploit this vulnerability to
execute arbitrary commands in the user's context using such sources
as attack vectors. The Common Vulnerabilities and Exposures (CVE)
project has assigned the name CAN-2003-0204 to this issue[7].
* A previous announcement[8] (CLSA-2003:668) has already included the
fixes for Conectiva Linux 9.
Please note that the KDE packages for Conectiva Linux 8 are being
updated to the 3.0.5b version[9], added of patches for the two first
aforementioned vulnerabilities. In the case of Conectiva Linux 9,
only the affected packages are being updated (with patches).
KDE users from Conectiva Linux 7.0 are also vulnerable to these
issues and to a "Konqueror Embedded SSL vulnerability"[10]. It's
recommended that these users upgrade to Conectiva Linux 8 or
Conectiva Linux 9, which contain several improvements for desktop
users.
SOLUTION
It is recommended that all KDE users upgrade their packages. Please
note that after the new packages installation, you must restart KDE
in order to run the new version.
REFERENCES:
1.http://www.kde.org/info/security/advisory-20030729-1.txt
2.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0459
3.http://www.kde.org/info/security/advisory-20030916-1.txt
4.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0690
5.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0692
6.http://www.kde.org/info/security/advisory-20030409-1.txt
7.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0204
8.http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000
668&idioma=en
9.http://www.kde.org/info/3.0.5b.php
10.http://www.kde.org/info/security/advisory-20030602-1.txt
UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/8/RPMS/kde-common-3.0.5b-1U80_3cl.i3
86.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-3.0.5b-1U80_3cl.i386.
rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-common-3.0.5b-1U80_3c
l.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-core-3.0.5b-1U80_3cl.
i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-devel-3.0.5b-1U80_3cl
.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-devel-static-3.0.5b-1
U80_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-kaddressbook-3.0.5b-1
U80_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-kappfinder-3.0.5b-1U8
0_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-kate-3.0.5b-1U80_3cl.
i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-kcontrol-3.0.5b-1U80_
3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-kcontrol-doc-3.0.5b-1
U80_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-kdesktop-3.0.5b-1U80_
3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-khelpcenter-3.0.5b-1U
80_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-khelpcenter-doc-3.0.5
b-1U80_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-kicker-3.0.5b-1U80_3c
l.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-kicker-doc-3.0.5b-1U8
0_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-kio-audiocd-3.0.5b-1U
80_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-kmenuedit-3.0.5b-1U80
_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-kmenuedit-doc-3.0.5b-
1U80_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-kscreensaver-3.0.5b-1
U80_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-ksysguard-3.0.5b-1U80
_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-ksysguard-doc-3.0.5b-
1U80_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-ktip-3.0.5b-1U80_3cl.
i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-kwin-3.0.5b-1U80_3cl.
i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-kxkb-3.0.5b-1U80_3cl.
i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-libkonq-3.0.5b-1U80_3
cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-nsplugins-3.0.5b-1U80
_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-sounds-3.0.5b-1U80_3c
l.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-themes-3.0.5b-1U80_3c
l.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdebase-wallpapers-3.0.5b-1U8
0_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdegraphics-3.0.5b-1U80_2cl.i
386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdegraphics-common-3.0.5b-1U8
0_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdegraphics-devel-3.0.5b-1U80
_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdegraphics-kamera-3.0.5b-1U8
0_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdegraphics-kcoloredit-3.0.5b
-1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdegraphics-kdvi-3.0.5b-1U80_
2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdegraphics-kdvi-doc-3.0.5b-1
U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdegraphics-kfax-3.0.5b-1U80_
2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdegraphics-kfract-3.0.5b-1U8
0_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdegraphics-kfract-doc-3.0.5b
-1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdegraphics-kghostview-3.0.5b
-1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdegraphics-kghostview-doc-3.
0.5b-1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdegraphics-kiconedit-3.0.5b-
1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdegraphics-kiconedit-doc-3.0
.5b-1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdegraphics-kooka-3.0.5b-1U80
_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdegraphics-kpaint-3.0.5b-1U8
0_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdegraphics-kpaint-doc-3.0.5b
-1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdegraphics-kruler-3.0.5b-1U8
0_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdegraphics-ksnapshot-3.0.5b-
1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdegraphics-ksnapshot-doc-3.0
.5b-1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdegraphics-kuickshow-3.0.5b-
1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdegraphics-kview-3.0.5b-1U80
_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdegraphics-kview-doc-3.0.5b-
1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdelibs-artsinterface-3.0.5b-
1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdelibs-config-3.0.5b-1U80_2c
l.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdelibs-docbook-3.0.5b-1U80_2
cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdelibs3-3.0.5b-1U80_2cl.i386
.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdelibs3-devel-3.0.5b-1U80_2c
l.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdm-3.0.5b-1U80_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/kdm-doc-3.0.5b-1U80_3cl.i386.
rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/konqueror-3.0.5b-1U80_3cl.i38
6.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/konqueror-doc-3.0.5b-1U80_3cl
.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/konsole-3.0.5b-1U80_3cl.i386.
rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/konsole-doc-3.0.5b-1U80_3cl.i
386.rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/kdebase-3.0.5b-1U80_3cl.src.
rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/kdegraphics-3.0.5b-1U80_2cl.
src.rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/kdelibs3-3.0.5b-1U80_2cl.src
.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/kdelibs3-3.1.2-28927U90_2cl.i
386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/kdm-3.1.2-28535U90_4cl.i386.r
pm
ftp://atualizacoes.conectiva.com.br/9/SRPMS/kdebase-3.1.2-28535U90_4cl.s
rc.rpm
ftp://atualizacoes.conectiva.com.br/9/SRPMS/kdelibs3-3.1.2-28927U90_2cl.
src.rpm
ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:
- run: apt-get update
- after that, execute: apt-get upgrade
Detailed instructions reagarding the use of apt and upgrade examples
can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en
- ------------------------------------------------------------------------
-
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
- ------------------------------------------------------------------------
-
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en
- ------------------------------------------------------------------------
-
Copyright (c) 2003 Conectiva Inc.
http://www.conectiva.com
- ------------------------------------------------------------------------
-
subscribe: conectiva-updates-subscribe (at) papaleguas.conectiva.com (dot) br [email concealed]
unsubscribe: conectiva-updates-unsubscribe (at) papaleguas.conectiva.com (dot) br [email concealed]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE/a2rI42jd0JmAcZARArExAJ4tTOBVpIWuFL5rfyB8iPRO31aOiQCeIYAb
OpkH1u630X0KluRaTZbNwFs=
=2/aO
-----END PGP SIGNATURE-----
[ reply ]