Users login

Create an account »


Users login

Home » Hacking News » [SECURITY] [DSA 243-1] New kdemultimedia packages fix several vulnerabilities

[SECURITY] [DSA 243-1] New kdemultimedia packages fix several vulnerabilities

by Nikola Strahija on January 25th, 2003 The KDE team discovered several vulnerabilities in the K Desktop Environment. In some instances KDE fails to properly quote parameters of instructions passed to a command shell for execution.

Debian Security Advisory DSA 243-1 [email protected] Martin Schulze
January 24th, 2003
- --------------------------------------------------------------------------

Package : kdemultimedia
Vulnerability : several
Problem-type : local, remote
Debian-specific: no
CVE Id : CAN-2002-1393

The KDE team discovered several vulnerabilities in the K Desktop
Environment. In some instances KDE fails to properly quote parameters
of instructions passed to a command shell for execution. These
parameters may incorporate data such as URLs, filenames and e-mail
addresses, and this data may be provided remotely to a victim in an
e-mail, a webpage or files on a network filesystem or other untrusted

By carefully crafting such data an attacker might be able to execute
arbitary commands on a vulnerable system using the victim's account and
privileges. The KDE Project is not aware of any existing exploits of
these vulnerabilities. The patches also provide better safe guards
and check data from untrusted sources more strictly in multiple

For the current stable distribution (woody), these problems have been
fixed in version 2.2.2-8.2. Please note that we are unable to provide
updated packages for both MIPS architectures since the compilation of
kdemultimedia triggers an internal compiler error on these machines.

The old stable distribution (potato) does not contain KDE packages.

For the unstable distribution (sid), these problems will most probably
not be fixed but new packages for KDE 3.1 for sid are expected for
this year.

We recommend that you upgrade your KDE packages.

Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
- --------------------------------

Source archives:
Size/MD5 checksum: 931 ea6ccb34bf852ac29e6d73613081e334
Size/MD5 checksum: 12438 c24bc332097a53ec3e5c84cb7bf2b8bf
Size/MD5 checksum: 4745846 013333cc85b267c3d0d4c50c14bcd2f8

Alpha architecture:
Size/MD5 checksum: 1275504 e7f689aadb6cf5cd54f59e54198d7cf2
Size/MD5 checksum: 101364 b37dfc4b2e96279203d2a2a7e1ee81fe
Size/MD5 checksum: 262362 37011939bfaf4c5a04ffa018416b5265
Size/MD5 checksum: 1340624 2728558b23aaefef50f75eabf2b26604
Size/MD5 checksum: 203918 fb82f8fdca725ecb9a326f7cad423114
Size/MD5 checksum: 285524 ce32bdcf10cd2ad2be0e7417a4ecaa1e
Size/MD5 checksum: 154388 73c1fe5523d24c4b34e5a925218ef3dc
Size/MD5 checksum: 348174 0fea85342c407fbb0d4cc5738452181a
Size/MD5 checksum: 2110060 9a109e0d1556957de7eb7e82e363208c

ARM architecture:
Size/MD5 checksum: 950728 ad369aee8147668de76c89427a393e3e
Size/MD5 checksum: 101472 aa9b29b7db2b3010291bb4ed4ba4f0af
Size/MD5 checksum: 242928 77e820262c24fec76a28825159a52aff
Size/MD5 checksum: 1299456 581e9c81c34e41dca90ef16cc5f5f181
Size/MD5 checksum: 157540 ddcb9807571ac18edc8a2c09f3de05bf
Size/MD5 checksum: 272882 1b7f67d78b30e2a0e0d67dbb8e2e9e48
Size/MD5 checksum: 108140 a9ded96aec60fa509989ff0f5f0ecc6f
Size/MD5 checksum: 282098 70ed5afd1b77ffe7d7b44ee50dc14bbb
Size/MD5 checksum: 1894054 beb1cec62d08b7d8a1064ccf5c708529

Intel IA-32 architecture:
Size/MD5 checksum: 931028 6450d390f27aeda571691a66a55f4ba9
Size/MD5 checksum: 101392 e4df2c898c92a9a18d8c8a7fa9d378a5
Size/MD5 checksum: 239934 77aa1ad61cf050076bd8218d405c466e
Size/MD5 checksum: 1266742 d56661fb5dd3d8330fba30193827abdb
Size/MD5 checksum: 155428 75467801fdabb111a9c512e1b3d3492a
Size/MD5 checksum: 264210 90f8a72fa1d963bd19b7250f545aa686
Size/MD5 checksum: 105290 85551cf9bc507da3de697307e697f823
Size/MD5 checksum: 311584 da769f99a16b43d30100d4b7e1235fd4
Size/MD5 checksum: 1889708 4b751663b1a6760f6f8285dca2b2dcd1

Intel IA-64 architecture:
Size/MD5 checksum: 1328734 c459f61f0574f743d76328386ae8d637
Size/MD5 checksum: 101360 fe282c59e381da90a57e8862bf0d3199
Size/MD5 checksum: 288342 e15b85fb995adb6c1e4a068815729d01
Size/MD5 checksum: 1495738 53a5e5db9c035792dda5342b55ee224f
Size/MD5 checksum: 231210 552566ad2ac4e37789be84c087b80695
Size/MD5 checksum: 369002 93635ae5e67906b035ce4118a261862d
Size/MD5 checksum: 151300 c1a47e9a2de01ec9021ea7ed86d33aa1
Size/MD5 checksum: 511050 67b3787c8570595104af81d9a2883767
Size/MD5 checksum: 2225366 68ea74f7708e8583a9f0f445bfcc90d4

HP Precision architecture:
Size/MD5 checksum: 1461794 26afcf3486140212b5f3300e68a85b7d
Size/MD5 checksum: 101404 24023dd9c8c5fb8925a4adf3e4682122
Size/MD5 checksum: 274952 a428d9cdb9f0bf35aa0b55ba67e8118c
Size/MD5 checksum: 1328916 f6ddd1a1d3ecd22fb29bb7c60cf71f6e
Size/MD5 checksum: 206838 e01ff343760e76afe7be65e7387795be
Size/MD5 checksum: 291196 51170047d6b913d561a445bd3a03b4d3
Size/MD5 checksum: 286880 abbb60e4eb50c883d6087422fa927f13
Size/MD5 checksum: 337658 ed18ef7ace0bd76e30f3aaaca7a4980c
Size/MD5 checksum: 2170100 f7339c2116773ea1972c456a93ed1c2e

Motorola 680x0 architecture:
Size/MD5 checksum: 947918 394990d923d2cb54e1d903fa9102e2dd
Size/MD5 checksum: 101602 5eb78569b4c39d0f84fcc9b56121b3f6
Size/MD5 checksum: 241304 73097cf737026374ff956a626fea2bb7
Size/MD5 checksum: 1246882 356e3b535226807555f95cd6c9886145
Size/MD5 checksum: 154944 436b551976c798d407d194d15753ce31
Size/MD5 checksum: 258416 1adedbfe8c922bc1b3ee0ffebf8d3af7
Size/MD5 checksum: 108026 1f85c7f95f3468773c3a5aa8c031f2c6
Size/MD5 checksum: 292346 c7d2a634fa3d55f864b548200ba4910f
Size/MD5 checksum: 1893268 53291c3cf2b6187a1e9a71bb90452507

PowerPC architecture:
Size/MD5 checksum: 996950 2158b7aee4fa4f99edeac9096d5a0f84
Size/MD5 checksum: 101376 cf015241d26b5b0c5b57445de503d722
Size/MD5 checksum: 243686 6ff1aaa97401db67b1471d7a2848fe0e
Size/MD5 checksum: 1281376 9421d9cd1040e995ecf5b484375d6c92
Size/MD5 checksum: 157280 854a1fb4af22184c6c314bb930e7318d
Size/MD5 checksum: 271618 33fa16c2854408c3afcd9f4b881deaad
Size/MD5 checksum: 118688 3857b9db12df3f2ecb7814997fdfe189
Size/MD5 checksum: 226308 b0caf9978bd8122d190ab12f5b2b7075
Size/MD5 checksum: 1915652 e9e29f0aecd6da93ba2afd63f4175989

IBM S/390 architecture:
Size/MD5 checksum: 949144 4fdc485750c31fb4066e472b15428ca8
Size/MD5 checksum: 101394 e20bf973dfe70f0f61f908f8dd8209f9
Size/MD5 checksum: 247156 b45eac6b57ed5ce311106c2bfb305bf5
Size/MD5 checksum: 1282880 1eb6591f76839234d78fc4e33a45b299
Size/MD5 checksum: 168072 d2b12dce4cc9d796669e2229b5e383d1
Size/MD5 checksum: 271944 916a16b3026ecec61d66f85c5d4c8ab0
Size/MD5 checksum: 113444 5e4288362c2cba05aecda5ba10fe9bf7
Size/MD5 checksum: 343568 3bc187ac0018b58e062e2009b1a6ea34
Size/MD5 checksum: 1916274 a735f195d97b50ef4c7313df82ace682

Sun Sparc architecture:
Size/MD5 checksum: 973512 85018e1174bbbe96dddc637610a8605e
Size/MD5 checksum: 101402 7ab750a27ee344ffd4ede95c2ffa3bb7
Size/MD5 checksum: 244520 d55726594ee67d0872fd6c5ec4676ab4
Size/MD5 checksum: 1279162 0cb391dc3b6dc1aad65a2e82b3d3420f
Size/MD5 checksum: 159528 bc102f8f6df7798f0dce414689e99572
Size/MD5 checksum: 270228 406add52cdba3149c9f119cb46d063b7
Size/MD5 checksum: 113428 d9216a2fd6f74d729fac7107abf9cc7f
Size/MD5 checksum: 319032 5d2b5119edbb8df2212138a04f5ed3ce
Size/MD5 checksum: 1919588 a0d7a348e1c032352232e919f6c30279

These files will be moved into the stable distribution after new KDE
packages have been uploaded into unstable (sid) and compiled for
all architectures.

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »