[SECURITY] New versions of kdebase fixes two security holes

To: Debian Security Announcements <debian-security-announce@lists.debian.org>
Cc: Debian Changes <debian-changes@lists.debian.org>
Subject: [SECURITY] New versions of kdebase fixes two security holes
From: Martin Schulze <joey@kuolema.Infodrom.North.DE>
Date: Sat, 30 May 1998 18:52:20 +0200
Message-id: <[🔎] 19980530185220.H19076@kuolema.Infodrom.North.DE>

We have received a report that the one can use a simple buffer
overflow exploit to gain access to the group shadow on systems running
klock.  There was also a problem in kvt which saved its configuration
as root and not as regular user.

We recommend you upgrade your kdebase package immediately.

dpkg -i file.deb
        will install the referenced file.

Debian GNU/Linux 1.3.1 alias bo
-------------------------------

  There are no KDE packages for the current stable release of Debian
  GNU/Linux.

  However there are backward compiled packages located in bo-unstable.
  This package contain vulnerable klock and kvt binary.

  Source archives:
    ftp://ftp.debian.org/debian/bo-updates/source/kdebase_Beta2-2.3.diff.gz
      MD5 checksum: 3b116c8fa7c18bf68454e0a1cfe08325
    ftp://ftp.debian.org/debian/bo-updates/source/kdebase_Beta2-2.3.dsc
      MD5 checksum: 7ac8e17b3e060228c7e319321610aa15
    ftp://ftp.debian.org/debian/bo-updates/source/kdebase_Beta2.orig.tar.gz
      MD5 checksum: e1136cdfb7e8196f44edbea44ce72539

 Intel architecture:
    ftp://ftp.debian.org/debian/bo-updates/binary-i386/kdebase_Beta2-2.3_i386.deb
      MD5 checksum: 78f1f2b6229f2cbb04f6cfe35f6d248f

  These files from the incoming directory will be moved into
  ftp://ftp.debian.org/debian/bo-updates/binary-i386/ and
  ftp://ftp.debian.org/debian/bo/binary-i386/ later.


Debian GNU/Linux pre2.0 alias hamm
----------------------------------

  Source archives:
    ftp://ftp.debian.org/debian/hamm/contrib/source/x11/kdebase_980312-8.diff.gz
      MD5 checksum: 822329f0180a35b9d1ecec08cb83095a
    ftp://ftp.debian.org/debian/hamm/contrib/source/x11/kdebase_980312-8.dsc
      MD5 checksum: 8dbc9b74cddf974d85be563d63650e73
    ftp://ftp.debian.org/debian/hamm/contrib/source/x11/kdebase_980312.orig.tar.gz
      MD5 checksum: a77b962bfd16de9e57373aae135a3c90

  Intel architecture:
    ftp://ftp.debian.org/debian/hamm/contrib/binary-i386/x11/kdebase_980312-8.deb
      MD5 checksum: 313ab365fd504a78563a8e4489d44a3e

  Motorola 68xxx architecture:
    ftp://ftp.debian.org/debian/hamm/contrib/binary-m68k/x11/kdebase_980312-8.deb
      MD5 checksum: 487e62a71861e4cbcc67ed251a1a9582

--
Debian GNU/Linux    .    Security Managers    .    security@debian.org
              debian-security-announce@lists.debian.org
Christian Hudon <chrish@debian.org> . Martin Schulze <joey@debian.org>

Attachment: pgpROec6wQ_na.pgp
Description: PGP signature

Reply to:

Prev by Date: Debian 1.3.1 r8 released.
Next by Date: [SECURITY] New version of premail fixes /tmp file problem
Previous by thread: Debian 1.3.1 r8 released.
Next by thread: [SECURITY] New version of premail fixes /tmp file problem
Index(es):
- Date
- Thread