[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] New versions of kdebase fixes two security holes



We have received a report that the one can use a simple buffer
overflow exploit to gain access to the group shadow on systems running
klock.  There was also a problem in kvt which saved its configuration
as root and not as regular user.

We recommend you upgrade your kdebase package immediately.

dpkg -i file.deb
        will install the referenced file.

Debian GNU/Linux 1.3.1 alias bo
-------------------------------

  There are no KDE packages for the current stable release of Debian
  GNU/Linux.

  However there are backward compiled packages located in bo-unstable.
  This package contain vulnerable klock and kvt binary.

  Source archives:
    ftp://ftp.debian.org/debian/bo-updates/source/kdebase_Beta2-2.3.diff.gz
      MD5 checksum: 3b116c8fa7c18bf68454e0a1cfe08325
    ftp://ftp.debian.org/debian/bo-updates/source/kdebase_Beta2-2.3.dsc
      MD5 checksum: 7ac8e17b3e060228c7e319321610aa15
    ftp://ftp.debian.org/debian/bo-updates/source/kdebase_Beta2.orig.tar.gz
      MD5 checksum: e1136cdfb7e8196f44edbea44ce72539

 Intel architecture:
    ftp://ftp.debian.org/debian/bo-updates/binary-i386/kdebase_Beta2-2.3_i386.deb
      MD5 checksum: 78f1f2b6229f2cbb04f6cfe35f6d248f

  These files from the incoming directory will be moved into
  ftp://ftp.debian.org/debian/bo-updates/binary-i386/ and
  ftp://ftp.debian.org/debian/bo/binary-i386/ later.


Debian GNU/Linux pre2.0 alias hamm
----------------------------------

  Source archives:
    ftp://ftp.debian.org/debian/hamm/contrib/source/x11/kdebase_980312-8.diff.gz
      MD5 checksum: 822329f0180a35b9d1ecec08cb83095a
    ftp://ftp.debian.org/debian/hamm/contrib/source/x11/kdebase_980312-8.dsc
      MD5 checksum: 8dbc9b74cddf974d85be563d63650e73
    ftp://ftp.debian.org/debian/hamm/contrib/source/x11/kdebase_980312.orig.tar.gz
      MD5 checksum: a77b962bfd16de9e57373aae135a3c90

  Intel architecture:
    ftp://ftp.debian.org/debian/hamm/contrib/binary-i386/x11/kdebase_980312-8.deb
      MD5 checksum: 313ab365fd504a78563a8e4489d44a3e

  Motorola 68xxx architecture:
    ftp://ftp.debian.org/debian/hamm/contrib/binary-m68k/x11/kdebase_980312-8.deb
      MD5 checksum: 487e62a71861e4cbcc67ed251a1a9582

--
Debian GNU/Linux    .    Security Managers    .    security@debian.org
              debian-security-announce@lists.debian.org
Christian Hudon <chrish@debian.org> . Martin Schulze <joey@debian.org>

Attachment: pgpcK2Dfe7g4u.pgp
Description: PGP signature


Reply to: