We have received a report that the one can use a simple buffer overflow exploit to gain access to the group shadow on systems running klock. There was also a problem in kvt which saved its configuration as root and not as regular user. We recommend you upgrade your kdebase package immediately. dpkg -i file.deb will install the referenced file. Debian GNU/Linux 1.3.1 alias bo ------------------------------- There are no KDE packages for the current stable release of Debian GNU/Linux. However there are backward compiled packages located in bo-unstable. This package contain vulnerable klock and kvt binary. Source archives: ftp://ftp.debian.org/debian/bo-updates/source/kdebase_Beta2-2.3.diff.gz MD5 checksum: 3b116c8fa7c18bf68454e0a1cfe08325 ftp://ftp.debian.org/debian/bo-updates/source/kdebase_Beta2-2.3.dsc MD5 checksum: 7ac8e17b3e060228c7e319321610aa15 ftp://ftp.debian.org/debian/bo-updates/source/kdebase_Beta2.orig.tar.gz MD5 checksum: e1136cdfb7e8196f44edbea44ce72539 Intel architecture: ftp://ftp.debian.org/debian/bo-updates/binary-i386/kdebase_Beta2-2.3_i386.deb MD5 checksum: 78f1f2b6229f2cbb04f6cfe35f6d248f These files from the incoming directory will be moved into ftp://ftp.debian.org/debian/bo-updates/binary-i386/ and ftp://ftp.debian.org/debian/bo/binary-i386/ later. Debian GNU/Linux pre2.0 alias hamm ---------------------------------- Source archives: ftp://ftp.debian.org/debian/hamm/contrib/source/x11/kdebase_980312-8.diff.gz MD5 checksum: 822329f0180a35b9d1ecec08cb83095a ftp://ftp.debian.org/debian/hamm/contrib/source/x11/kdebase_980312-8.dsc MD5 checksum: 8dbc9b74cddf974d85be563d63650e73 ftp://ftp.debian.org/debian/hamm/contrib/source/x11/kdebase_980312.orig.tar.gz MD5 checksum: a77b962bfd16de9e57373aae135a3c90 Intel architecture: ftp://ftp.debian.org/debian/hamm/contrib/binary-i386/x11/kdebase_980312-8.deb MD5 checksum: 313ab365fd504a78563a8e4489d44a3e Motorola 68xxx architecture: ftp://ftp.debian.org/debian/hamm/contrib/binary-m68k/x11/kdebase_980312-8.deb MD5 checksum: 487e62a71861e4cbcc67ed251a1a9582 -- Debian GNU/Linux . Security Managers . security@debian.org debian-security-announce@lists.debian.org Christian Hudon <chrish@debian.org> . Martin Schulze <joey@debian.org>
Attachment:
pgpQRFFXdRnne.pgp
Description: PGP signature