[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 1376-1] New kdebase packages fix authentication bypass

Steve Kemp wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1376                    security@debian.org
http://www.debian.org/security/                               Steve Kemp
September 21, 2007                    http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : kdebase
Vulnerability  : programming error
Problem type   : local
Debian-specific: no
CVE Id(s)      : CVE-2007-4569


iKees Huijgen discovered that under certain circumstances KDM, an X
session manage for KDE, it is possible for KDM to be tricked into
allowing user logins without a password.

For the stable distribution (etch), this problem has been fixed in version
4:3.5.5a.dfsg.1-6etch1.



It seems at kdebase and fetchmailconf depencies are broken.


The following packages are BROKEN:
 fetchmailconf kdebase
The following packages are unused and will be REMOVED:
 kdepasswd kdeprint khelpcenter klipper kmenuedit konqueror-nsplugins
 kpager kpersonalizer ksmserver ksplash ksysguard ktip
2 packages upgraded, 0 newly installed, 12 to remove and 0 not upgraded.
Need to get 103kB of archives. After unpacking 14.2MB will be freed.
The following packages have unmet dependencies:
kdebase: Depends: kappfinder (>= 4:3.5.5a.dfsg.1-6etch1) but 4:3.5.5a.dfsg.1-6 is installed. Depends: kate (>= 4:3.5.5a.dfsg.1-6etch1) but 4:3.5.5a.dfsg.1-6 is in stalled. Depends: kcontrol (>= 4:3.5.5a.dfsg.1-6etch1) but 4:3.5.5a.dfsg.1-6 i s installed. Depends: kdebase-bin (>= 4:3.5.5a.dfsg.1-6etch1) but 4:3.5.5a.dfsg.1- 6 is installed. Depends: kdebase-kio-plugins (>= 4:3.5.5a.dfsg.1-6etch1) but 4:3.5.5a .dfsg.1-6 is installed. Depends: kdepasswd (>= 4:3.5.5a.dfsg.1-6etch1) but it is not installa ble Depends: kdeprint (>= 4:3.5.5a.dfsg.1-6etch1) but it is not installab le Depends: kdesktop (>= 4:3.5.5a.dfsg.1-6etch1) but 4:3.5.5a.dfsg.1-6 i s installed. Depends: kfind (>= 4:3.5.5a.dfsg.1-6etch1) but 4:3.5.5a.dfsg.1-6 is i nstalled. Depends: khelpcenter (>= 4:3.5.5a.dfsg.1-6etch1) but it is not instal lable Depends: kicker (>= 4:3.5.5a.dfsg.1-6etch1) but 4:3.5.5a.dfsg.1-6 is installed. Depends: klipper (>= 4:3.5.5a.dfsg.1-6etch1) but it is not installabl e Depends: kmenuedit (>= 4:3.5.5a.dfsg.1-6etch1) but it is not installa ble Depends: konqueror-nsplugins (>= 4:3.5.5a.dfsg.1-6etch1) but it is no t installable Depends: konqueror (>= 4:3.5.5a.dfsg.1-6etch1) but 4:3.5.5a.dfsg.1-6 is installed. Depends: konsole (>= 4:3.5.5a.dfsg.1-6etch1) but 4:3.5.5a.dfsg.1-6 is installed. Depends: kpager (>= 4:3.5.5a.dfsg.1-6etch1) but it is not installable Depends: kpersonalizer (>= 4:3.5.5a.dfsg.1-6etch1) but it is not inst allable Depends: ksmserver (>= 4:3.5.5a.dfsg.1-6etch1) but it is not installa ble Depends: ksplash (>= 4:3.5.5a.dfsg.1-6etch1) but it is not installabl e Depends: ksysguard (>= 4:3.5.5a.dfsg.1-6etch1) but it is not installa ble Depends: ktip (>= 4:3.5.5a.dfsg.1-6etch1) but it is not installable Depends: kwin (>= 4:3.5.5a.dfsg.1-6etch1) but 4:3.5.5a.dfsg.1-6 is in stalled. Depends: libkonq4 (>= 4:3.5.5a.dfsg.1-6etch1) but 4:3.5.5a.dfsg.1-6 i s installed. fetchmailconf: Depends: fetchmail (>= 6.3.6-1etch1) but 6.3.6-1 is installed. 
Resolving dependencies...
The following actions will resolve these dependencies:

Remove the following packages:
kde
kde-amusements
kde-core
kdebase

Keep the following packages at their current version:
fetchmailconf [6.3.6-1 (stable, now)]

Score is -324

Could you update depencies, please.

Regards, Riku
Reply to: