Regarding : > - -------------------------------------------------------------------------- > Debian Security Advisory DSA 1156-1 [EMAIL PROTECTED] > http://www.debian.org/security/ Moritz Muehlenhoff > August 27th, 2006 http://www.debian.org/security/faq > - -------------------------------------------------------------------------- > > Package : kdebase > Vulnerability : programming error > Problem-Type : local > Debian-specific: no > CVE ID : CVE-2006-2449 > Debian Bug : 374002 > > Ludwig Nussel discovered that kdm, the X display manager for KDE, handles > access to the session type configuration file insecurely, which may lead > to the disclosure of arbitrary files through a symlink attack.
For interest, can anyone explain why a problem with kdm leads to the need to reissue so many KDE packages ? Neither http://bugs.debian.org/374002, nor http://www.kde.org/info/security/advisory-20060614-1.txt shed any light e.g. > Intel IA-32 architecture: > > > http://security.debian.org/pool/updates/main/k/kdebase/kappfinder_3.3.2-1sarge3_i386.deb > Size/MD5 checksum: 238552 3315f3726ec7bcc2b2336264ee1d6113 > > http://security.debian.org/pool/updates/main/k/kdebase/kate_3.3.2-1sarge3_i386.deb > Size/MD5 checksum: 582412 58f81b8e2a85b4ac2590d04c339d57b5 > > http://security.debian.org/pool/updates/main/k/kdebase/kcontrol_3.3.2-1sarge3_i386.deb > Size/MD5 checksum: 7662460 90981f72d4368fc940a4fa1a7e4f64f9 > > http://security.debian.org/pool/updates/main/k/kdebase/kdebase-bin_3.3.2-1sarge3_i386.deb > Size/MD5 checksum: 954376 0d21ac76ee892b4801720136a0b33900 > > http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dev_3.3.2-1sarge3_i386.deb > Size/MD5 checksum: 57230 ec1cb3381a3f4afe7b382c5f8ff55199 > > http://security.debian.org/pool/updates/main/k/kdebase/kdebase-kio-plugins_3.3.2-1sarge3_i386.deb > Size/MD5 checksum: 697440 5efafc13c4ce1614666158bd570ec74d > > http://security.debian.org/pool/updates/main/k/kdebase/kdepasswd_3.3.2-1sarge3_i386.deb > Size/MD5 checksum: 223118 3bebac40feaeb0e466af26f7067b1fab > > http://security.debian.org/pool/updates/main/k/kdebase/kdeprint_3.3.2-1sarge3_i386.deb > Size/MD5 checksum: 1063596 c73e53fe6e2374184af490c79a07eb99 > > http://security.debian.org/pool/updates/main/k/kdebase/kdesktop_3.3.2-1sarge3_i386.deb > Size/MD5 checksum: 680672 a7ac569bad33ed7bc8419c33aaef8996 > > http://security.debian.org/pool/updates/main/k/kdebase/kdm_3.3.2-1sarge3_i386.deb > Size/MD5 checksum: 417326 1c502f75f0661242ddbeac4791f1b7f8 > > http://security.debian.org/pool/updates/main/k/kdebase/kfind_3.3.2-1sarge3_i386.deb > Size/MD5 checksum: 178908 65dddbcbccd904145e4020e64d942ff3 > > http://security.debian.org/pool/updates/main/k/kdebase/khelpcenter_3.3.2-1sarge3_i386.deb > Size/MD5 checksum: 711378 e9ea7945ee02963a7c916a3e545e62b0 > > http://security.debian.org/pool/updates/main/k/kdebase/kicker_3.3.2-1sarge3_i386.deb > Size/MD5 checksum: 2175624 4008eb9c4bbd5360a4eeb8e46b4e50c2 > > http://security.debian.org/pool/updates/main/k/kdebase/klipper_3.3.2-1sarge3_i386.deb > Size/MD5 checksum: 205020 165b654e57f1d35a31fa152a24afa0cb > > http://security.debian.org/pool/updates/main/k/kdebase/kmenuedit_3.3.2-1sarge3_i386.deb > Size/MD5 checksum: 200970 abc1503a3850d65f6ff91f880acf348d > > http://security.debian.org/pool/updates/main/k/kdebase/konqueror_3.3.2-1sarge3_i386.deb > Size/MD5 checksum: 2239890 91e2886a7e2e420a0d8f3eb95fb27f6d > > http://security.debian.org/pool/updates/main/k/kdebase/konqueror-nsplugins_3.3.2-1sarge3_i386.deb > Size/MD5 checksum: 123316 079c71fbc6ccd53960d019e41fbf6ad2 > > http://security.debian.org/pool/updates/main/k/kdebase/konsole_3.3.2-1sarge3_i386.deb > Size/MD5 checksum: 568180 ef6532f854c54bfcc50acd3f0569e0b8 > > http://security.debian.org/pool/updates/main/k/kdebase/kpager_3.3.2-1sarge3_i386.deb > Size/MD5 checksum: 94712 8f71942e5f28d466b1e1bec4844619f0 > > http://security.debian.org/pool/updates/main/k/kdebase/kpersonalizer_3.3.2-1sarge3_i386.deb > Size/MD5 checksum: 468770 289a16d56ac2df3bc0f5a6b5d30db912 > > http://security.debian.org/pool/updates/main/k/kdebase/ksmserver_3.3.2-1sarge3_i386.deb > Size/MD5 checksum: 121494 e368bade4131851262de00f57453645c > > http://security.debian.org/pool/updates/main/k/kdebase/ksplash_3.3.2-1sarge3_i386.deb > Size/MD5 checksum: 802022 64e6b973ac208ec943d2e2cc45a16ce9 > > http://security.debian.org/pool/updates/main/k/kdebase/ksysguard_3.3.2-1sarge3_i386.deb > Size/MD5 checksum: 479926 6dd986c5507b79bbe6c0cdb560752a70 > > http://security.debian.org/pool/updates/main/k/kdebase/ksysguardd_3.3.2-1sarge3_i386.deb > Size/MD5 checksum: 49048 4a89bfd14874d413415fd5b6f8356599 > > http://security.debian.org/pool/updates/main/k/kdebase/ktip_3.3.2-1sarge3_i386.deb > Size/MD5 checksum: 79680 966842fe7926161702a92f1907ec309c > > http://security.debian.org/pool/updates/main/k/kdebase/kwin_3.3.2-1sarge3_i386.deb > Size/MD5 checksum: 854870 5cf7be0a787c73b26fc3c7161a1de866 > > http://security.debian.org/pool/updates/main/k/kdebase/libkonq4_3.3.2-1sarge3_i386.deb > Size/MD5 checksum: 249494 2b43b65830f35ea3619ff8596340031d > > http://security.debian.org/pool/updates/main/k/kdebase/libkonq4-dev_3.3.2-1sarge3_i386.deb > Size/MD5 checksum: 44922 d07fda73f6365a4470db2ac21030c906 Cheers, Nick Boyce Bristol, UK -- 'If you don't pray in my school, I won't think in your church' -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
