=========================================================== Ubuntu Security Notice USN-115-1 May 03, 2005 kdewebdev vulnerability CAN-2005-0754 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: kommander The problem can be corrected by upgrading the affected package to version 4:3.4.0-0ubuntu2.2. In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Eckhart Wörner discovered that Kommander opens files from remote and possibly untrusted locations without user confirmation. Since Kommander files can contain scripts, this would allow an attacker to execute arbitrary code with the privileges of the user opening the file. The updated Kommander will not automatically open files from remote locations, and files which do not end with ".kmdr" any more. Source archives: http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kdewebdev_3.4.0-0ubuntu2.2.diff.gz Size/MD5: 178816 caef0228cc742bc8ce4f1b9f36f79130 http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kdewebdev_3.4.0-0ubuntu2.2.dsc Size/MD5: 1000 d9b0ddb8278bed92e2dc21b02aecb872 http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kdewebdev_3.4.0.orig.tar.gz Size/MD5: 7496452 4820f77ff59dc9030204b87aa840d065 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/k/kdewebdev/kdewebdev-doc-html_3.4.0-0ubuntu2.2_all.deb Size/MD5: 134006 100e2fd20ba38c9d36e0f99eeff01b91 http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kdewebdev_3.4.0-0ubuntu2.2_all.deb Size/MD5: 8654 ed38515d0ce6a68d2206f7fc2926d04d http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/quanta-data_3.4.0-0ubuntu2.2_all.deb Size/MD5: 945488 3478cb60faa98a2982964615b7c19288 amd64 architecture (Athlon64, Opteron, EM64T Xeon) http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kfilereplace_3.4.0-0ubuntu2.2_amd64.deb Size/MD5: 630252 6b7a50e32f6fb999702c8b9826fb5894 http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kimagemapeditor_3.4.0-0ubuntu2.2_amd64.deb Size/MD5: 321990 9504f89bd51d05ee52144a4c9c576ed2 http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/klinkstatus_3.4.0-0ubuntu2.2_amd64.deb Size/MD5: 257710 9f7b62f0bf9b5f0ee953d5f5a2cc603f http://security.ubuntu.com/ubuntu/pool/universe/k/kdewebdev/kommander-dev_3.4.0-0ubuntu2.2_amd64.deb Size/MD5: 17264 e3b592579a57f3a9b38755f5ccbf73dc http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kommander_3.4.0-0ubuntu2.2_amd64.deb Size/MD5: 1273682 d74bf73034c8466fa2e6e5349fd1883f http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kxsldbg_3.4.0-0ubuntu2.2_amd64.deb Size/MD5: 612816 49cf9a1a50feb57d41ee8fad177783de http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/quanta_3.4.0-0ubuntu2.2_amd64.deb Size/MD5: 2303362 06d52ac9c6950e823f024462c672d9f8 i386 architecture (x86 compatible Intel/AMD) http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kfilereplace_3.4.0-0ubuntu2.2_i386.deb Size/MD5: 621532 7a39076580bd640fd3eb03272a45e86d http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kimagemapeditor_3.4.0-0ubuntu2.2_i386.deb Size/MD5: 303930 0bfb95c32d38b92d40970e4777870a38 http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/klinkstatus_3.4.0-0ubuntu2.2_i386.deb Size/MD5: 244456 66bd475678215a77ddf4bc8836d43386 http://security.ubuntu.com/ubuntu/pool/universe/k/kdewebdev/kommander-dev_3.4.0-0ubuntu2.2_i386.deb Size/MD5: 17278 11edfa83396992ef6f40b2599217d649 http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kommander_3.4.0-0ubuntu2.2_i386.deb Size/MD5: 1186942 0851867caf4b8ef2484bd1e52d0b4602 http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kxsldbg_3.4.0-0ubuntu2.2_i386.deb Size/MD5: 585286 bf3a98696e5e23b7fb0cb3c3feb0ee94 http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/quanta_3.4.0-0ubuntu2.2_i386.deb Size/MD5: 2245404 cbca7afe4b85ef7954dfd03400c48a48 powerpc architecture (Apple Macintosh G3/G4/G5) http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kfilereplace_3.4.0-0ubuntu2.2_powerpc.deb Size/MD5: 621254 5877b724876958b7f09751363a333692 http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kimagemapeditor_3.4.0-0ubuntu2.2_powerpc.deb Size/MD5: 295570 ff0c924ae08e790cbd549cf7cc39a5c4 http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/klinkstatus_3.4.0-0ubuntu2.2_powerpc.deb Size/MD5: 245248 3a5540697b21cdff954e2a4480fdb37b http://security.ubuntu.com/ubuntu/pool/universe/k/kdewebdev/kommander-dev_3.4.0-0ubuntu2.2_powerpc.deb Size/MD5: 17270 2a07e2649555b97ede553fbc87f9ed39 http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kommander_3.4.0-0ubuntu2.2_powerpc.deb Size/MD5: 1191350 fdf63a65144291d03f25ed4db54e292f http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kxsldbg_3.4.0-0ubuntu2.2_powerpc.deb Size/MD5: 583446 87189bdf29e9d71e8cb8efdd660482b9 http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/quanta_3.4.0-0ubuntu2.2_powerpc.deb Size/MD5: 2174200 143110597047409de76a0b6266ee2e23
Attachment:
signature.asc
Description: Digital signature