USN-115-1: Kommander vulnerability
Posted on: 05/03/2005 04:43 PM

A ommander update has been released for Ubuntu Linux 5.04

===========================================================
Ubuntu Security Notice USN-115-1 May 03, 2005
kdewebdev vulnerability
CAN-2005-0754
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

kommander

The problem can be corrected by upgrading the affected package to version 4:3.4.0-0ubuntu2.2. In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Eckhart Werner discovered that Kommander opens files from remote and possibly untrusted locations without user confirmation. Since Kommander files can contain scripts, this would allow an attacker to execute arbitrary code with the privileges of the user opening the file.

The updated Kommander will not automatically open files from remote locations, and files which do not end with ".kmdr" any more.

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kdewebdev_3.4.0
-0ubuntu2.2.diff.gz
Size/MD5: 178816 caef0228cc742bc8ce4f1b9f36f79130
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kdewebdev_3.4.0
-0ubuntu2.2.dsc
Size/MD5: 1000 d9b0ddb8278bed92e2dc21b02aecb872
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kdewebdev_3.4.0
.orig.tar.gz
Size/MD5: 7496452 4820f77ff59dc9030204b87aa840d065

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/universe/k/kdewebdev/kdewebdev-d
oc-html_3.4.0-0ubuntu2.2_all.deb
Size/MD5: 134006 100e2fd20ba38c9d36e0f99eeff01b91
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kdewebdev_3.4.0
-0ubuntu2.2_all.deb
Size/MD5: 8654 ed38515d0ce6a68d2206f7fc2926d04d
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/quanta-data_3.4
.0-0ubuntu2.2_all.deb
Size/MD5: 945488 3478cb60faa98a2982964615b7c19288

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kfilereplace_3.
4.0-0ubuntu2.2_amd64.deb
Size/MD5: 630252 6b7a50e32f6fb999702c8b9826fb5894
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kimagemapeditor
_3.4.0-0ubuntu2.2_amd64.deb
Size/MD5: 321990 9504f89bd51d05ee52144a4c9c576ed2
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/klinkstatus_3.4
.0-0ubuntu2.2_amd64.deb
Size/MD5: 257710 9f7b62f0bf9b5f0ee953d5f5a2cc603f
http://security.ubuntu.com/ubuntu/pool/universe/k/kdewebdev/kommander-d
ev_3.4.0-0ubuntu2.2_amd64.deb
Size/MD5: 17264 e3b592579a57f3a9b38755f5ccbf73dc
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kommander_3.4.0
-0ubuntu2.2_amd64.deb
Size/MD5: 1273682 d74bf73034c8466fa2e6e5349fd1883f
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kxsldbg_3.4.0-0
ubuntu2.2_amd64.deb
Size/MD5: 612816 49cf9a1a50feb57d41ee8fad177783de
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/quanta_3.4.0-0u
buntu2.2_amd64.deb
Size/MD5: 2303362 06d52ac9c6950e823f024462c672d9f8

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kfilereplace_3.
4.0-0ubuntu2.2_i386.deb
Size/MD5: 621532 7a39076580bd640fd3eb03272a45e86d
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kimagemapeditor
_3.4.0-0ubuntu2.2_i386.deb
Size/MD5: 303930 0bfb95c32d38b92d40970e4777870a38
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/klinkstatus_3.4
.0-0ubuntu2.2_i386.deb
Size/MD5: 244456 66bd475678215a77ddf4bc8836d43386
http://security.ubuntu.com/ubuntu/pool/universe/k/kdewebdev/kommander-d
ev_3.4.0-0ubuntu2.2_i386.deb
Size/MD5: 17278 11edfa83396992ef6f40b2599217d649
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kommander_3.4.0
-0ubuntu2.2_i386.deb
Size/MD5: 1186942 0851867caf4b8ef2484bd1e52d0b4602
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kxsldbg_3.4.0-0
ubuntu2.2_i386.deb
Size/MD5: 585286 bf3a98696e5e23b7fb0cb3c3feb0ee94
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/quanta_3.4.0-0u
buntu2.2_i386.deb
Size/MD5: 2245404 cbca7afe4b85ef7954dfd03400c48a48

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kfilereplace_3.
4.0-0ubuntu2.2_powerpc.deb
Size/MD5: 621254 5877b724876958b7f09751363a333692
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kimagemapeditor
_3.4.0-0ubuntu2.2_powerpc.deb
Size/MD5: 295570 ff0c924ae08e790cbd549cf7cc39a5c4
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/klinkstatus_3.4
.0-0ubuntu2.2_powerpc.deb
Size/MD5: 245248 3a5540697b21cdff954e2a4480fdb37b
http://security.ubuntu.com/ubuntu/pool/universe/k/kdewebdev/kommander-d
ev_3.4.0-0ubuntu2.2_powerpc.deb
Size/MD5: 17270 2a07e2649555b97ede553fbc87f9ed39
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kommander_3.4.0
-0ubuntu2.2_powerpc.deb
Size/MD5: 1191350 fdf63a65144291d03f25ed4db54e292f
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kxsldbg_3.4.0-0
ubuntu2.2_powerpc.deb
Size/MD5: 583446 87189bdf29e9d71e8cb8efdd660482b9
http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/quanta_3.4.0-0u
buntu2.2_powerpc.deb
Size/MD5: 2174200 143110597047409de76a0b6266ee2e23


Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_115_1_kommander_vulnerability.html)