USN-176-1: kcheckpass vulnerability
Posted on: 09/07/2005 04:06 AM

A new kcheckpass vulnerability update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-176-1 September 07, 2005
kdebase vulnerability
CAN-2005-2494
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

kdebase-bin

The problem can be corrected by upgrading the affected package to
version 4:3.4.0-0ubuntu18.1. In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Ilja van Sprundel discovered a flaw in the lock file handling of
kcheckpass. A local attacker could exploit this to execute arbitrary
code with root privileges.


Source archives:

http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase_3.4.0-0ubuntu18.1.diff.gz
Size/MD5: 189597 ef9b4ad4f1e4340a2ecdaad471670b63
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase_3.4.0-0ubuntu18.1.dsc
Size/MD5: 1622 2a0d3a6c1e146f5b54b5e7a20bf58cea
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase_3.4.0.orig.tar.gz
Size/MD5: 26947670 31334d21606078a1f1eab1c3a25317e9

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase-data_3.4.0-0ubuntu18.1_all.deb
Size/MD5: 4608912 0113ee173e4da0e4d3c233c4288ec667
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase-doc_3.4.0-0ubuntu18.1_all.deb
Size/MD5: 1084404 5715fca77f5f4224c63f78cb1e1b418d
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase_3.4.0-0ubuntu18.1_all.deb
Size/MD5: 22020 a5cbdaa9f938a786b3cd74a6396d5e20
http://security.ubuntu.com/ubuntu/pool/universe/k/kdebase/xfonts-konsole_3.4.0-0ubuntu18.1_all.deb
Size/MD5: 37918 0440a29214683017d1548827d23216ef

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kappfinder_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 245308 3ada910e36591419d1f0ba38a232817f
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kate_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 654580 3cecf0faa5052101ae9b78cdd419c506
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kcontrol_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 7957406 298659794585e115ea77e95145b93d13
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase-bin_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 1152760 04be6e4170365ee880e3c4e8ec72de78
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase-dev_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 60926 4e17272ffd172817699f091f1ba0ef1f
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase-kio-plugins_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 807684 973dfa2562de81a394d58b5c500998ab
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdepasswd_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 227036 e8df4158d5c12c4f6002a8025244fc62
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdeprint_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 1100276 bb6d55387499b8a346a851670dfd93c4
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdesktop_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 739976 312fb8213a0d25275fdac66bd048b2e1
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdm_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 670860 ac2219d79ad555f1099657708f2eb1c4
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kfind_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 185742 b072ff11f1270bcac9d9f207ae4c5cf5
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/khelpcenter_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 1784494 ddc8fafc29b6b807eebdd382b5160318
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kicker_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 1805694 10da13879440693317057681f8bb684e
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/klipper_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 245018 eadf78db296c0129e13fadec01881a0b
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kmenuedit_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 206766 f7bf70a03730ddebc1563ba840b5fe3b
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/konqueror-nsplugins_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 135228 1660abe0a875b18ec26adcb3caec13c1
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/konqueror_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 2081982 911b6550bef1e7bc5bff918061d3a9c2
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/konsole_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 596520 8b2805d0f76e45f08103f43674ed1f55
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kpager_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 100464 008c6c9414412a5641a2bae5a64c2890
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kpersonalizer_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 473208 148899c8aef9076a3287675d93dadb61
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/ksmserver_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 141976 eaa0af4be4cb4727ed5854df7232db57
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/ksplash_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 810978 117ba62ec5d6d5c3cdd6323ef1e7fea8
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/ksysguard_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 490268 e818c40bca8b27f7a3224ba3b7eaedd5
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/ksysguardd_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 56574 cb547d5e454dce4a4ca331d46767113e
http://security.ubuntu.com/ubuntu/pool/universe/k/kdebase/ktip_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 80366 7dd62d3608942e013539a232f791fa4e
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kwin_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 1013698 b164b1536692f0da325cd5f8e1f465b5
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/libkonq4-dev_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 48506 27836a23f9ace627a9fa8b15b4b2222a
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/libkonq4_3.4.0-0ubuntu18.1_amd64.deb
Size/MD5: 261854 3fca1d953eafbbbf6b34d8640182c78f

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kappfinder_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 243636 918ec94ab285f5d657984473124a62d4
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kate_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 630558 95cadd77d3c3205f365a7e94a22aaa39
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kcontrol_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 7786958 40bad975b2e41a97e1acbf69aa730fb5
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase-bin_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 1071180 6378932ae74ee615b79c031e8f304cc1
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase-dev_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 60946 575260572e38319d0834d927a23e6b45
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase-kio-plugins_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 738706 3fb9a5273ae5c9eecf604a57e7339413
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdepasswd_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 222460 4a3d47678b68de18ea89364f4ca92af5
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdeprint_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 1085444 0a1e0f0c45634f96bbc715a0edc229ff
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdesktop_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 717412 b02564f2d21bc57cd717b7d283802c7d
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdm_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 634514 eab29e7535d683ee2b220e1311cf124f
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kfind_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 175986 1fa716a00f654cc00647b03cb1ce3ffd
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/khelpcenter_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 1769482 a8aaaed37eb92c8dd02e6481bb69a65b
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kicker_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 1692040 71055e6b7d3a5076bbcf6331bd3db5c0
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/klipper_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 230744 8b20452027172dffc46db7a1806e1e46
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kmenuedit_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 198292 a5d990fe9d103db4b57f9a037542e243
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/konqueror-nsplugins_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 123954 7f107b6af937beba00545d430c985da0
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/konqueror_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 2008614 66e6f0df925157f643f8dd1eddec39cc
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/konsole_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 570722 0ffb5270fb29e8f988710b5a8f98a19e
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kpager_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 95632 06b90b69388a175e3171ef209bfd527c
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kpersonalizer_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 465656 b8f70ffc77bcab68810eab048f868b41
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/ksmserver_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 137194 056c28e0e755df262f2ce8ffcf0c1087
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/ksplash_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 799634 442a641c3300bab664ed57f1d2bc236f
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/ksysguard_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 464888 499d51f7f6d354f2e0f48f0e39456ce9
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/ksysguardd_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 49706 d20e7d609588e5eeed182199ecfa7be8
http://security.ubuntu.com/ubuntu/pool/universe/k/kdebase/ktip_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 79964 e6ac80c11b310b2c5a2e6669246b87c5
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kwin_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 959566 eef18f77ec369d6e485c6bfb78b14743
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/libkonq4-dev_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 48512 db47172170a5c677303871d536b383ce
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/libkonq4_3.4.0-0ubuntu18.1_i386.deb
Size/MD5: 248620 98417644f71673543c811d88ad0788a1

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kappfinder_3.4.0-0ubuntu18.1_powerpc.deb
Size/MD5: 244436 af64c35adf77542c865dd6abf31fb90f
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kate_3.4.0-0ubuntu18.1_powerpc.deb
Size/MD5: 631810 b0301b8f7e21534c137bba669cd9a7f2
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kcontrol_3.4.0-0ubuntu18.1_powerpc.deb
Size/MD5: 7804952 06f0fb4e4808c64983d642c046fa4061
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase-bin_3.4.0-0ubuntu18.1_powerpc.deb
Size/MD5: 1079800 3e543998c714a4d051de93f9faf4eb36
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase-dev_3.4.0-0ubuntu18.1_powerpc.deb
Size/MD5: 60946 696585e41ac93cf47764f3b238c61f42
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase-kio-plugins_3.4.0-0ubuntu18.1_powerpc.deb
Size/MD5: 799872 f22ae65da25b42068c83e14e85060491
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdepasswd_3.4.0-0ubuntu18.1_powerpc.deb
Size/MD5: 223102 c18044dc5efb93b4c3373f3eea2b60d4
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdeprint_3.4.0-0ubuntu18.1_powerpc.deb
Size/MD5: 1098416 01e580d3040f9b8ec7b62ab680d351a2
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdesktop_3.4.0-0ubuntu18.1_powerpc.deb
Size/MD5: 718630 5c555007dc2f98ee828b59cef2b60577
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdm_3.4.0-0ubuntu18.1_powerpc.deb
Size/MD5: 653004 96b6f37ea5a827658eeb951621f1f579
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kfind_3.4.0-0ubuntu18.1_powerpc.deb
Size/MD5: 170902 a6ed6227ccc3cf259658b5da266744eb
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/khelpcenter_3.4.0-0ubuntu18.1_powerpc.deb
Size/MD5: 1771324 1c53b10d7006d24951a80453fb94f293
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kicker_3.4.0-0ubuntu18.1_powerpc.deb
Size/MD5: 1717592 2f35ec7c11c15081c1fc9ce1762da732
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/klipper_3.4.0-0ubuntu18.1_powerpc.deb
Size/MD5: 231854 7e638541d6544f57f923f6ccc0f80897
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kmenuedit_3.4.0-0ubuntu18.1_powerpc.deb
Size/MD5: 200714 9c8dd3fa405e452074bea38f9b31c00a
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/konqueror-nsplugins_3.4.0-0ubuntu18.1_powerpc.deb
Size/MD5: 131298 78fae495e8309207e57f4f46306ecf0a
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/konqueror_3.4.0-0ubuntu18.1_powerpc.deb
Size/MD5: 2012516 fb153ce573d97b857a08dc58fa7e9c59
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/konsole_3.4.0-0ubuntu18.1_powerpc.deb
Size/MD5: 564162 8e5de803fe86874cc33d212baae87179
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kpager_3.4.0-0ubuntu18.1_powerpc.deb
Size/MD5: 96374 aa97874b91518d8d66308a50b3dc201c
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kpersonalizer_3.4.0-0ubuntu18.1_powerpc.deb
Size/MD5: 467124 68c31feb7dd8a26de7bb075b9a0d1b0c
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/ksmserver_3.4.0-0ubuntu18.1_powerpc.deb
Size/MD5: 139774 489baff2db71e52ceb1ed5e827802530
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/ksplash_3.4.0-0ubuntu18.1_powerpc.deb
Size/MD5: 805526 e012ddec4b5f914f58c2f9f031de34e4
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/ksysguard_3.4.0-0ubuntu18.1_powerpc.deb
Size/MD5: 446210 6f04d174490eb50b51d8352467596496
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/ksysguardd_3.4.0-0ubuntu18.1_powerpc.deb
Size/MD5: 56470 cc93080f937f6151a9c801f3a1244446
http://security.ubuntu.com/ubuntu/pool/universe/k/kdebase/ktip_3.4.0-0ubuntu18.1_powerpc.deb
Size/MD5: 81600 d8dd62440835ce0e6e0383d61748e289
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kwin_3.4.0-0ubuntu18.1_powerpc.deb
Size/MD5: 970236 d9dfc1fa308154205287135a05a488e1
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/libkonq4-dev_3.4.0-0ubuntu18.1_powerpc.deb
Size/MD5: 48520 2d30de2144632620bfa64071e33d3632
http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/libkonq4_3.4.0-0ubuntu18.1_powerpc.deb
Size/MD5: 244346 5d20d126639357d0008a9d08165d056b

--J2SCkAp4GZ/dPZZf
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDHotQDecnbV4Fd/IRAn5DAJsHfniwdmCWgPR2nvdnGUuzVOXGlQCg1jL6
eoe1lJS+5MnvlcQSPtc0Fw8=
=U+Ag
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_176_1_kcheckpass_vulnerability.html)