102151 2005-08-11 12:22 0000 kde-base/kdeedu temp file vulnerability in langen2kvtml 2005-08-18 09:40:44 0000 1 Unclassified Gentoo Security Vulnerabilities unspecified All Linux RESOLVED DUPLICATE http://www.kde.org/info/security/advisory-20050815-1.txt B3? [stable] jaervosz P2 normal --- 1 jaervosz@gentoo.org security@gentoo.org caleb@gentoo.org carlo@gentoo.org jaervosz@gentoo.org 2005-08-11 12:22:04 0000 KDE Security Advisory: langen2kvtml tempfile vulnerability Original Release Date: 2008-08-15 URL: http://www.kde.org/info/security/advisory-20050815-1.txt 0. References 1. Systems affected: All KDE releases starting from KDE 3.0 up to including KDE 3.4.2. 2. Overview: Ben Burton notified the KDE security team about several tempfile handling related vulnerabilities in langen2kvtml, a conversion script for kvoctrain. The script must be manually invoked. The script uses known filenames in /tmp which allow an local attacker to overwrite files writeable by the user invoking the conversion script. 3. Impact: A local file can overwrite files and possibly elevate privileges. 4. Solution: Source code patches have been made available which fix these vulnerabilities. Contact your OS vendor / binary package provider for information about how to obtain updated binary packages. 5. Patch: Patch for KDE 3.4.2 is available from ftp://ftp.kde.org/pub/kde/security_patches : XXX Patch for KDE 3.3.1 is available from ftp://ftp.kde.org/pub/kde/security_patches : 651fba579516ea947fbefee373f40a6c post-3.3.1-kdegraphics.diff jaervosz@gentoo.org 2005-08-11 12:23:28 0000 Created an attachment (id=65692) post-3.4.2-kdeedu.diff Proposed upstream patch. jaervosz@gentoo.org 2005-08-11 12:35:08 0000 RH seems to have accidentially put out updated kdeedu packages (though I haven't actually found it yet). If correct this is SEMIPUBLIC instead of CONFIDENTIAL. jaervosz@gentoo.org 2005-08-11 13:12:52 0000 Fedora updates here: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/i386/kdeedu-3.4.2-0.fc4.2.i386.rpm carlo@gentoo.org 2005-08-14 16:37:19 0000 <<< kdeedu-3.3.2-r2.ebuild <<< kdeedu-3.4.1-r1.ebuild <<< kvoctrain-3.4.1-r1.ebuild are marked x86, the other archs are asked to follow. dercorny@gentoo.org 2005-08-14 17:07:24 0000 Well, i don't have a good feeling that these patches are in portage but since it's semi-public, i just hope that it's ok. Would be too late now, anyways. Arches, please test and mark kdeedu-3.3.2-r2 stable. if kde-3.4.1 was stable on your arch, please do the same with kdeedu-3.4.1-r1 and kvoctrain-3.4.1-r1. Thanks a lot. jaervosz@gentoo.org 2005-08-14 21:52:18 0000 Removing arches and adding arch security liaisons instead. Please test and mark stable. jaervosz@gentoo.org 2005-08-14 22:27:20 0000 This is now handled on the public bug #102577 corsair@gentoo.org 2005-08-15 05:58:41 0000 removing as it is stable on ppc64 hansmi@gentoo.org 2005-08-15 06:10:31 0000 Stable on ppc. tester@gentoo.org 2005-08-15 06:43:50 0000 x86 already there koon@gentoo.org 2005-08-18 09:40:44 0000 Closing, as we are done here. *** This bug has been marked as a duplicate of 102577 *** 65692 2005-08-11 12:23 0000 post-3.4.2-kdeedu.diff post-3.4.2-kdeedu.diff text/plain SW5kZXg6IGt2b2N0cmFpbi9rdm9jdHJhaW4vbGFuZ2VuMmt2dG1sCj09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIGt2 b2N0cmFpbi9rdm9jdHJhaW4vbGFuZ2VuMmt2dG1sCShyZXZpc2lvbiA0NDM5NzUpCisrKyBrdm9j dHJhaW4va3ZvY3RyYWluL2xhbmdlbjJrdnRtbAkod29ya2luZyBjb3B5KQpAQCAtODksNiArODks OSBAQAogCiByZXF1aXJlICJmbHVzaC5wbCI7CiB1c2UgR2V0b3B0OjpMb25nOwordXNlIEZpbGU6 OlRlbXAgcXcodGVtcGRpcik7CitteSAkdG1wZGlyID0gdGVtcGRpcihURU1QRElSID0+IDEsIENM RUFOVVAgPT4gMSApOworCiAkLz0iXHJcbiI7CSMgd2Ugd29yayB3aXRoIGRvcyBmaWxlcwogCiAj CkBAIC0xNjUsMTAgKzE2OCw2IEBACiAgICAgJGNvdW50cnk9IkdCIjsKIH0KIAotIyBBbGwgbG9n Z2luZyBpbmZvcm1hdGlvbiBnb2VzIGludG8gdGhpcyBmaWxlCi0kbG9nZmlsZSA9ICIvdG1wL2xh bmdlbjJrdnRtbC5sb2ciOwotb3BlbihMT0csICI+JGxvZ2ZpbGUiKSB8fCBkaWUgIkNhbm5vdCBj cmVhdGUgJGxvZ2ZpbGU6ICQhIjsKLQogJnByaW50Zmx1c2goU1RET1VULCJXYWl0aW5nIGZvciBn ZW5lcmF0aW5nIGZpbGVzIC4uLlxuIik7CiAkdG1wMT0kI0FSR1YrMTsKICZwcmludGZsdXNoKFNU RE9VVCwiLi4uICR0bXAxIGZpbGVzIGdpdmVuIHZpYSBjb21tYW5kIGxpbmUgLi4uXG4iKTsKQEAg LTE3OCwxMyArMTc3LDExIEBACiAgICAgaWYgKCRwcm94eSkgewogICAgICAgICAmcHJpbnRmbHVz aChTVERPVVQsIi4uLiB1c2luZyBwcm94eSBzZXJ2aWNlICRwcm94eSAuLi5cbiIpOwogICAgIH0K LSAgICBgbHdwLXJlcXVlc3QgJHByb3h5IGh0dHA6Ly93d3cudm9rYWJlbG4uZGUvZmlsZXMvVm9j LSRjb3VudHJ5LnppcCA+L3RtcC9Wb2MtJGNvdW50cnkuemlwYDsKLSAgICAjIHVuemlwIC11IHVw ZGF0ZSBvbmx5IQotICAgICMgdW56aXAgLW8gb3ZlcndyaXRlIQotICAgIGB1bnppcCAtdSAvdG1w L1ZvYy0kY291bnRyeS56aXAgPi90bXAvdW56aXAubG9nYDsKKyAgICBgbHdwLXJlcXVlc3QgJHBy b3h5IGh0dHA6Ly93d3cudm9rYWJlbG4uZGUvZmlsZXMvVm9jLSRjb3VudHJ5LnppcCA+JHRtcGRp ci9Wb2MtJGNvdW50cnkuemlwYDsKICAgICAmcHJpbnRmbHVzaChTVERPVVQsIi4uLiB1cGRhdGlu ZyBWb2MtJGNvdW50cnkuemlwIC4uLlxuIik7CiAgICAgJC89IlxuIjsJIyB3ZSB3b3JrIHdpdGgg YSB1bml4IGZpbGUKLSAgICBvcGVuKFpJUCwiPC90bXAvdW56aXAubG9nIik7CisgICAgIyB1bnpp cCAtdSB1cGRhdGUgb25seSEKKyAgICBvcGVuKFpJUCwidW56aXAgLXUgJHRtcGRpci9Wb2MtJGNv dW50cnkuemlwIHwiKTsKICAgICB3aGlsZSg8WklQPikgewogCWNob21wOwogCWlmKCAvdm9jLyAp IHsKQEAgLTE5NCwyMCArMTkxLDE2IEBACiAJfQogICAgIH0KICAgICBjbG9zZShaSVApOwotICAg IHVubGluaygiL3RtcC91bnppcC5sb2ciKTsKICAgICAkLz0iXHJcbiI7CSMgd2Ugd29yayB3aXRo IGEgZG9zIGZpbGUKIH0KIAogZm9yIG15ICRmaWxlIChAcmVzLCBAQVJHVikgewogICAgICR2b2Nm aWxlID0gJGZpbGU7Ci0gICAgJnByaW50Zmx1c2goTE9HLCIuLi4gZ2VuZXJhdGluZyBcIiRrdnRm aWxlXCIuLi5cbiIpOwogICAgICRsYW5nCQk9ICIiOwkJIyBpbml0aWFsbHkgdW5zZXQKICAgICAk ZmlsZXN0YWdlCT0gMDsJCSMgZmlsZSBzdGFnZQogICAgICZwcm9jZXNzX3ZvY2ZpbGUoJHZvY2Zp bGUpOwogfQogcHJpbnQgU1RERVJSICIuLi5cdEFsbCBDb21wbGV0ZS5cbiI7Ci0mcHJpbnRmbHVz aChMT0csIlxuQWxsIENvbXBsZXRlLlxuIik7Ci1jbG9zZShMT0cpOwogCiBleGl0OwogCg==