Bug 102151 - kde-base/kdeedu temp file vulnerability in langen2kvtml
Bug#: 102151 Product:  Gentoo Security Version: unspecified Platform: All
OS/Version: Linux Status: RESOLVED Severity: normal Priority: P2
Resolution: DUPLICATE Assigned To: security@gentoo.org Reported By: jaervosz@gentoo.org
Component: Vulnerabilities
URL:  http://www.kde.org/info/security/advisory-20050815-1.txt
Summary: kde-base/kdeedu temp file vulnerability in langen2kvtml
Keywords:  
Status Whiteboard: B3? [stable] jaervosz
Opened: 2005-08-11 12:22 0000
Description:   Opened: 2005-08-11 12:22 0000 
KDE Security Advisory: langen2kvtml tempfile vulnerability 
Original Release Date: 2008-08-15 
URL: http://www.kde.org/info/security/advisory-20050815-1.txt 
 
0. References 
 
 
 
1. Systems affected: 
 
        All KDE releases starting from KDE 3.0 up to including 
        KDE 3.4.2. 
 
 
2. Overview: 
 
        Ben Burton notified the KDE security team about several 
        tempfile handling related vulnerabilities in langen2kvtml, 
        a conversion script for kvoctrain. The script must 
        be manually invoked.  
 
        The script uses known filenames in /tmp which allow an 
        local attacker to overwrite files writeable by the 
        user invoking the conversion script. 
 
3. Impact: 
 
        A local file can overwrite files and possibly elevate 
        privileges. 
 
 
4. Solution: 
 
        Source code patches have been made available which fix these 
        vulnerabilities. Contact your OS vendor / binary package provider 
        for information about how to obtain updated binary packages. 
 
 
5. Patch: 
 
        Patch for KDE 3.4.2 is available from  
        ftp://ftp.kde.org/pub/kde/security_patches : 
 
        XXX 
 
        Patch for KDE 3.3.1 is available from  
        ftp://ftp.kde.org/pub/kde/security_patches : 
 
        651fba579516ea947fbefee373f40a6c  post-3.3.1-kdegraphics.diff

------- Comment #1 From Sune Kloppenborg Jeppesen 2005-08-11 12:23:28 0000 ------- 
Created an attachment (id=65692) [details]
post-3.4.2-kdeedu.diff

Proposed upstream patch.

------- Comment #2 From Sune Kloppenborg Jeppesen 2005-08-11 12:35:08 0000 ------- 
RH seems to have accidentially put out updated kdeedu packages (though I 
haven't actually found it yet). If correct this is SEMIPUBLIC instead of 
CONFIDENTIAL.

------- Comment #3 From Sune Kloppenborg Jeppesen 2005-08-11 13:12:52 0000 ------- 
Fedora updates here: 
 
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/i386/kdeedu-3.4.2-0.fc4.2.i386.rpm

------- Comment #4 From Carsten Lohrke 2005-08-14 16:37:19 0000 ------- 
<<< kdeedu-3.3.2-r2.ebuild
<<< kdeedu-3.4.1-r1.ebuild
<<< kvoctrain-3.4.1-r1.ebuild

are marked x86, the other archs are asked to follow.

------- Comment #5 From Stefan Cornelius (RETIRED) 2005-08-14 17:07:24 0000 ------- 
Well, i don't have a good feeling that these patches are in portage but since
it's semi-public, i just hope that it's ok. Would be too late now, anyways.

Arches, please test and mark kdeedu-3.3.2-r2 stable. if kde-3.4.1 was stable on
your arch, please do the same with kdeedu-3.4.1-r1 and kvoctrain-3.4.1-r1.
Thanks a lot.

------- Comment #6 From Sune Kloppenborg Jeppesen 2005-08-14 21:52:18 0000 ------- 
Removing arches and adding arch security liaisons instead. Please test and 
mark stable.

------- Comment #7 From Sune Kloppenborg Jeppesen 2005-08-14 22:27:20 0000 ------- 
This is now handled on the public bug #102577

------- Comment #8 From Markus Rothe 2005-08-15 05:58:41 0000 ------- 
removing as it is stable on ppc64

------- Comment #9 From Michael Hanselmann (hansmi) (RETIRED) 2005-08-15 06:10:31 0000 ------- 
Stable on ppc.

------- Comment #10 From Olivier Crete 2005-08-15 06:43:50 0000 ------- 
x86 already there

------- Comment #11 From Thierry Carrez (RETIRED) 2005-08-18 09:40:44 0000 ------- 
Closing, as we are done here.

*** This bug has been marked as a duplicate of 102577 ***