Re: [SECURITY] [DSA 1376-1] New kdebase packages fix authentication bypass

Steve Kemp wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - ------------------------------------------------------------------------
> Debian Security Advisory DSA-1376 security@debian.org
> http://www.debian.org/security/ Steve Kemp
> September 21, 2007 http://www.debian.org/security/faq
> - ------------------------------------------------------------------------
>
> Package : kdebase
> Vulnerability : programming error
> Problem type : local
> Debian-specific: no
> CVE Id(s) : CVE-2007-4569
>
>
> iKees Huijgen discovered that under certain circumstances KDM, an X
> session manage for KDE, it is possible for KDM to be tricked into
> allowing user logins without a password.
>
> For the stable distribution (etch), this problem has been fixed in version
> 4:3.5.5a.dfsg.1-6etch1.
>
>

It seems at kdebase and fetchmailconf depencies are broken.

The following packages are BROKEN:
  fetchmailconf kdebase
The following packages are unused and will be REMOVED:   kdepasswd kdeprint khelpcenter klipper kmenuedit konqueror-nsplugins   kpager kpersonalizer ksmserver ksplash ksysguard ktip 2 packages upgraded, 0 newly installed, 12 to remove and 0 not upgraded. Need to get 103kB of archives. After unpacking 14.2MB will be freed. The following packages have unmet dependencies:   kdebase: Depends: kappfinder (>= 4:3.5.5a.dfsg.1-6etch1) but 4:3.5.5a.dfsg.1-6
 is installed.

           Depends: kate (>= 4:3.5.5a.dfsg.1-6etch1) but 4:3.5.5a.dfsg.1-6 is in
stalled.

           Depends: kcontrol (>= 4:3.5.5a.dfsg.1-6etch1) but 4:3.5.5a.dfsg.1-6 i
s installed.

           Depends: kdebase-bin (>= 4:3.5.5a.dfsg.1-6etch1) but 4:3.5.5a.dfsg.1-
6 is installed.

           Depends: kdebase-kio-plugins (>= 4:3.5.5a.dfsg.1-6etch1) but 4:3.5.5a
.dfsg.1-6 is installed.

           Depends: kdepasswd (>= 4:3.5.5a.dfsg.1-6etch1) but it is not installa
ble

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.debian.org Links debian-announce debian-apache debian-arm-changes debian-beowulf debian-boot debian-cd debian-cd-vendors debian-changes debian-changes-digest debian-isp debian-kde debian-laptop debian-mirrors-announce debian-news debian-security debian-security-announce debian-testing debian-user debian-user-digest Request more information about Pantek

           Depends: kdeprint (>= 4:3.5.5a.dfsg.1-6etch1) but it is not installab
le

           Depends: kdesktop (>= 4:3.5.5a.dfsg.1-6etch1) but 4:3.5.5a.dfsg.1-6 i
s installed.

           Depends: kfind (>= 4:3.5.5a.dfsg.1-6etch1) but 4:3.5.5a.dfsg.1-6 is i
nstalled.

           Depends: khelpcenter (>= 4:3.5.5a.dfsg.1-6etch1) but it is not instal
lable

           Depends: kicker (>= 4:3.5.5a.dfsg.1-6etch1) but 4:3.5.5a.dfsg.1-6 is
installed.

           Depends: klipper (>= 4:3.5.5a.dfsg.1-6etch1) but it is not installabl
e

           Depends: kmenuedit (>= 4:3.5.5a.dfsg.1-6etch1) but it is not installa
ble

           Depends: konqueror-nsplugins (>= 4:3.5.5a.dfsg.1-6etch1) but it is no
t installable

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.debian.org Links debian-announce debian-apache debian-arm-changes debian-beowulf debian-boot debian-cd debian-cd-vendors debian-changes debian-changes-digest debian-isp debian-kde debian-laptop debian-mirrors-announce debian-news debian-security debian-security-announce debian-testing debian-user debian-user-digest Request more information about Pantek

           Depends: konqueror (>= 4:3.5.5a.dfsg.1-6etch1) but 4:3.5.5a.dfsg.1-6
is installed.

           Depends: konsole (>= 4:3.5.5a.dfsg.1-6etch1) but 4:3.5.5a.dfsg.1-6 is
 installed.

           Depends: kpager (>= 4:3.5.5a.dfsg.1-6etch1) but it is not installable

           Depends: kpersonalizer (>= 4:3.5.5a.dfsg.1-6etch1) but it is not inst
allable

           Depends: ksmserver (>= 4:3.5.5a.dfsg.1-6etch1) but it is not installa
ble

           Depends: ksplash (>= 4:3.5.5a.dfsg.1-6etch1) but it is not installabl
e

           Depends: ksysguard (>= 4:3.5.5a.dfsg.1-6etch1) but it is not installa
ble

           Depends: ktip (>= 4:3.5.5a.dfsg.1-6etch1) but it is not installable

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.debian.org Links debian-announce debian-apache debian-arm-changes debian-beowulf debian-boot debian-cd debian-cd-vendors debian-changes debian-changes-digest debian-isp debian-kde debian-laptop debian-mirrors-announce debian-news debian-security debian-security-announce debian-testing debian-user debian-user-digest Request more information about Pantek

           Depends: kwin (>= 4:3.5.5a.dfsg.1-6etch1) but 4:3.5.5a.dfsg.1-6 is in
stalled.

           Depends: libkonq4 (>= 4:3.5.5a.dfsg.1-6etch1) but 4:3.5.5a.dfsg.1-6 i
s installed.
  fetchmailconf: Depends: fetchmail (>= 6.3.6-1etch1) but 6.3.6-1 is installed.
Resolving dependencies...
The following actions will resolve these dependencies:

Remove the following packages:
kde
kde-amusements
kde-core
kdebase

Keep the following packages at their current version: fetchmailconf [6.3.6-1 (stable, now)]

Score is -324

Could you update depencies, please.

Regards, Riku

-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org