Bugtraq mailing list archives
[ GLSA 200507-23 ] Kopete: Vulnerability in included Gadu library
From: Sune Kloppenborg Jeppesen <jaervosz () gentoo org>
Date: Mon, 25 Jul 2005 20:34:52 +0200
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200507-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Kopete: Vulnerability in included Gadu library Date: July 25, 2005 Bugs: #99754 ID: 200507-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Kopete is vulnerable to several input validation vulnerabilities which may lead to execution of arbitrary code. Background ========== KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. Kopete (also part of kdenetwork) is the KDE Instant Messenger. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 kde-base/kdenetwork < 3.4.1-r1 >= 3.4.1-r1 *>= 3.3.2-r2 2 kde-base/kopete < 3.4.1-r1 >= 3.4.1-r1 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures. ------------------------------------------------------------------- Description =========== Kopete contains an internal copy of libgadu and is therefore subject to several input validation vulnerabilities in libgadu. Impact ====== A remote attacker could exploit this vulnerability to execute arbitrary code or crash Kopete. Workaround ========== Delete all Gadu Gadu contacts. Resolution ========== All Kopete users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose kde-base/kdenetwork All KDE Split Ebuild Kopete users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=kde-base/kopete-3.4.1-r1" References ========== [ 1 ] KDE Security Advisory: libgadu vulnerabilities http://www.kde.org/info/security/advisory-20050721-1.txt [ 2 ] CAN-2005-1852 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1852 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200507-23.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security () gentoo org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2005 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.0
Attachment:
_bin
Description:
Current thread:
- [ GLSA 200507-23 ] Kopete: Vulnerability in included Gadu library Sune Kloppenborg Jeppesen (Jul 25)