GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Mon Jul 25, 2005 8:39 pm Post subject: [ GLSA 200507-23 ] Kopete: Vulnerability in included Gadu li |
|
|
Gentoo Linux Security Advisory
Title: Kopete: Vulnerability in included Gadu library (GLSA 200507-23)
Severity: high
Exploitable: remote
Date: July 25, 2005
Bug(s): #99754
ID: 200507-23
Synopsis
Kopete is vulnerable to several input validation vulnerabilities which may lead to execution of arbitrary code.
Background
KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. Kopete (also part of kdenetwork) is the KDE Instant Messenger.
Affected Packages
Package: kde-base/kdenetwork
Vulnerable: < 3.4.1-r1
Unaffected: >= 3.4.1-r1
Unaffected: >= 3.3.2-r2 < 3.3.3
Architectures: All supported architectures
Package: kde-base/kopete
Vulnerable: < 3.4.1-r1
Unaffected: >= 3.4.1-r1
Architectures: All supported architectures
Description
Kopete contains an internal copy of libgadu and is therefore subject to several input validation vulnerabilities in libgadu.
Impact
A remote attacker could exploit this vulnerability to execute arbitrary code or crash Kopete.
Workaround
Delete all Gadu Gadu contacts.
Resolution
All Kopete users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose kde-base/kdenetwork | All KDE Split Ebuild Kopete users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=kde-base/kopete-3.4.1-r1" |
References
KDE Security Advisory: libgadu vulnerabilities
CAN-2005-1852
Last edited by GLSA on Sun May 07, 2006 4:58 pm; edited 1 time in total |
|