KDE Security Advisory: Kopete contains a copy of libgadu that is used if no compatible version is installed in the system. Several input validation errors have been reported in libgadu that can lead to integer overflows and remote DoS or arbitrary code execution. All versions of Kopete as included in KDE 3.3.x up to including 3.4.1 are affected. KDE 3.2.x and older are not affected.
027346c8598e574fe798a52a6591511bfa26e78e5c41c50df090371a163a0bde
KDE Security Advisory: libgadu vulnerabilities
Original Release Date: 2005-07-21
URL: http://www.kde.org/info/security/advisory-20050721-1.txt
0. References
CVE CAN-2005-1852
1. Systems affected:
All versions of Kopete as included in
KDE 3.3.x up to including 3.4.1. KDE 3.2.x and older
are not affected.
2. Overview:
Kopete contains a copy of libgadu that is used if
no compatible version is installed in the system. Several
input validation errors have been reported in libgadu
that can lead to integer overflows and remote DoS or
arbitrary code execution.
3. Impact:
If the Gadu-Gadu protocol handler in Kopete is used,
remote users can DoS the Kopete client or possibly even
execute arbitrary code.
4. Solution:
Source code patches have been made available that update
the included copy of libgadu to 1.6rc3 which fix these
vulnerabilities. Contact your OS vendor / binary package provider
for information about how to obtain updated binary packages.
5. Patch:
A patch for KDE 3.4.1 is available from
ftp://ftp.kde.org/pub/kde/security_patches :
675008c8bc9d7edf4d0034a398d15cf0 post-3.4.1-kdenetwork-libgadu.patch
A patch for KDE 3.3.2 is available from
ftp://ftp.kde.org/pub/kde/security_patches :
73ebcef42173bf567d473414693898b0 post-3.3.2-kdenetwork-libgadu.patch
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed