LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: August 25th, 2014
Linux Advisory Watch: August 15th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: Critical: kdenetwork security update Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
RedHat Linux Updated kdenetwork packages to correct a security flaw in Kopete are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team.
- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Critical: kdenetwork security update
Advisory ID:       RHSA-2005:639-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-639.html
Issue date:        2005-07-21
Updated on:        2005-07-21
Product:           Red Hat Enterprise Linux
CVE Names:         CAN-2005-1852
- ---------------------------------------------------------------------

1. Summary:

Updated kdenetwork packages to correct a security flaw in Kopete are now
available for Red Hat Enterprise Linux 4.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64

3. Problem description:

The kdenetwork package contains networking applications for the K Desktop
Environment.  Kopete is a KDE instant messenger which supports a number of
protocols including ICQ, MSN, Yahoo, Jabber, and Gadu-Gadu.

Multiple integer overflow flaws were found in the way Kopete processes
Gadu-Gadu messages. A remote attacker could send a specially crafted
Gadu-Gadu message which would cause Kopete to crash or possibly execute
arbitrary code. The Common Vulnerabilities and Exposures project
assigned the name CAN-2005-1852 to this issue.

In order to be affected by this issue, a user would need to have registered
with Gadu-Gadu and be signed in to the Gadu-Gadu server in order to receive
a malicious message.  In addition, Red Hat believes that the Exec-shield
technology (enabled by default in Red Hat Enterprise Linux 4) would block
attempts to remotely exploit this vulnerability.

Note that this issue does not affect Red Hat Enterprise Linux 2.1 or 3.

Users of Kopete should update to these packages which contain a
patch to correct this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

163811 - CAN-2005-1852 Kopete gadu-gadu flaws


6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kdenetwork-3.3.1-2.3.src.rpm
4d73843cbbcbf0f0ee1a3a9f7a3f7932  kdenetwork-3.3.1-2.3.src.rpm

i386:
bb90b0ceb81c85b9e329b49d30bff1f6  kdenetwork-3.3.1-2.3.i386.rpm
49ab06ee9b0cb4cb2e851a89688422b5  kdenetwork-devel-3.3.1-2.3.i386.rpm
fa35b167ffe98d2cf50edb95b03bc03a  kdenetwork-nowlistening-3.3.1-2.3.i386.rpm

ia64:
3a1ecfa51031cb82d59c95a94be3bca0  kdenetwork-3.3.1-2.3.ia64.rpm
fbda969a428e54cbd6b1b06b86498693  kdenetwork-devel-3.3.1-2.3.ia64.rpm
bc8975dacb662a74fe6f675a7bd9b107  kdenetwork-nowlistening-3.3.1-2.3.ia64.rpm

ppc:
e700306fc8af2647c6c1e9ab27160b11  kdenetwork-3.3.1-2.3.ppc.rpm
72b1d01d47a9f7c0aef8d42c0d56be81  kdenetwork-devel-3.3.1-2.3.ppc.rpm
d48485fba0d6275ff7b27332c217cde5  kdenetwork-nowlistening-3.3.1-2.3.ppc.rpm

s390:
ebe481a9cbe64d6dca04412fa931f85b  kdenetwork-3.3.1-2.3.s390.rpm
0f6f5d291cdd5f2f67e1c2cf1b7cfe29  kdenetwork-devel-3.3.1-2.3.s390.rpm
121c5802302ff1e97f0d42fb3b8a83cd  kdenetwork-nowlistening-3.3.1-2.3.s390.rpm

s390x:
8a4dabb465fe0b7e30049f02e212c011  kdenetwork-3.3.1-2.3.s390x.rpm
1c1373d084dbd2c9a8b5d5cc7982d27d  kdenetwork-devel-3.3.1-2.3.s390x.rpm
9c628f1b5ba78f188eb336ad4a3ac223  kdenetwork-nowlistening-3.3.1-2.3.s390x.rpm

x86_64:
332a9169f1c435736553380dc5ce56ec  kdenetwork-3.3.1-2.3.x86_64.rpm
ed34f101f51abdbbc1c2d83d21cc6e87  kdenetwork-devel-3.3.1-2.3.x86_64.rpm
3fa57e6865b5b948ad35895054d15a58  kdenetwork-nowlistening-3.3.1-2.3.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kdenetwork-3.3.1-2.3.src.rpm
4d73843cbbcbf0f0ee1a3a9f7a3f7932  kdenetwork-3.3.1-2.3.src.rpm

i386:
bb90b0ceb81c85b9e329b49d30bff1f6  kdenetwork-3.3.1-2.3.i386.rpm
49ab06ee9b0cb4cb2e851a89688422b5  kdenetwork-devel-3.3.1-2.3.i386.rpm
fa35b167ffe98d2cf50edb95b03bc03a  kdenetwork-nowlistening-3.3.1-2.3.i386.rpm

x86_64:
332a9169f1c435736553380dc5ce56ec  kdenetwork-3.3.1-2.3.x86_64.rpm
ed34f101f51abdbbc1c2d83d21cc6e87  kdenetwork-devel-3.3.1-2.3.x86_64.rpm
3fa57e6865b5b948ad35895054d15a58  kdenetwork-nowlistening-3.3.1-2.3.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kdenetwork-3.3.1-2.3.src.rpm
4d73843cbbcbf0f0ee1a3a9f7a3f7932  kdenetwork-3.3.1-2.3.src.rpm

i386:
bb90b0ceb81c85b9e329b49d30bff1f6  kdenetwork-3.3.1-2.3.i386.rpm
49ab06ee9b0cb4cb2e851a89688422b5  kdenetwork-devel-3.3.1-2.3.i386.rpm
fa35b167ffe98d2cf50edb95b03bc03a  kdenetwork-nowlistening-3.3.1-2.3.i386.rpm

ia64:
3a1ecfa51031cb82d59c95a94be3bca0  kdenetwork-3.3.1-2.3.ia64.rpm
fbda969a428e54cbd6b1b06b86498693  kdenetwork-devel-3.3.1-2.3.ia64.rpm
bc8975dacb662a74fe6f675a7bd9b107  kdenetwork-nowlistening-3.3.1-2.3.ia64.rpm

x86_64:
332a9169f1c435736553380dc5ce56ec  kdenetwork-3.3.1-2.3.x86_64.rpm
ed34f101f51abdbbc1c2d83d21cc6e87  kdenetwork-devel-3.3.1-2.3.x86_64.rpm
3fa57e6865b5b948ad35895054d15a58  kdenetwork-nowlistening-3.3.1-2.3.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kdenetwork-3.3.1-2.3.src.rpm
4d73843cbbcbf0f0ee1a3a9f7a3f7932  kdenetwork-3.3.1-2.3.src.rpm

i386:
bb90b0ceb81c85b9e329b49d30bff1f6  kdenetwork-3.3.1-2.3.i386.rpm
49ab06ee9b0cb4cb2e851a89688422b5  kdenetwork-devel-3.3.1-2.3.i386.rpm
fa35b167ffe98d2cf50edb95b03bc03a  kdenetwork-nowlistening-3.3.1-2.3.i386.rpm

ia64:
3a1ecfa51031cb82d59c95a94be3bca0  kdenetwork-3.3.1-2.3.ia64.rpm
fbda969a428e54cbd6b1b06b86498693  kdenetwork-devel-3.3.1-2.3.ia64.rpm
bc8975dacb662a74fe6f675a7bd9b107  kdenetwork-nowlistening-3.3.1-2.3.ia64.rpm

x86_64:
332a9169f1c435736553380dc5ce56ec  kdenetwork-3.3.1-2.3.x86_64.rpm
ed34f101f51abdbbc1c2d83d21cc6e87  kdenetwork-devel-3.3.1-2.3.x86_64.rpm
3fa57e6865b5b948ad35895054d15a58  kdenetwork-nowlistening-3.3.1-2.3.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://www.kde.org/info/security/advisory-20050721-1.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1852

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.