LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 17th, 2014
Linux Security Week: October 13th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: 2065-1: kvirc: Multiple vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian Two security issues have been discovered in the DCC protocol support code of kvirc, a KDE-based next generation IRC client, which allow the overwriting of local files through directory traversal and the execution of arbitrary code through a format string attack. [More...]
- ------------------------------------------------------------------------
Debian Security Advisory DSA-2065-1                  security@debian.org
http://www.debian.org/security/                       Moritz Muehlenhoff
June 27, 2010                         http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : kvirc
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2010-2451 CVE-2010-2452

Two security issues have been discovered in the DCC protocol support
code of kvirc, a KDE-based next generation IRC client, which allow
the overwriting of local files through directory traversal and the
execution of arbitrary code through a format string attack.

For the stable distribution (lenny), these problems have been fixed in
version 3.4.0-5.

For the unstable distribution (sid), these problems have been fixed in
version 4.0.0~svn4340+rc3-1.

We recommend that you upgrade your kvirc packages.

Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-5.dsc
    Size/MD5 checksum:     1312 642fb2f743d0b4114dc4dcdfe544e860
  http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0.orig.tar.gz
    Size/MD5 checksum:  7174211 0f1b85f3b6de354dfd44891923e48ef2
  http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-5.diff.gz
    Size/MD5 checksum:   101743 d17428927906877fe773043410a4bb5d

Architecture independent packages:

  http://security.debian.org/pool/updates/main/k/kvirc/kvirc-data_3.4.0-5_all.deb
    Size/MD5 checksum:  3485708 39744719be3446d37a48e57ed297edfd

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-5_alpha.deb
    Size/MD5 checksum:  3982826 3272f368231cbb6c13275125a68f89be
  http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-5_alpha.deb
    Size/MD5 checksum:   382428 71dcf62980972fe41f52e842139672a8

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-5_amd64.deb
    Size/MD5 checksum:  3714154 29a1fe15e270cb716826f24d8035af27
  http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-5_amd64.deb
    Size/MD5 checksum:   384484 f08c49266559130841fc833e54bcbcba

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-5_arm.deb
    Size/MD5 checksum:   382616 899a31f7400fb1f74535452a592aa173
  http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-5_arm.deb
    Size/MD5 checksum:  3762824 69c122869ebad6b1972e61c6dfd80b13

armel architecture (ARM EABI)

  http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-5_armel.deb
    Size/MD5 checksum:  3226626 8b80597f1c3a8f7d9fe49bc611dad251
  http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-5_armel.deb
    Size/MD5 checksum:   381044 73288bff85c515bba0330138d928ec36

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-5_hppa.deb
    Size/MD5 checksum:  4038548 3e5bf52af84b2130cf46844afeaadfc9
  http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-5_hppa.deb
    Size/MD5 checksum:   386440 0681f6793f4a26de447ad002b06bfe17

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-5_i386.deb
    Size/MD5 checksum:   362590 f3e95dc9feda4e41cc437da223870284
  http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-5_i386.deb
    Size/MD5 checksum:  3581898 8ae5b2b063047595b7f1dd18f51aba59

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-5_ia64.deb
    Size/MD5 checksum:  4663430 f45f61754e652f97390b869c8344d660
  http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-5_ia64.deb
    Size/MD5 checksum:   362898 463ea4de1b7d1af32d91021a2ddd5a79

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-5_mips.deb
    Size/MD5 checksum:  3364482 ca1b2ae7e7b995165d656de6f4a2ab30
  http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-5_mips.deb
    Size/MD5 checksum:   386108 081e05d2b3f4071f44bc65846278c9f6

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-5_mipsel.deb
    Size/MD5 checksum:  3316120 4b6bca4c4bbcacb15fcfc4f1f34b5214
  http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-5_mipsel.deb
    Size/MD5 checksum:   362786 b5f4ce347b82eee021105f9d88ee64ac

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-5_powerpc.deb
    Size/MD5 checksum:  3915092 baed14374f84466548ee8f158f7fa2a5
  http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-5_powerpc.deb
    Size/MD5 checksum:   380006 f7afc26c44037138edaa859a6e74658e

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-5_s390.deb
    Size/MD5 checksum:  3637078 40be0d58d1e4851747cf714cddaa9d8d
  http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-5_s390.deb
    Size/MD5 checksum:   380118 a2b4ede584e0168c616a8617031f6103

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/k/kvirc/kvirc-dev_3.4.0-5_sparc.deb
    Size/MD5 checksum:   386258 631d11f8148f985e4ece7d769b2c41ac
  http://security.debian.org/pool/updates/main/k/kvirc/kvirc_3.4.0-5_sparc.deb
    Size/MD5 checksum:  3532956 b10c59a393ff583bea1514a75baa628b


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/
-----BEGIN PGP SIGNATURE-----
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
The Hacktivist as Angry Young Man
The Hacker Wars Hits NYC
CAINE Linux Distribution Helps Investigators With Forensic Analysis
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.