Skip to navigation

Security Advisory kdenetwork security update

Advisory: RHSA-2005:639-10
Type: Security Advisory
Severity: Critical
Issued on: 2005-07-21
Last updated on: 2005-07-21
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2005-1852
CVE-2005-2369
CVE-2005-2370
CVE-2005-2448

Details

Updated kdenetwork packages to correct a security flaw in Kopete are now
available for Red Hat Enterprise Linux 4.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

The kdenetwork package contains networking applications for the K Desktop
Environment. Kopete is a KDE instant messenger which supports a number of
protocols including ICQ, MSN, Yahoo, Jabber, and Gadu-Gadu.

Multiple integer overflow flaws were found in the way Kopete processes
Gadu-Gadu messages. A remote attacker could send a specially crafted
Gadu-Gadu message which would cause Kopete to crash or possibly execute
arbitrary code. The Common Vulnerabilities and Exposures project
assigned the name CAN-2005-1852 to this issue.

In order to be affected by this issue, a user would need to have registered
with Gadu-Gadu and be signed in to the Gadu-Gadu server in order to receive
a malicious message. In addition, Red Hat believes that the Exec-shield
technology (enabled by default in Red Hat Enterprise Linux 4) would block
attempts to remotely exploit this vulnerability.

Note that this issue does not affect Red Hat Enterprise Linux 2.1 or 3.

Users of Kopete should update to these packages which contain a
patch to correct this issue.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Desktop (v. 4)

SRPMS:
kdenetwork-3.3.1-2.3.src.rpm
File outdated by:  RHBA-2009:0028
    MD5: 4d73843cbbcbf0f0ee1a3a9f7a3f7932
 
IA-32:
kdenetwork-3.3.1-2.3.i386.rpm
File outdated by:  RHBA-2009:0028
    MD5: bb90b0ceb81c85b9e329b49d30bff1f6
kdenetwork-devel-3.3.1-2.3.i386.rpm
File outdated by:  RHBA-2009:0028
    MD5: 49ab06ee9b0cb4cb2e851a89688422b5
kdenetwork-nowlistening-3.3.1-2.3.i386.rpm
File outdated by:  RHBA-2009:0028
    MD5: fa35b167ffe98d2cf50edb95b03bc03a
 
x86_64:
kdenetwork-3.3.1-2.3.x86_64.rpm
File outdated by:  RHBA-2009:0028
    MD5: 332a9169f1c435736553380dc5ce56ec
kdenetwork-devel-3.3.1-2.3.x86_64.rpm
File outdated by:  RHBA-2009:0028
    MD5: ed34f101f51abdbbc1c2d83d21cc6e87
kdenetwork-nowlistening-3.3.1-2.3.x86_64.rpm
File outdated by:  RHBA-2009:0028
    MD5: 3fa57e6865b5b948ad35895054d15a58
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
kdenetwork-3.3.1-2.3.src.rpm
File outdated by:  RHBA-2009:0028
    MD5: 4d73843cbbcbf0f0ee1a3a9f7a3f7932
 
IA-32:
kdenetwork-3.3.1-2.3.i386.rpm
File outdated by:  RHBA-2009:0028
    MD5: bb90b0ceb81c85b9e329b49d30bff1f6
kdenetwork-devel-3.3.1-2.3.i386.rpm
File outdated by:  RHBA-2009:0028
    MD5: 49ab06ee9b0cb4cb2e851a89688422b5
kdenetwork-nowlistening-3.3.1-2.3.i386.rpm
File outdated by:  RHBA-2009:0028
    MD5: fa35b167ffe98d2cf50edb95b03bc03a
 
IA-64:
kdenetwork-3.3.1-2.3.ia64.rpm
File outdated by:  RHBA-2009:0028
    MD5: 3a1ecfa51031cb82d59c95a94be3bca0
kdenetwork-devel-3.3.1-2.3.ia64.rpm
File outdated by:  RHBA-2009:0028
    MD5: fbda969a428e54cbd6b1b06b86498693
kdenetwork-nowlistening-3.3.1-2.3.ia64.rpm
File outdated by:  RHBA-2009:0028
    MD5: bc8975dacb662a74fe6f675a7bd9b107
 
PPC:
kdenetwork-3.3.1-2.3.ppc.rpm
File outdated by:  RHBA-2009:0028
    MD5: e700306fc8af2647c6c1e9ab27160b11
kdenetwork-devel-3.3.1-2.3.ppc.rpm
File outdated by:  RHBA-2009:0028
    MD5: 72b1d01d47a9f7c0aef8d42c0d56be81
kdenetwork-nowlistening-3.3.1-2.3.ppc.rpm
File outdated by:  RHBA-2009:0028
    MD5: d48485fba0d6275ff7b27332c217cde5
 
s390:
kdenetwork-3.3.1-2.3.s390.rpm
File outdated by:  RHBA-2009:0028
    MD5: ebe481a9cbe64d6dca04412fa931f85b
kdenetwork-devel-3.3.1-2.3.s390.rpm
File outdated by:  RHBA-2009:0028
    MD5: 0f6f5d291cdd5f2f67e1c2cf1b7cfe29
kdenetwork-nowlistening-3.3.1-2.3.s390.rpm
File outdated by:  RHBA-2009:0028
    MD5: 121c5802302ff1e97f0d42fb3b8a83cd
 
s390x:
kdenetwork-3.3.1-2.3.s390x.rpm
File outdated by:  RHBA-2009:0028
    MD5: 8a4dabb465fe0b7e30049f02e212c011
kdenetwork-devel-3.3.1-2.3.s390x.rpm
File outdated by:  RHBA-2009:0028
    MD5: 1c1373d084dbd2c9a8b5d5cc7982d27d
kdenetwork-nowlistening-3.3.1-2.3.s390x.rpm
File outdated by:  RHBA-2009:0028
    MD5: 9c628f1b5ba78f188eb336ad4a3ac223
 
x86_64:
kdenetwork-3.3.1-2.3.x86_64.rpm
File outdated by:  RHBA-2009:0028
    MD5: 332a9169f1c435736553380dc5ce56ec
kdenetwork-devel-3.3.1-2.3.x86_64.rpm
File outdated by:  RHBA-2009:0028
    MD5: ed34f101f51abdbbc1c2d83d21cc6e87
kdenetwork-nowlistening-3.3.1-2.3.x86_64.rpm
File outdated by:  RHBA-2009:0028
    MD5: 3fa57e6865b5b948ad35895054d15a58
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
kdenetwork-3.3.1-2.3.src.rpm
File outdated by:  RHBA-2009:0028
    MD5: 4d73843cbbcbf0f0ee1a3a9f7a3f7932
 
IA-32:
kdenetwork-3.3.1-2.3.i386.rpm
File outdated by:  RHBA-2009:0028
    MD5: bb90b0ceb81c85b9e329b49d30bff1f6
kdenetwork-devel-3.3.1-2.3.i386.rpm
File outdated by:  RHBA-2009:0028
    MD5: 49ab06ee9b0cb4cb2e851a89688422b5
kdenetwork-nowlistening-3.3.1-2.3.i386.rpm
File outdated by:  RHBA-2009:0028
    MD5: fa35b167ffe98d2cf50edb95b03bc03a
 
IA-64:
kdenetwork-3.3.1-2.3.ia64.rpm
File outdated by:  RHBA-2009:0028
    MD5: 3a1ecfa51031cb82d59c95a94be3bca0
kdenetwork-devel-3.3.1-2.3.ia64.rpm
File outdated by:  RHBA-2009:0028
    MD5: fbda969a428e54cbd6b1b06b86498693
kdenetwork-nowlistening-3.3.1-2.3.ia64.rpm
File outdated by:  RHBA-2009:0028
    MD5: bc8975dacb662a74fe6f675a7bd9b107
 
x86_64:
kdenetwork-3.3.1-2.3.x86_64.rpm
File outdated by:  RHBA-2009:0028
    MD5: 332a9169f1c435736553380dc5ce56ec
kdenetwork-devel-3.3.1-2.3.x86_64.rpm
File outdated by:  RHBA-2009:0028
    MD5: ed34f101f51abdbbc1c2d83d21cc6e87
kdenetwork-nowlistening-3.3.1-2.3.x86_64.rpm
File outdated by:  RHBA-2009:0028
    MD5: 3fa57e6865b5b948ad35895054d15a58
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
kdenetwork-3.3.1-2.3.src.rpm
File outdated by:  RHBA-2009:0028
    MD5: 4d73843cbbcbf0f0ee1a3a9f7a3f7932
 
IA-32:
kdenetwork-3.3.1-2.3.i386.rpm
File outdated by:  RHBA-2009:0028
    MD5: bb90b0ceb81c85b9e329b49d30bff1f6
kdenetwork-devel-3.3.1-2.3.i386.rpm
File outdated by:  RHBA-2009:0028
    MD5: 49ab06ee9b0cb4cb2e851a89688422b5
kdenetwork-nowlistening-3.3.1-2.3.i386.rpm
File outdated by:  RHBA-2009:0028
    MD5: fa35b167ffe98d2cf50edb95b03bc03a
 
IA-64:
kdenetwork-3.3.1-2.3.ia64.rpm
File outdated by:  RHBA-2009:0028
    MD5: 3a1ecfa51031cb82d59c95a94be3bca0
kdenetwork-devel-3.3.1-2.3.ia64.rpm
File outdated by:  RHBA-2009:0028
    MD5: fbda969a428e54cbd6b1b06b86498693
kdenetwork-nowlistening-3.3.1-2.3.ia64.rpm
File outdated by:  RHBA-2009:0028
    MD5: bc8975dacb662a74fe6f675a7bd9b107
 
x86_64:
kdenetwork-3.3.1-2.3.x86_64.rpm
File outdated by:  RHBA-2009:0028
    MD5: 332a9169f1c435736553380dc5ce56ec
kdenetwork-devel-3.3.1-2.3.x86_64.rpm
File outdated by:  RHBA-2009:0028
    MD5: ed34f101f51abdbbc1c2d83d21cc6e87
kdenetwork-nowlistening-3.3.1-2.3.x86_64.rpm
File outdated by:  RHBA-2009:0028
    MD5: 3fa57e6865b5b948ad35895054d15a58
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

163811 - CAN-2005-1852 Kopete gadu-gadu flaws


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/