Kopete: Vulnerability in included Gadu library — GLSA 200507-23

Kopete is vulnerable to several input validation vulnerabilities which may lead to execution of arbitrary code.

Affected Packages

kde-base/kdenetwork on all architectures
Affected versions < 3.4.1-r1
Unaffected versions >= 3.4.1-r1, revision >= 3.3.2-r2
kde-base/kopete on all architectures
Affected versions < 3.4.1-r1
Unaffected versions >= 3.4.1-r1

Background

KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. Kopete (also part of kdenetwork) is the KDE Instant Messenger.

Description

Kopete contains an internal copy of libgadu and is therefore subject to several input validation vulnerabilities in libgadu.

Impact

A remote attacker could exploit this vulnerability to execute arbitrary code or crash Kopete.

Workaround

Delete all Gadu Gadu contacts.

Resolution

All Kopete users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose kde-base/kdenetwork

All KDE Split Ebuild Kopete users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=kde-base/kopete-3.4.1-r1"

References

Release Date
July 25, 2005

Latest Revision
July 25, 2005: 01

Severity
high

Exploitable
remote

Bugzilla entries