Red Hat 9042 Published by

A kdenetwork security update has been released for Red Hat Enterprise Linux

----------------------------------------------------------------------
Red Hat Security Advisory

Synopsis: Critical: kdenetwork security update
Advisory ID: RHSA-2005:639-01
Advisory URL: https://rhn.redhat.com/errata/RHSA-2005-639.html
Issue date: 2005-07-21
Updated on: 2005-07-21
Product: Red Hat Enterprise Linux
CVE Names: CAN-2005-1852
----------------------------------------------------------------------

1. Summary:

Updated kdenetwork packages to correct a security flaw in Kopete are now available for Red Hat Enterprise Linux 4.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64
Red Hat Enterprise Linux Desktop version 4 - i386, x86_64
Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64
Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64



3. Problem description:

The kdenetwork package contains networking applications for the K Desktop Environment. Kopete is a KDE instant messenger which supports a number of protocols including ICQ, MSN, Yahoo, Jabber, and Gadu-Gadu.

Multiple integer overflow flaws were found in the way Kopete processes Gadu-Gadu messages. A remote attacker could send a specially crafted Gadu-Gadu message which would cause Kopete to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project assigned the name CAN-2005-1852 to this issue.

In order to be affected by this issue, a user would need to have registered with Gadu-Gadu and be signed in to the Gadu-Gadu server in order to receive a malicious message. In addition, Red Hat believes that the Exec-shield technology (enabled by default in Red Hat Enterprise Linux 4) would block attempts to remotely exploit this vulnerability.

Note that this issue does not affect Red Hat Enterprise Linux 2.1 or 3.

Users of Kopete should update to these packages which contain a patch to correct this issue.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/):

163811 - CAN-2005-1852 Kopete gadu-gadu flaws


6. RPMs required:

Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/kdenetwork-3.3.1-2.3.src.rpm
4d73843cbbcbf0f0ee1a3a9f7a3f7932 kdenetwork-3.3.1-2.3.src.rpm

i386:
bb90b0ceb81c85b9e329b49d30bff1f6 kdenetwork-3.3.1-2.3.i386.rpm
49ab06ee9b0cb4cb2e851a89688422b5 kdenetwork-devel-3.3.1-2.3.i386.rpm
fa35b167ffe98d2cf50edb95b03bc03a kdenetwork-nowlistening-3.3.1-2.3.i386.rpm

ia64:
3a1ecfa51031cb82d59c95a94be3bca0 kdenetwork-3.3.1-2.3.ia64.rpm
fbda969a428e54cbd6b1b06b86498693 kdenetwork-devel-3.3.1-2.3.ia64.rpm
bc8975dacb662a74fe6f675a7bd9b107 kdenetwork-nowlistening-3.3.1-2.3.ia64.rpm

ppc:
e700306fc8af2647c6c1e9ab27160b11 kdenetwork-3.3.1-2.3.ppc.rpm
72b1d01d47a9f7c0aef8d42c0d56be81 kdenetwork-devel-3.3.1-2.3.ppc.rpm
d48485fba0d6275ff7b27332c217cde5 kdenetwork-nowlistening-3.3.1-2.3.ppc.rpm

s390:
ebe481a9cbe64d6dca04412fa931f85b kdenetwork-3.3.1-2.3.s390.rpm
0f6f5d291cdd5f2f67e1c2cf1b7cfe29 kdenetwork-devel-3.3.1-2.3.s390.rpm
121c5802302ff1e97f0d42fb3b8a83cd kdenetwork-nowlistening-3.3.1-2.3.s390.rpm

s390x:
8a4dabb465fe0b7e30049f02e212c011 kdenetwork-3.3.1-2.3.s390x.rpm
1c1373d084dbd2c9a8b5d5cc7982d27d kdenetwork-devel-3.3.1-2.3.s390x.rpm
9c628f1b5ba78f188eb336ad4a3ac223 kdenetwork-nowlistening-3.3.1-2.3.s390x.rpm

x86_64:
332a9169f1c435736553380dc5ce56ec kdenetwork-3.3.1-2.3.x86_64.rpm
ed34f101f51abdbbc1c2d83d21cc6e87 kdenetwork-devel-3.3.1-2.3.x86_64.rpm
3fa57e6865b5b948ad35895054d15a58 kdenetwork-nowlistening-3.3.1-2.3.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/kdenetwork-3.3.1-2.3.src.rpm
4d73843cbbcbf0f0ee1a3a9f7a3f7932 kdenetwork-3.3.1-2.3.src.rpm

i386:
bb90b0ceb81c85b9e329b49d30bff1f6 kdenetwork-3.3.1-2.3.i386.rpm
49ab06ee9b0cb4cb2e851a89688422b5 kdenetwork-devel-3.3.1-2.3.i386.rpm
fa35b167ffe98d2cf50edb95b03bc03a kdenetwork-nowlistening-3.3.1-2.3.i386.rpm

x86_64:
332a9169f1c435736553380dc5ce56ec kdenetwork-3.3.1-2.3.x86_64.rpm
ed34f101f51abdbbc1c2d83d21cc6e87 kdenetwork-devel-3.3.1-2.3.x86_64.rpm
3fa57e6865b5b948ad35895054d15a58 kdenetwork-nowlistening-3.3.1-2.3.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/kdenetwork-3.3.1-2.3.src.rpm
4d73843cbbcbf0f0ee1a3a9f7a3f7932 kdenetwork-3.3.1-2.3.src.rpm

i386:
bb90b0ceb81c85b9e329b49d30bff1f6 kdenetwork-3.3.1-2.3.i386.rpm
49ab06ee9b0cb4cb2e851a89688422b5 kdenetwork-devel-3.3.1-2.3.i386.rpm
fa35b167ffe98d2cf50edb95b03bc03a kdenetwork-nowlistening-3.3.1-2.3.i386.rpm

ia64:
3a1ecfa51031cb82d59c95a94be3bca0 kdenetwork-3.3.1-2.3.ia64.rpm
fbda969a428e54cbd6b1b06b86498693 kdenetwork-devel-3.3.1-2.3.ia64.rpm
bc8975dacb662a74fe6f675a7bd9b107 kdenetwork-nowlistening-3.3.1-2.3.ia64.rpm

x86_64:
332a9169f1c435736553380dc5ce56ec kdenetwork-3.3.1-2.3.x86_64.rpm
ed34f101f51abdbbc1c2d83d21cc6e87 kdenetwork-devel-3.3.1-2.3.x86_64.rpm
3fa57e6865b5b948ad35895054d15a58 kdenetwork-nowlistening-3.3.1-2.3.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/kdenetwork-3.3.1-2.3.src.rpm
4d73843cbbcbf0f0ee1a3a9f7a3f7932 kdenetwork-3.3.1-2.3.src.rpm

i386:
bb90b0ceb81c85b9e329b49d30bff1f6 kdenetwork-3.3.1-2.3.i386.rpm
49ab06ee9b0cb4cb2e851a89688422b5 kdenetwork-devel-3.3.1-2.3.i386.rpm
fa35b167ffe98d2cf50edb95b03bc03a kdenetwork-nowlistening-3.3.1-2.3.i386.rpm

ia64:
3a1ecfa51031cb82d59c95a94be3bca0 kdenetwork-3.3.1-2.3.ia64.rpm
fbda969a428e54cbd6b1b06b86498693 kdenetwork-devel-3.3.1-2.3.ia64.rpm
bc8975dacb662a74fe6f675a7bd9b107 kdenetwork-nowlistening-3.3.1-2.3.ia64.rpm

x86_64:
332a9169f1c435736553380dc5ce56ec kdenetwork-3.3.1-2.3.x86_64.rpm
ed34f101f51abdbbc1c2d83d21cc6e87 kdenetwork-devel-3.3.1-2.3.x86_64.rpm
3fa57e6865b5b948ad35895054d15a58 kdenetwork-nowlistening-3.3.1-2.3.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://www.redhat.com/security/team/key/#package

7. References:

http://www.kde.org/info/security/advisory-20050721-1.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1852

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.