1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200507-23 / kopete |
| Release Date | July 25, 2005 |
| Latest Revision | July 25, 2005: 01 |
| Impact | high |
| Exploitable | remote |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| kde-base/kdenetwork | < 3.4.1-r1 | >= 3.4.1-r1, revision >= 3.3.2-r2 | All supported architectures |
| kde-base/kopete | < 3.4.1-r1 | >= 3.4.1-r1 | All supported architectures |
Related bugreports: #99754
Kopete is vulnerable to several input validation vulnerabilities which may lead to execution of arbitrary code.
KDE is a feature-rich graphical desktop environment for Linux and Unix-like Operating Systems. Kopete (also part of kdenetwork) is the KDE Instant Messenger.
Kopete contains an internal copy of libgadu and is therefore subject to several input validation vulnerabilities in libgadu.
A remote attacker could exploit this vulnerability to execute arbitrary code or crash Kopete.
Delete all Gadu Gadu contacts.
All Kopete users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose kde-base/kdenetwork |
All KDE Split Ebuild Kopete users should upgrade to the latest version:
Code Listing 3.2: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=kde-base/kopete-3.4.1-r1" |