-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- CONECTIVA LINUX SECURITY ANNOUNCEMENT - -------------------------------------------------------------------------- PACKAGE : kopete SUMMARY : Remote command execution vulnerability DATE : 2003-06-27 15:44:00 ID : CLA-2003:665 RELEVANT RELEASES : 9 - ------------------------------------------------------------------------- DESCRIPTION Kopete is a KDE instant messaging system with support for multiple protocols. A vulnerability[1] in the GnuPG plugin in kopete versions prior to 0.6.2 allows remote attackers to execute arbitrary commands in the client context by sending specially crafted messages to it. This update includes kopete 0.6.2, which fixes this vulnerability and adds several other bugfixes. A complete changelog[2] can be seen in the project's home page. The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN-2003-0256 to this issue[3]. SOLUTION All kopete users should upgrade. REFERENCES: 1.http://bugzilla.conectiva.com.br/show_bug.cgi?id=8770 2.http://kopete.kde.org/index.php?page=newsstory&news=Kopete_releases_version_0.6.2 3.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0256 UPDATED PACKAGES ftp://atualizacoes.conectiva.com.br/9/RPMS/kopete-0.6.2-27178U90_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/9/SRPMS/kopete-0.6.2-27178U90_2cl.src.rpm ADDITIONAL INSTRUCTIONS The apt tool can be used to perform RPM packages upgrades: - run: apt-get update - after that, execute: apt-get upgrade Detailed instructions reagarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en - ------------------------------------------------------------------------- All packages are signed with Conectiva's GPG key. The key and instructions on how to import it can be found at http://distro.conectiva.com.br/seguranca/chave/?idioma=en Instructions on how to check the signatures of the RPM packages can be found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en - ------------------------------------------------------------------------- All our advisories and generic update instructions can be viewed at http://distro.conectiva.com.br/atualizacoes/?idioma=en - ------------------------------------------------------------------------- Copyright (c) 2003 Conectiva Inc. http://www.conectiva.com - ------------------------------------------------------------------------- subscribe: conectiva-updates-subscribeat_private unsubscribe: conectiva-updates-unsubscribeat_private -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE+/JDV42jd0JmAcZARAptcAKDL/w3MHGFMeT+mRuytHXUzYxuUZQCg7w6S ZLiiJoz9rT39o0MeRi+AzJc= =nDer -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Fri Jun 27 2003 - 13:29:35 PDT