- Issued:
- 2004-10-27
- Updated:
- 2004-10-27
RHSA-2004:585 - Security Advisory
Synopsis
xchat security update
Type/Severity
Security Advisory: Low
Topic
An updated xchat package that fixes a stack buffer overflow in the SOCKSv5
proxy code.
Description
X-Chat is a graphical IRC chat client for the X Window System.
A stack buffer overflow has been fixed in the SOCKSv5 proxy code.
An attacker could create a malicious SOCKSv5 proxy server in such a way
that X-Chat would execute arbitrary code if a victim configured X-Chat to
use the proxy. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0409 to this issue.
Users of X-Chat should upgrade to this erratum package, which contains a
backported security patch, and is not vulnerable to this issue.
Solution
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:
up2date
For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:
Affected Products
- Red Hat Enterprise Linux Server 3 x86_64
- Red Hat Enterprise Linux Server 3 ia64
- Red Hat Enterprise Linux Server 3 i386
- Red Hat Enterprise Linux Server 2 ia64
- Red Hat Enterprise Linux Server 2 i386
- Red Hat Enterprise Linux Workstation 3 x86_64
- Red Hat Enterprise Linux Workstation 3 ia64
- Red Hat Enterprise Linux Workstation 3 i386
- Red Hat Enterprise Linux Workstation 2 ia64
- Red Hat Enterprise Linux Workstation 2 i386
- Red Hat Enterprise Linux Desktop 3 x86_64
- Red Hat Enterprise Linux Desktop 3 i386
- Red Hat Enterprise Linux for IBM z Systems 3 s390x
- Red Hat Enterprise Linux for IBM z Systems 3 s390
- Red Hat Enterprise Linux for Power, big endian 3 ppc
Fixes
- BZ - 121333 - CAN-2004-0409 XChat buffer overflow in socks5 proxy
- BZ - 135238 - CAN-2004-0409 XChat buffer overflow in socks5 proxy
CVEs
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.