Red Hat Product Errata RHSA-2005:639 - Security Advisory
Issued:
2005-07-21
Updated:
2005-07-21

RHSA-2005:639 - Security Advisory

Synopsis

kdenetwork security update

Type/Severity

Security Advisory: Critical

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated kdenetwork packages to correct a security flaw in Kopete are now
available for Red Hat Enterprise Linux 4.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

Description

The kdenetwork package contains networking applications for the K Desktop
Environment. Kopete is a KDE instant messenger which supports a number of
protocols including ICQ, MSN, Yahoo, Jabber, and Gadu-Gadu.

Multiple integer overflow flaws were found in the way Kopete processes
Gadu-Gadu messages. A remote attacker could send a specially crafted
Gadu-Gadu message which would cause Kopete to crash or possibly execute
arbitrary code. The Common Vulnerabilities and Exposures project
assigned the name CAN-2005-1852 to this issue.

In order to be affected by this issue, a user would need to have registered
with Gadu-Gadu and be signed in to the Gadu-Gadu server in order to receive
a malicious message. In addition, Red Hat believes that the Exec-shield
technology (enabled by default in Red Hat Enterprise Linux 4) would block
attempts to remotely exploit this vulnerability.

Note that this issue does not affect Red Hat Enterprise Linux 2.1 or 3.

Users of Kopete should update to these packages which contain a
patch to correct this issue.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via Red Hat Network. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Affected Products

  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for Power, big endian 4 ppc

Fixes

Red Hat Enterprise Linux Server 4

SRPM
kdenetwork-3.3.1-2.3.src.rpm SHA-256: 930a212a82afa8a76eba3d2b8019508808ae113c424959b51fb92d9fe674b8d9
x86_64
kdenetwork-3.3.1-2.3.x86_64.rpm SHA-256: bca790fb921437bee70db514df8b8a2d5a63a035b84fb876ff06eaec0c8db397
kdenetwork-3.3.1-2.3.x86_64.rpm SHA-256: bca790fb921437bee70db514df8b8a2d5a63a035b84fb876ff06eaec0c8db397
kdenetwork-devel-3.3.1-2.3.x86_64.rpm SHA-256: f9cfd661bdcf6d0e6c166baa322173c0ba21c4bfd5aaa659e988a710ddac6e34
kdenetwork-devel-3.3.1-2.3.x86_64.rpm SHA-256: f9cfd661bdcf6d0e6c166baa322173c0ba21c4bfd5aaa659e988a710ddac6e34
kdenetwork-nowlistening-3.3.1-2.3.x86_64.rpm SHA-256: da3ec91f969cf03fe1e7106a248b7b4e9ed54e3b8d0dd621cb83f1495f5ed6e6
kdenetwork-nowlistening-3.3.1-2.3.x86_64.rpm SHA-256: da3ec91f969cf03fe1e7106a248b7b4e9ed54e3b8d0dd621cb83f1495f5ed6e6
ia64
kdenetwork-3.3.1-2.3.ia64.rpm SHA-256: b4b192282e12ef90bab34b75430ebed340ddddab12dffca427877321d9b2a206
kdenetwork-3.3.1-2.3.ia64.rpm SHA-256: b4b192282e12ef90bab34b75430ebed340ddddab12dffca427877321d9b2a206
kdenetwork-devel-3.3.1-2.3.ia64.rpm SHA-256: 37dbb7abec004f5c48df72ea8ff3980313ef85bde634f74faedb09b167e38648
kdenetwork-devel-3.3.1-2.3.ia64.rpm SHA-256: 37dbb7abec004f5c48df72ea8ff3980313ef85bde634f74faedb09b167e38648
kdenetwork-nowlistening-3.3.1-2.3.ia64.rpm SHA-256: 9697d3997d1f2d260f045757a2c7cf351a06c489856024eed1a72bfc4c0437cf
kdenetwork-nowlistening-3.3.1-2.3.ia64.rpm SHA-256: 9697d3997d1f2d260f045757a2c7cf351a06c489856024eed1a72bfc4c0437cf
i386
kdenetwork-3.3.1-2.3.i386.rpm SHA-256: e0601a13e63804049de97621b6a2738411be11e82ce81de0493f2a873a7c5fe2
kdenetwork-3.3.1-2.3.i386.rpm SHA-256: e0601a13e63804049de97621b6a2738411be11e82ce81de0493f2a873a7c5fe2
kdenetwork-devel-3.3.1-2.3.i386.rpm SHA-256: b3b608cfe1a069c63c3304f3a8d0176dd45d161c5d9f46c2575959e4686c66ca
kdenetwork-devel-3.3.1-2.3.i386.rpm SHA-256: b3b608cfe1a069c63c3304f3a8d0176dd45d161c5d9f46c2575959e4686c66ca
kdenetwork-nowlistening-3.3.1-2.3.i386.rpm SHA-256: 64b7ad74e80a62c9237c6a2c9b53e22082378e1f146f19e4cf6c5d1dadffe139
kdenetwork-nowlistening-3.3.1-2.3.i386.rpm SHA-256: 64b7ad74e80a62c9237c6a2c9b53e22082378e1f146f19e4cf6c5d1dadffe139

Red Hat Enterprise Linux Workstation 4

SRPM
kdenetwork-3.3.1-2.3.src.rpm SHA-256: 930a212a82afa8a76eba3d2b8019508808ae113c424959b51fb92d9fe674b8d9
x86_64
kdenetwork-3.3.1-2.3.x86_64.rpm SHA-256: bca790fb921437bee70db514df8b8a2d5a63a035b84fb876ff06eaec0c8db397
kdenetwork-devel-3.3.1-2.3.x86_64.rpm SHA-256: f9cfd661bdcf6d0e6c166baa322173c0ba21c4bfd5aaa659e988a710ddac6e34
kdenetwork-nowlistening-3.3.1-2.3.x86_64.rpm SHA-256: da3ec91f969cf03fe1e7106a248b7b4e9ed54e3b8d0dd621cb83f1495f5ed6e6
ia64
kdenetwork-3.3.1-2.3.ia64.rpm SHA-256: b4b192282e12ef90bab34b75430ebed340ddddab12dffca427877321d9b2a206
kdenetwork-devel-3.3.1-2.3.ia64.rpm SHA-256: 37dbb7abec004f5c48df72ea8ff3980313ef85bde634f74faedb09b167e38648
kdenetwork-nowlistening-3.3.1-2.3.ia64.rpm SHA-256: 9697d3997d1f2d260f045757a2c7cf351a06c489856024eed1a72bfc4c0437cf
i386
kdenetwork-3.3.1-2.3.i386.rpm SHA-256: e0601a13e63804049de97621b6a2738411be11e82ce81de0493f2a873a7c5fe2
kdenetwork-devel-3.3.1-2.3.i386.rpm SHA-256: b3b608cfe1a069c63c3304f3a8d0176dd45d161c5d9f46c2575959e4686c66ca
kdenetwork-nowlistening-3.3.1-2.3.i386.rpm SHA-256: 64b7ad74e80a62c9237c6a2c9b53e22082378e1f146f19e4cf6c5d1dadffe139

Red Hat Enterprise Linux Desktop 4

SRPM
kdenetwork-3.3.1-2.3.src.rpm SHA-256: 930a212a82afa8a76eba3d2b8019508808ae113c424959b51fb92d9fe674b8d9
x86_64
kdenetwork-3.3.1-2.3.x86_64.rpm SHA-256: bca790fb921437bee70db514df8b8a2d5a63a035b84fb876ff06eaec0c8db397
kdenetwork-devel-3.3.1-2.3.x86_64.rpm SHA-256: f9cfd661bdcf6d0e6c166baa322173c0ba21c4bfd5aaa659e988a710ddac6e34
kdenetwork-nowlistening-3.3.1-2.3.x86_64.rpm SHA-256: da3ec91f969cf03fe1e7106a248b7b4e9ed54e3b8d0dd621cb83f1495f5ed6e6
i386
kdenetwork-3.3.1-2.3.i386.rpm SHA-256: e0601a13e63804049de97621b6a2738411be11e82ce81de0493f2a873a7c5fe2
kdenetwork-devel-3.3.1-2.3.i386.rpm SHA-256: b3b608cfe1a069c63c3304f3a8d0176dd45d161c5d9f46c2575959e4686c66ca
kdenetwork-nowlistening-3.3.1-2.3.i386.rpm SHA-256: 64b7ad74e80a62c9237c6a2c9b53e22082378e1f146f19e4cf6c5d1dadffe139

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
kdenetwork-3.3.1-2.3.src.rpm SHA-256: 930a212a82afa8a76eba3d2b8019508808ae113c424959b51fb92d9fe674b8d9
s390x
kdenetwork-3.3.1-2.3.s390x.rpm SHA-256: 464bdddb1dce2b33d97ec7ffe945f910601b1bfc1e019d86ad88c2ce893701d2
kdenetwork-devel-3.3.1-2.3.s390x.rpm SHA-256: d1ea14ecec123f8f6a433b4cbbf46d5aedb6edcced3cae0d06e54a5121420777
kdenetwork-nowlistening-3.3.1-2.3.s390x.rpm SHA-256: 084c3d8db689edba63ab68d677903ce4610b26119c4b7f95d484d1e9ec23dd04
s390
kdenetwork-3.3.1-2.3.s390.rpm SHA-256: 9dfd270ad661ab7e2c91bf2ce04c0dace4071f3e1fe233766ff3a99f1443ccef
kdenetwork-devel-3.3.1-2.3.s390.rpm SHA-256: db67be34ebf16dac2cb5a9783725ca406b0ee202a222b8ef793ca686e20f1e03
kdenetwork-nowlistening-3.3.1-2.3.s390.rpm SHA-256: 2fc0fe38bd7f968bb8bb46a991de1ad34a5e7fc4981e122f52fff56c6125ea98

Red Hat Enterprise Linux for Power, big endian 4

SRPM
kdenetwork-3.3.1-2.3.src.rpm SHA-256: 930a212a82afa8a76eba3d2b8019508808ae113c424959b51fb92d9fe674b8d9
ppc
kdenetwork-3.3.1-2.3.ppc.rpm SHA-256: d64db9d03a5e38110d5bdd8835e4a4db6e8339873b6c5f515dd2d710a6337f5b
kdenetwork-devel-3.3.1-2.3.ppc.rpm SHA-256: 2573ff1f027ed3a71d3479fbf277770d5a3f8a1f7395382ac337dea16367f167
kdenetwork-nowlistening-3.3.1-2.3.ppc.rpm SHA-256: 5e0bc85709a6eb312abdcab1c6bfa7fad270663141901d6cb241191107c48954

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.