[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 565/05 - KDE - Two Security Advisories



 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 565/05 dated 21.07.05  Time: 11:20  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

KDE - Two Security Advisories:
     1.  Multiple libgadu vulnerabilities
     2.  Kate backup file permission leak


Detail
====== 

Security advisory summaries:

     1. Kopete contains a copy of libgadu that is used if no compatible version 
        is installed in the system. Several input validation errors have been 
        reported in libgadu that can lead to integer overflows and remote DoS or
        arbitrary code execution.

     2. Kate / Kwrite create a file backup before saving a modified file. These 
        backup files are created with default permissions, even if the original 
        file had more strict permissions set.


Security advisory content follows:


1.


KDE Security Advisory: libgadu vulnerabilities
Original Release Date: 2005-07-21
URL: http://www.kde.org/info/security/advisory-20050721-1.txt

0. References
        CVE CAN-2005-1852


1. Systems affected:

        All versions of Kopete as included in
        KDE 3.3.x up to including 3.4.1. KDE 3.2.x and older
        are not affected.


2. Overview:

	Kopete contains a copy of libgadu that is used if
        no compatible version is installed in the system. Several
        input validation errors have been reported in libgadu
        that can lead to integer overflows and remote DoS or
        arbitrary code execution.


3. Impact:

	If the Gadu-Gadu protocol handler in Kopete is used,
        remote users can DoS the Kopete client or possibly even
        execute arbitrary code.


4. Solution:

        Source code patches have been made available that update
        the included copy of libgadu to 1.6rc3 which fix these
        vulnerabilities. Contact your OS vendor / binary package provider
        for information about how to obtain updated binary packages.


5. Patch:

        A patch for KDE 3.4.1 is available from
        ftp://ftp.kde.org/pub/kde/security_patches :

        675008c8bc9d7edf4d0034a398d15cf0  post-3.4.1-kdenetwork-libgadu.patch

        A patch for KDE 3.3.2 is available from
        ftp://ftp.kde.org/pub/kde/security_patches :

        73ebcef42173bf567d473414693898b0  post-3.3.2-kdenetwork-libgadu.patch




2.


KDE Security Advisory: Kate backup file permission leak
Original Release Date: 2005-07-18
URL: http://www.kde.org/info/security/advisory-20050718-1.txt

0. References
        CVE CAN-2005-1920
        https://bugs.kde.org/show_bug.cgi?id=103331


1. Systems affected:

        All maintained versions of Kate and Kwrite as shipped with
        KDE 3.2.x up to including 3.4.0. KDE 3.1.x and older and
        KDE 3.4.1 and newer are not affected.


2. Overview:

	Kate / Kwrite create a file backup before saving a modified
        file. These backup files are created with default permissions,
        even if the original file had more strict permissions set.


3. Impact:

	Depending on the system security settings, backup files
        might be readable by other users.  Kate / Kwrite are
        network transparent applications and therefore this
        vulnerability might not be restricted to local users.


4. Solution:

        Source code patches have been made available which fix these
        vulnerabilities. Contact your OS vendor / binary package provider
        for information about how to obtain updated binary packages.


5. Patch:

        A patch for KDE 3.4.0 is available from
        ftp://ftp.kde.org/pub/kde/security_patches :

        50f7bc6d8cf4b7aaa65e4e8062fc46c9  post-3.4.0-kdelibs-kate.diff

        A patch for KDE 3.3.x is available from
        ftp://ftp.kde.org/pub/kde/security_patches :

        138c3252883171d55ec24ed0318950fd  post-3.3.2-kdelibs-kate.diff

        A patch for KDE 3.2.x is available from
        ftp://ftp.kde.org/pub/kde/security_patches :

        56667c05f545e8c9711c35bf78497bfd  post-3.2.3-kdelibs-kate.diff


- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of KDE for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQt92nopao72zK539AQFvPwQAgo8MHjYeDgzRbjyiRjORvkTVrhv5H8rh
Bu/wa6wHYTUPdKz1EUebt1KUIKzUuU6WkdirnWKeHzMbcrNhto+NfbI2ht9SxmKy
Klsc/VXbM5syo7dArvLeTa8Bcyu/EoTVKix4q+N6I708nu3TI3bC8BsVIeXedL2g
NQVt1eHzkuk=
=Lc44
-----END PGP SIGNATURE-----


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________