[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 572/05 - Fedora - Four Update Notifications



 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 572/05 dated 25.07.05  Time: 10:50  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

Fedora - Four Update Notifications:
     1.  Fedora Core 4 Update: kdenetwork-3.4.1-0.fc4.2  [FEDORA-2005-624]
     2.  Fedora Core 4 Update: zlib-1.2.2.2-5.fc4        [FEDORA-2005-626]
     3.  Fedora Core 3 Update: kdenetwork-3.3.1-3.2      [FEDORA-2005-623]
     4.  Fedora Core 3 Update: zlib-1.2.1.2-3.fc3        [FEDORA-2005-625]


Detail
====== 

Update notification summaries:

     1.  Multiple integer overflow flaws were found in the way Kopete processes
         Gadu-Gadu messages. A remote attacker could send a specially crafted
         Gadu-Gadu message which would cause Kopete to crash or possibly execute
         arbitrary code.

     2.  Fix bug 163038 - CAN-2005-1849 - zlib buffer overflow

     3.  Multiple integer overflow flaws were found in the way Kopete processes
         Gadu-Gadu messages. A remote attacker could send a specially crafted
         Gadu-Gadu message which would cause Kopete to crash or possibly execute
         arbitrary code.

     4.  Fix bug 163038 - CAN-2005-1849 - zlib overflow problem


Update notification content follows:


1.


- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-624
2005-07-22
- ---------------------------------------------------------------------

Product     : Fedora Core 4
Name        : kdenetwork
Version     : 3.4.1                      
Release     : 0.fc4.2                  
Summary     : K Desktop Environment - Network Applications
Description :
Networking applications for the K Desktop Environment.

- ---------------------------------------------------------------------
Update Information:

Multiple integer overflow flaws were found in the way Kopete processes
Gadu-Gadu messages. A remote attacker could send a specially crafted
Gadu-Gadu message which would cause Kopete to crash or possibly execute
arbitrary code. The Common Vulnerabilities and Exposures project
assigned the name CAN-2005-1852 to this issue.

Users of Kopete should update to these packages which contain a
patch to correct this issue. 
- ---------------------------------------------------------------------
* Thu Jul 21 2005 Than Ngo <than@xxxxxxxxxx> 7:3.4.1-0.fc4.2
- - fix crash in kopete
- - apply patch to fix libgadu vulnerabilities #163811, CVE CAN-2005-1852
  thank to kde security team


- ---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

4e3db27303568ad94e65d82ffd1189f9  SRPMS/kdenetwork-3.4.1-0.fc4.2.src.rpm
fb065037fb526cd9bb933c3c076a9dec  ppc/kdenetwork-3.4.1-0.fc4.2.ppc.rpm
1b26b336de353a59dd7dffe5816e0951  ppc/kdenetwork-devel-3.4.1-0.fc4.2.ppc.rpm
971510423874ce1b9339a9989044f194  ppc/debug/kdenetwork-debuginfo-3.4.1-0.fc4.2.ppc.rpm
ecd5ecaf2c3b2de2b9d1997f71d37183  x86_64/kdenetwork-3.4.1-0.fc4.2.x86_64.rpm
98e9c1a88792e0df169887f669608fa6  x86_64/kdenetwork-devel-3.4.1-0.fc4.2.x86_64.rpm
4d189d1a3c8c2abe037c9254a3cffeb8  x86_64/debug/kdenetwork-debuginfo-3.4.1-0.fc4.2.x86_64.rpm
54fd9578f7ab23e8d35d7e85e1b3e493  i386/kdenetwork-3.4.1-0.fc4.2.i386.rpm
12b717074ad81ed6c120d028684c3e6f  i386/kdenetwork-devel-3.4.1-0.fc4.2.i386.rpm
d1b78acac0474698c261d117ce9832c7  i386/debug/kdenetwork-debuginfo-3.4.1-0.fc4.2.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
- ---------------------------------------------------------------------




2.


- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-626
2005-07-22
- ---------------------------------------------------------------------

Product     : Fedora Core 4
Name        : zlib
Version     : 1.2.2.2                      
Release     : 5.fc4                  
Summary     : The zlib compression and decompression library.
Description :
Zlib is a general-purpose, patent-free, lossless data compression
library which is used by many different programs.

- ---------------------------------------------------------------------

* Fri Jul 22 2005 Ivana Varekova <varekova@xxxxxxxxxx> 1.2.2.2-5.fc4
- - fix bug 163038 - CAN-2005-1849 - zlib buffer overflow


- ---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

98e700c464d19833dcedc322ed025609  SRPMS/zlib-1.2.2.2-5.fc4.src.rpm
8be0a81ff4daf9ee4dc0ce9859c5db71  ppc/zlib-1.2.2.2-5.fc4.ppc.rpm
c17982e6cdd3f1a0c73c290677d706c3  ppc/zlib-devel-1.2.2.2-5.fc4.ppc.rpm
3ffa570c9adae5a2443bcbe57ff2d43c  ppc/debug/zlib-debuginfo-1.2.2.2-5.fc4.ppc.rpm
fed814656421d4c2520471f17a5a85f3  ppc/zlib-1.2.2.2-5.fc4.ppc64.rpm
846bb8c3786d55b4685ff1d958a8e311  ppc/zlib-devel-1.2.2.2-5.fc4.ppc64.rpm
123aa34ccba797575b5ee9c1ab295dd6  x86_64/zlib-1.2.2.2-5.fc4.x86_64.rpm
550d730a256853a2cd27368438cd8f3a  x86_64/zlib-devel-1.2.2.2-5.fc4.x86_64.rpm
6b0dbb6cd082bb9b014cca3ecd34eb42  x86_64/debug/zlib-debuginfo-1.2.2.2-5.fc4.x86_64.rpm
7222e84cfa404931ff11e5e4b3edad5e  x86_64/zlib-1.2.2.2-5.fc4.i386.rpm
67d88d89ae1cdf54afbd763b5ce48bca  x86_64/zlib-devel-1.2.2.2-5.fc4.i386.rpm
7222e84cfa404931ff11e5e4b3edad5e  i386/zlib-1.2.2.2-5.fc4.i386.rpm
67d88d89ae1cdf54afbd763b5ce48bca  i386/zlib-devel-1.2.2.2-5.fc4.i386.rpm
63d47a678a7f6732a4cebb8551f0b2dc  i386/debug/zlib-debuginfo-1.2.2.2-5.fc4.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
- ---------------------------------------------------------------------




3.


- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-623
2005-07-22
- ---------------------------------------------------------------------

Product     : Fedora Core 3
Name        : kdenetwork
Version     : 3.3.1                      
Release     : 3.2                  
Summary     : K Desktop Environment - Network Applications
Description :
Networking applications for the K Desktop Environment.

- ---------------------------------------------------------------------
Update Information:

Multiple integer overflow flaws were found in the way Kopete processes
Gadu-Gadu messages. A remote attacker could send a specially crafted
Gadu-Gadu message which would cause Kopete to crash or possibly execute
arbitrary code. The Common Vulnerabilities and Exposures project
assigned the name CAN-2005-1852 to this issue.

Users of Kopete should update to these packages which contain a
patch to correct this issue. 
- ---------------------------------------------------------------------
* Thu Jul 21 2005 Than Ngo <than@xxxxxxxxxx> 7:3.3.1-3.2 
- - fix crash in kopete
- - apply patch to fix libgadu vulnerabilities #163811, CVE CAN-2005-1852
  thank to kde security team
- - backport patch to fix annoying problem with registration
  dialog not able to register/retrieve token due to network problems.


- ---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

4a3c668ec29fb8e773fc7e4a04b16c80  SRPMS/kdenetwork-3.3.1-3.2.src.rpm
41070969d93975e7b1647aee7824138a  x86_64/kdenetwork-3.3.1-3.2.x86_64.rpm
021329dba0ce68dbc5f29317a6bf62e0  x86_64/kdenetwork-devel-3.3.1-3.2.x86_64.rpm
06e171725e200cde00ce1122a263c9db  x86_64/kdenetwork-nowlistening-3.3.1-3.2.x86_64.rpm
2241fd0dd7c68cf97b8f9939299ee621  x86_64/debug/kdenetwork-debuginfo-3.3.1-3.2.x86_64.rpm
4a2cb2ac7181f4ffa6394b87cf029603  i386/kdenetwork-3.3.1-3.2.i386.rpm
56eac72b061cdf77a0df1be6f562ffb1  i386/kdenetwork-devel-3.3.1-3.2.i386.rpm
da519edd88340600a98aea322f31dcf5  i386/kdenetwork-nowlistening-3.3.1-3.2.i386.rpm
eb1c027b4bb2bfeb40c8082e356f29e6  i386/debug/kdenetwork-debuginfo-3.3.1-3.2.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
- ---------------------------------------------------------------------




4.


- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-625
2005-07-22
- ---------------------------------------------------------------------

Product     : Fedora Core 3
Name        : zlib
Version     : 1.2.1.2                      
Release     : 3.fc3                  
Summary     : The zlib compression and decompression library.
Description :
Zlib is a general-purpose, patent-free, lossless data compression
library which is used by many different programs.

- ---------------------------------------------------------------------

* Fri Jul 22 2005 Ivana Varekova <varekova@xxxxxxxxxx> 1.2.1.2-3.fc3
- - fix bug 163038 - CAN-2005-1849 - zlib overflow problem


- ---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

ec7a8a3e96b9aa31228c37f8bd4f110a  SRPMS/zlib-1.2.1.2-3.fc3.src.rpm
dd559bc465fdcf466bfd3c23e15cfb8c  x86_64/zlib-1.2.1.2-3.fc3.x86_64.rpm
dc7da49fa4224ce73c4b790ac2cda00d  x86_64/zlib-devel-1.2.1.2-3.fc3.x86_64.rpm
8e69c323f77e8ef437e7cb9cf0175d67  x86_64/debug/zlib-debuginfo-1.2.1.2-3.fc3.x86_64.rpm
7e577c3cfd0f101a1ac37140bfff39bb  x86_64/zlib-1.2.1.2-3.fc3.i386.rpm
d30ab9548398d3d264ee0c6d9b3c6f20  x86_64/zlib-devel-1.2.1.2-3.fc3.i386.rpm
7e577c3cfd0f101a1ac37140bfff39bb  i386/zlib-1.2.1.2-3.fc3.i386.rpm
d30ab9548398d3d264ee0c6d9b3c6f20  i386/zlib-devel-1.2.1.2-3.fc3.i386.rpm
414aab621401efc097ce76735338c4d3  i386/debug/zlib-debuginfo-1.2.1.2-3.fc3.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.  
- ---------------------------------------------------------------------



- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Fedora for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQuS1dIpao72zK539AQF7fAQAhk3C3vY5CC9rU+s2GX6HgfkxFEjQXzcH
59YSsz7Uaf2enGIdvMSsj3bBn+qoKGyFekcd9xSTC87GQTjrLRMlWLEhtfO0a+UA
7yv5grUvYgMBK0pW1PmcYH6JcMDAEgcj+Er4WZgAMskmNj3f62qmpyMzhtXHJI3n
DmGWtLMJ3rM=
=XX2m
-----END PGP SIGNATURE-----


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________