Gentoo Bug 99583 - net-libs/libgadu net-im/ekg net-im/ekg2 net-im/kadu: Denial of Service or remote code execution (CAN-2005-1852)

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bug#:	99583
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Karol Pasternak (RETIRED) <reb@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 99583 depends on:			Show dependency tree
Bug 99583 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2005-07-19 15:01 0000

Found two bugs in libgadu,
They can provide attacker to execute remote code or crash gg client

Reproducible: Always
Steps to Reproduce:
1. aplly patch for libgady from:
http://cvs.toxygen.net/ekg/lib/libgadu.c.diff?r1=1.147&r2=1.148&f=u
http://cvs.toxygen.net/ekg/lib/events.c.diff?r1=1.95&r2=1.96&f=u

------- Comment #1 From Stefan Cornelius (RETIRED) 2005-07-19 15:59:12 0000 -------

net-im, please provide an ebuild with the fixes and advise if other packages
could be affected by this. Thanks

------- Comment #2 From Karol Wojtaszek (RETIRED) 2005-07-20 06:26:12 0000 -------

net-im/kadu is also affected. Working on ebuilds.

------- Comment #3 From Karol Wojtaszek (RETIRED) 2005-07-20 10:13:50 0000 -------

net-im/ekg and net-libs/libgadu also affected

------- Comment #4 From Karol Wojtaszek (RETIRED) 2005-07-20 13:30:43 0000 -------

net-im/ekg net-im/kadu net-libs/libgadu bumped
net-im/ekg2 doesn't need bump, because it uses external gadu-gadu lib.

------- Comment #5 From Stefan Cornelius (RETIRED) 2005-07-20 13:39:53 0000 -------

hppa, ia64, x86: pls test and mark net-im/ekg-1.6_rc3 stable
amd64, ppc, x86: pls test and mark net-im/kadu-0.4.1 stable

libgadu and ekg2 were never marked stable so we are done with them.

------- Comment #6 From Karol Wojtaszek (RETIRED) 2005-07-20 13:51:40 0000 -------

libgadu is new ekg dependency, so it also need to be marked stable.

------- Comment #7 From Stefan Cornelius (RETIRED) 2005-07-20 14:12:26 0000 -------

*** Bug 99690 has been marked as a duplicate of this bug. ***

------- Comment #8 From René Nussbaumer 2005-07-21 12:50:26 0000 -------

Stable on hppa

------- Comment #9 From Jory A. Pratt 2005-07-21 16:07:11 0000 -------

Stable on ppc.

------- Comment #10 From Danny van Dyk (RETIRED) 2005-07-22 11:31:34 0000 -------

net-im/kadu stable on amd64.

------- Comment #11 From Karol Wojtaszek (RETIRED) 2005-07-25 07:11:26 0000 -------

x86 done

------- Comment #12 From Stefan Cornelius (RETIRED) 2005-07-26 13:00:10 0000 -------

ready for glsa.

------- Comment #13 From Sune Kloppenborg Jeppesen 2005-07-27 01:08:28 0000 -------

GLSA 200507-26

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bugzilla Bug 99583

net-libs/libgadu net-im/ekg net-im/ekg2 net-im/kadu: Denial of Service or remote code execution (CAN-2005-1852)

Last modified: 2006-03-23 19:41:44 0000