Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 99583 - net-libs/libgadu net-im/ekg net-im/ekg2 net-im/kadu: Denial of Service or remote code execution (CAN-2005-1852)
Summary: net-libs/libgadu net-im/ekg net-im/ekg2 net-im/kadu: Denial of Service or rem...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B1 [glsa] DerCorny
Keywords:
: 99690 (view as bug list)
Depends on:
Blocks:
 
Reported: 2005-07-19 15:01 UTC by Karol Pasternak (RETIRED)
Modified: 2006-03-23 19:41 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Karol Pasternak (RETIRED) gentoo-dev 2005-07-19 15:01:54 UTC
Found two bugs in libgadu,
They can provide attacker to execute remote code or crash gg client

Reproducible: Always
Steps to Reproduce:
1. aplly patch for libgady from:
http://cvs.toxygen.net/ekg/lib/libgadu.c.diff?r1=1.147&r2=1.148&f=u
http://cvs.toxygen.net/ekg/lib/events.c.diff?r1=1.95&r2=1.96&f=u
Comment 1 Stefan Cornelius (RETIRED) gentoo-dev 2005-07-19 15:59:12 UTC
net-im, please provide an ebuild with the fixes and advise if other packages
could be affected by this. Thanks
Comment 2 Karol Wojtaszek (RETIRED) gentoo-dev 2005-07-20 06:26:12 UTC
net-im/kadu is also affected. Working on ebuilds.
Comment 3 Karol Wojtaszek (RETIRED) gentoo-dev 2005-07-20 10:13:50 UTC
net-im/ekg and net-libs/libgadu also affected
Comment 4 Karol Wojtaszek (RETIRED) gentoo-dev 2005-07-20 13:30:43 UTC
net-im/ekg net-im/kadu net-libs/libgadu bumped
net-im/ekg2 doesn't need bump, because it uses external gadu-gadu lib.
Comment 5 Stefan Cornelius (RETIRED) gentoo-dev 2005-07-20 13:39:53 UTC
hppa, ia64, x86: pls test and mark net-im/ekg-1.6_rc3 stable
amd64, ppc, x86: pls test and mark net-im/kadu-0.4.1 stable

libgadu and ekg2 were never marked stable so we are done with them.
Comment 6 Karol Wojtaszek (RETIRED) gentoo-dev 2005-07-20 13:51:40 UTC
libgadu is new ekg dependency, so it also need to be marked stable.
Comment 7 Stefan Cornelius (RETIRED) gentoo-dev 2005-07-20 14:12:26 UTC
*** Bug 99690 has been marked as a duplicate of this bug. ***
Comment 8 René Nussbaumer (RETIRED) gentoo-dev 2005-07-21 12:50:26 UTC
Stable on hppa
Comment 9 Jory A. Pratt 2005-07-21 16:07:11 UTC
Stable on ppc.
Comment 10 Danny van Dyk (RETIRED) gentoo-dev 2005-07-22 11:31:34 UTC
net-im/kadu stable on amd64.
Comment 11 Karol Wojtaszek (RETIRED) gentoo-dev 2005-07-25 07:11:26 UTC
x86 done
Comment 12 Stefan Cornelius (RETIRED) gentoo-dev 2005-07-26 13:00:10 UTC
ready for glsa.
Comment 13 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-07-27 01:08:28 UTC
GLSA 200507-26