Login
Newsletter
Werbung

Sicherheit: Ungeprüfte Verwendung von Argumenten in kopete
Aktuelle Meldungen Distributionen
Name: Ungeprüfte Verwendung von Argumenten in kopete
ID: 200305-03
Distribution: Gentoo
Plattformen: Keine Angabe
Datum: Do, 15. Mai 2003, 13:00
Referenzen: Keine Angabe
Applikationen: Kopete

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

--------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200305-03
--------------------------------------------------------------------

PACKAGE : kopete
SUMMARY : Unsafe command line cleansing
DATE : 2003-05-14 07:39 UTC
EXPLOIT : remote
VERSIONS AFFECTED : <kopete-0.6.2
FIXED VERSION : >=kopete-0.6.2
CVE : CAN-2003-0256

--------------------------------------------------------------------

The GnuPG plugin in kopete before 0.6.2 does not properly cleanse the
command line when executing gpg, which allows remote attackers to
execute arbitrary commands.

SOLUTION

It is recommended that all Gentoo Linux users who are running
net-im/kopete upgrade to kopete-0.6.2 as follows:

emerge sync
emerge kopete
emerge clean

--------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz
--------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE+wfLGfT7nyhUpoZMRAoKwAJ99Gdwhcy436LanEEvAmWh/lgdvaQCgv8yw
uo9SkNlFO2fkO41LozwZTPs=
=r/Ih
-----END PGP SIGNATURE-----
Pro-Linux
Gewinnspiel
Neue Nachrichten
Werbung