-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
--------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200305-03
--------------------------------------------------------------------
PACKAGE : kopete
SUMMARY : Unsafe command line cleansing
DATE : 2003-05-14 07:39 UTC
EXPLOIT : remote
VERSIONS AFFECTED : =kopete-0.6.2
CVE : CAN-2003-0256
--------------------------------------------------------------------
The GnuPG plugin in kopete before 0.6.2 does not properly cleanse the
command line when executing gpg, which allows remote attackers to
execute arbitrary commands.
SOLUTION
It is recommended that all Gentoo Linux users who are running
net-im/kopete upgrade to kopete-0.6.2 as follows:
emerge sync
emerge kopete
emerge clean
--------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz
--------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE+wfLGfT7nyhUpoZMRAoKwAJ99Gdwhcy436LanEEvAmWh/lgdvaQCgv8yw
uo9SkNlFO2fkO41LozwZTPs=
=r/Ih
-----END PGP SIGNATURE-----
|