Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > July 2005 > Fedora - Four Update Notifications

July 2005

Fedora - Four Update Notifications

ID: 00615
Ref: 572/05
Date: 25 July 2005:12:04:49
Version: 1
Title: Fedora - Four Update Notifications
Abstract:
Vendors affected: Fedora
Operating systems affected: Fedora
Applications affected: Fedora

Title
=====

Fedora - Four Update Notifications:
1. Fedora Core 4 Update: kdenetwork-3.4.1-0.fc4.2 [FEDORA-2005-624]
2. Fedora Core 4 Update: zlib-1.2.2.2-5.fc4 [FEDORA-2005-626]
3. Fedora Core 3 Update: kdenetwork-3.3.1-3.2 [FEDORA-2005-623]
4. Fedora Core 3 Update: zlib-1.2.1.2-3.fc3 [FEDORA-2005-625]


Detail
======

Update notification summaries:

1. Multiple integer overflow flaws were found in the way Kopete processes
Gadu-Gadu messages. A remote attacker could send a specially crafted
Gadu-Gadu message which would cause Kopete to crash or possibly execute
arbitrary code.

2. Fix bug 163038 - CAN-2005-1849 - zlib buffer overflow

3. Multiple integer overflow flaws were found in the way Kopete processes
Gadu-Gadu messages. A remote attacker could send a specially crafted
Gadu-Gadu message which would cause Kopete to crash or possibly execute
arbitrary code.

4. Fix bug 163038 - CAN-2005-1849 - zlib overflow problem


Update notification content follows:


1.


- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-624
2005-07-22
- ---------------------------------------------------------------------

Product : Fedora Core 4
Name : kdenetwork
Version : 3.4.1
Release : 0.fc4.2
Summary : K Desktop Environment - Network Applications
Description :
Networking applications for the K Desktop Environment.

- ---------------------------------------------------------------------
Update Information:

Multiple integer overflow flaws were found in the way Kopete processes
Gadu-Gadu messages. A remote attacker could send a specially crafted
Gadu-Gadu message which would cause Kopete to crash or possibly execute
arbitrary code. The Common Vulnerabilities and Exposures project
assigned the name CAN-2005-1852 to this issue.

Users of Kopete should update to these packages which contain a
patch to correct this issue.
- ---------------------------------------------------------------------
* Thu Jul 21 2005 Than Ngo 7:3.4.1-0.fc4.2
- - fix crash in kopete
- - apply patch to fix libgadu vulnerabilities #163811, CVE CAN-2005-1852
thank to kde security team


- ---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

4e3db27303568ad94e65d82ffd1189f9 SRPMS/kdenetwork-3.4.1-0.fc4.2.src.rpm
fb065037fb526cd9bb933c3c076a9dec ppc/kdenetwork-3.4.1-0.fc4.2.ppc.rpm
1b26b336de353a59dd7dffe5816e0951 ppc/kdenetwork-devel-3.4.1-0.fc4.2.ppc.rpm
971510423874ce1b9339a9989044f194 ppc/debug/kdenetwork-debuginfo-3.4.1-0.fc4.2.ppc.rpm
ecd5ecaf2c3b2de2b9d1997f71d37183 x86_64/kdenetwork-3.4.1-0.fc4.2.x86_64.rpm
98e9c1a88792e0df169887f669608fa6 x86_64/kdenetwork-devel-3.4.1-0.fc4.2.x86_64.rpm
4d189d1a3c8c2abe037c9254a3cffeb8 x86_64/debug/kdenetwork-debuginfo-3.4.1-0.fc4.2.x86_64.rpm
54fd9578f7ab23e8d35d7e85e1b3e493 i386/kdenetwork-3.4.1-0.fc4.2.i386.rpm
12b717074ad81ed6c120d028684c3e6f i386/kdenetwork-devel-3.4.1-0.fc4.2.i386.rpm
d1b78acac0474698c261d117ce9832c7 i386/debug/kdenetwork-debuginfo-3.4.1-0.fc4.2.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
- ---------------------------------------------------------------------




2.


- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-626
2005-07-22
- ---------------------------------------------------------------------

Product : Fedora Core 4
Name : zlib
Version : 1.2.2.2
Release : 5.fc4
Summary : The zlib compression and decompression library.
Description :
Zlib is a general-purpose, patent-free, lossless data compression
library which is used by many different programs.

- ---------------------------------------------------------------------

* Fri Jul 22 2005 Ivana Varekova 1.2.2.2-5.fc4
- - fix bug 163038 - CAN-2005-1849 - zlib buffer overflow


- ---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/

98e700c464d19833dcedc322ed025609 SRPMS/zlib-1.2.2.2-5.fc4.src.rpm
8be0a81ff4daf9ee4dc0ce9859c5db71 ppc/zlib-1.2.2.2-5.fc4.ppc.rpm
c17982e6cdd3f1a0c73c290677d706c3 ppc/zlib-devel-1.2.2.2-5.fc4.ppc.rpm
3ffa570c9adae5a2443bcbe57ff2d43c ppc/debug/zlib-debuginfo-1.2.2.2-5.fc4.ppc.rpm
fed814656421d4c2520471f17a5a85f3 ppc/zlib-1.2.2.2-5.fc4.ppc64.rpm
846bb8c3786d55b4685ff1d958a8e311 ppc/zlib-devel-1.2.2.2-5.fc4.ppc64.rpm
123aa34ccba797575b5ee9c1ab295dd6 x86_64/zlib-1.2.2.2-5.fc4.x86_64.rpm
550d730a256853a2cd27368438cd8f3a x86_64/zlib-devel-1.2.2.2-5.fc4.x86_64.rpm
6b0dbb6cd082bb9b014cca3ecd34eb42 x86_64/debug/zlib-debuginfo-1.2.2.2-5.fc4.x86_64.rpm
7222e84cfa404931ff11e5e4b3edad5e x86_64/zlib-1.2.2.2-5.fc4.i386.rpm
67d88d89ae1cdf54afbd763b5ce48bca x86_64/zlib-devel-1.2.2.2-5.fc4.i386.rpm
7222e84cfa404931ff11e5e4b3edad5e i386/zlib-1.2.2.2-5.fc4.i386.rpm
67d88d89ae1cdf54afbd763b5ce48bca i386/zlib-devel-1.2.2.2-5.fc4.i386.rpm
63d47a678a7f6732a4cebb8551f0b2dc i386/debug/zlib-debuginfo-1.2.2.2-5.fc4.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
- ---------------------------------------------------------------------




3.


- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-623
2005-07-22
- ---------------------------------------------------------------------

Product : Fedora Core 3
Name : kdenetwork
Version : 3.3.1
Release : 3.2
Summary : K Desktop Environment - Network Applications
Description :
Networking applications for the K Desktop Environment.

- ---------------------------------------------------------------------
Update Information:

Multiple integer overflow flaws were found in the way Kopete processes
Gadu-Gadu messages. A remote attacker could send a specially crafted
Gadu-Gadu message which would cause Kopete to crash or possibly execute
arbitrary code. The Common Vulnerabilities and Exposures project
assigned the name CAN-2005-1852 to this issue.

Users of Kopete should update to these packages which contain a
patch to correct this issue.
- ---------------------------------------------------------------------
* Thu Jul 21 2005 Than Ngo 7:3.3.1-3.2
- - fix crash in kopete
- - apply patch to fix libgadu vulnerabilities #163811, CVE CAN-2005-1852
thank to kde security team
- - backport patch to fix annoying problem with registration
dialog not able to register/retrieve token due to network problems.


- ---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

4a3c668ec29fb8e773fc7e4a04b16c80 SRPMS/kdenetwork-3.3.1-3.2.src.rpm
41070969d93975e7b1647aee7824138a x86_64/kdenetwork-3.3.1-3.2.x86_64.rpm
021329dba0ce68dbc5f29317a6bf62e0 x86_64/kdenetwork-devel-3.3.1-3.2.x86_64.rpm
06e171725e200cde00ce1122a263c9db x86_64/kdenetwork-nowlistening-3.3.1-3.2.x86_64.rpm
2241fd0dd7c68cf97b8f9939299ee621 x86_64/debug/kdenetwork-debuginfo-3.3.1-3.2.x86_64.rpm
4a2cb2ac7181f4ffa6394b87cf029603 i386/kdenetwork-3.3.1-3.2.i386.rpm
56eac72b061cdf77a0df1be6f562ffb1 i386/kdenetwork-devel-3.3.1-3.2.i386.rpm
da519edd88340600a98aea322f31dcf5 i386/kdenetwork-nowlistening-3.3.1-3.2.i386.rpm
eb1c027b4bb2bfeb40c8082e356f29e6 i386/debug/kdenetwork-debuginfo-3.3.1-3.2.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
- ---------------------------------------------------------------------




4.


- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-625
2005-07-22
- ---------------------------------------------------------------------

Product : Fedora Core 3
Name : zlib
Version : 1.2.1.2
Release : 3.fc3
Summary : The zlib compression and decompression library.
Description :
Zlib is a general-purpose, patent-free, lossless data compression
library which is used by many different programs.

- ---------------------------------------------------------------------

* Fri Jul 22 2005 Ivana Varekova 1.2.1.2-3.fc3
- - fix bug 163038 - CAN-2005-1849 - zlib overflow problem


- ---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

ec7a8a3e96b9aa31228c37f8bd4f110a SRPMS/zlib-1.2.1.2-3.fc3.src.rpm
dd559bc465fdcf466bfd3c23e15cfb8c x86_64/zlib-1.2.1.2-3.fc3.x86_64.rpm
dc7da49fa4224ce73c4b790ac2cda00d x86_64/zlib-devel-1.2.1.2-3.fc3.x86_64.rpm
8e69c323f77e8ef437e7cb9cf0175d67 x86_64/debug/zlib-debuginfo-1.2.1.2-3.fc3.x86_64.rpm
7e577c3cfd0f101a1ac37140bfff39bb x86_64/zlib-1.2.1.2-3.fc3.i386.rpm
d30ab9548398d3d264ee0c6d9b3c6f20 x86_64/zlib-devel-1.2.1.2-3.fc3.i386.rpm
7e577c3cfd0f101a1ac37140bfff39bb i386/zlib-1.2.1.2-3.fc3.i386.rpm
d30ab9548398d3d264ee0c6d9b3c6f20 i386/zlib-devel-1.2.1.2-3.fc3.i386.rpm
414aab621401efc097ce76735338c4d3 i386/debug/zlib-debuginfo-1.2.1.2-3.fc3.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
- ---------------------------------------------------------------------



  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |