pjp
Administrator
Joined: 16 Apr 2002
Posts: 20590
|
 Posted: Wed May 14, 2003 3:08 pm Post subject: [gentoo-security] GLSA: kopete (200305-03) |
 |
|
| Daniel Ahlberg wrote: | - - - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200305-03
- - - ---------------------------------------------------------------------
PACKAGE : kopete
SUMMARY : Unsafe command line cleansing
DATE : 2003-05-14 07:39 UTC
EXPLOIT : remote
VERSIONS AFFECTED : <kopete-0.6.2
FIXED VERSION : >=kopete-0.6.2
CVE : CAN-2003-0256
- - - ---------------------------------------------------------------------
The GnuPG plugin in kopete before 0.6.2 does not properly cleanse the
command line when executing gpg, which allows remote attackers to
execute arbitrary commands.
SOLUTION
It is recommended that all Gentoo Linux users who are running
net-im/kopete upgrade to kopete-0.6.2 as follows:
emerge sync
emerge kopete
emerge clean
- - - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz
- - - --------------------------------------------------------------------- |
Mailing List Archive: Unavailable
_________________
Quis separabit? Quo animo? |
|
News & Announcements
