Package name
Advisory ID
Affected versions
9.1 i586 , 9.1 i586

Problem description

A vulnerability was discovered in versions of kopete, a KDE instant messenger client, prior to 0.6.2. This vulnerabiliy is in the GnuPG plugin that allows for users to send each other GPG-encrypted instant messages. The plugin passes encrypted messages to gpg, but does no checking to sanitize the commandline passed to gpg. This can allow remote users to execute arbitrary code, with the permissions of the user running kopete, on the local system.

Updated packages

9.1 i586

 6fbc193d6d90ec62be599de8dc0b04d1  ppc/9.1/RPMS/kopete-0.6.2-1.1mdk.ppc.rpm
5ba0b2e1fe472c157f8d163f9c8375c3  ppc/9.1/RPMS/libkopete1-0.6.2-1.1mdk.ppc.rpm
5a91638deb2635720ecb7a58cb43ec4e  ppc/9.1/SRPMS/kopete-0.6.2-1.1mdk.src.rpm

9.1 i586

 3a5e5182ff4463e12142d271c755fa56  9.1/RPMS/kopete-0.6.2-1.1mdk.i586.rpm
853880b7cab7b9f0f796c38b18468a2d  9.1/RPMS/libkopete1-0.6.2-1.1mdk.i586.rpm
5a91638deb2635720ecb7a58cb43ec4e  9.1/SRPMS/kopete-0.6.2-1.1mdk.src.rpm