MDKSA-2003:055
- Package name
- kopete
- Date
- 2003-05-08
- Advisory ID
- MDKSA-2003:055
- Affected versions
- 9.1 i586 , 9.1 i586
Problem description
A vulnerability was discovered in versions of kopete, a KDE instant messenger client, prior to 0.6.2. This vulnerabiliy is in the GnuPG plugin that allows for users to send each other GPG-encrypted instant messages. The plugin passes encrypted messages to gpg, but does no checking to sanitize the commandline passed to gpg. This can allow remote users to execute arbitrary code, with the permissions of the user running kopete, on the local system.
Updated packages
9.1 i586
6fbc193d6d90ec62be599de8dc0b04d1 ppc/9.1/RPMS/kopete-0.6.2-1.1mdk.ppc.rpm 5ba0b2e1fe472c157f8d163f9c8375c3 ppc/9.1/RPMS/libkopete1-0.6.2-1.1mdk.ppc.rpm 5a91638deb2635720ecb7a58cb43ec4e ppc/9.1/SRPMS/kopete-0.6.2-1.1mdk.src.rpm
9.1 i586
3a5e5182ff4463e12142d271c755fa56 9.1/RPMS/kopete-0.6.2-1.1mdk.i586.rpm 853880b7cab7b9f0f796c38b18468a2d 9.1/RPMS/libkopete1-0.6.2-1.1mdk.i586.rpm 5a91638deb2635720ecb7a58cb43ec4e 9.1/SRPMS/kopete-0.6.2-1.1mdk.src.rpm