Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2014.2093 konversation security update 10 November 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: konversation Publisher: Debian Operating System: Debian GNU/Linux 7 Linux variants Impact/Access: Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2014-8483 Reference: ESB-2014.2020 Original Bulletin: http://www.debian.org/security/2014/dsa-3068 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running konversation check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-3068-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff November 07, 2014 http://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : konversation CVE ID : CVE-2014-8483 It was discovered that Konversation, an IRC client for KDE, could by crashed when receiving malformed messages using FiSH encryption. For the stable distribution (wheezy), this problem has been fixed in version 1.4-1+deb7u1. For the unstable distribution (sid), this problem has been fixed in version 1.5-1. We recommend that you upgrade your konversation packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJUXJmvAAoJEBDCk7bDfE42d0wP/jS5W6wRU6KswhpKA8AI9nGd zxkWtpC2Q2mUGGaae3KXpf6mmUamoFiqpXswNQ0L2ZUTXfWmiIFbU+IpHjUAuzXc wEtdTIv58MYHNXAMeLePhBxYbkDj9ABC86Tt7EExntRKWjbuDyWfOmo/g/YkhyqA fIbqfIC8ujAr+G7JFkMsY2qrNkBdfrxbC+dqSdALoSMXMU/+a3Cbz+3N2QC5KwVD AevLOj/ZK87knIGCE3CLszQuTV5VIPSWyzrNjSalQ2/Kon7xqlAB8zPhRPxpZeJQ q2ACn80ko6Oi9fU0+aVgMg5B8viRibwQ4PkGto+sTMqZa8tM9Br1PT1AEzB3J9Cj v5T6DBkj1VYX9V337CiYOG+feXBirTO7tHOSaGVsTtMDukrfgZ8/rc2MM5TzXYym hXkugPd+xBizn+npwrUBeCBovNhrQegJor6aJjqedVwajNWI6db3fvBluwzFO2k8 XVonoiv2H+W8RuCT5cGNteTg7HOXVngHzrM3PsvTuj7ZmcqYLOy7JqIBk+KcLf0D lu1QXFGnfDTjNIsxFQAa1UovbSBH8cVeTYcbEh4p1iPJ7uv/PB30to8F2sb6ZJ8B yQyWq0TWlOGJrxFk9Nf8LiL4aW9cF2GkHmmY+O+yN0yde2jRuutsR1jBoc9sRjB8 5KZgds+Eum0EhjbNW0U4 =9eGu - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVF/+wxLndAQH1ShLAQKLGRAAsC9NA6OwcN8L3+wueer3jC8S+sBCPLiF p+LIHGWyKArDE4WxYuhu6D8DvkeRS76yfWb9oYLuN/gcXkK5DjtJJE3mZF1gm+M5 Zx0EhL5reO0bAw8hz6nc4nNhaYyl7Eh6HBvk4XN7Hh3l3aVRFNrDdZDo5OjdIYhI LGo2GQfiGEvCR+nkCkZZ/H2X1ab3eT32cc4xJ8OctzfgIcclQQgp8KlQcgzw3eWL WJIaNCA1nVQN/fO+wtFA/ZKz0T+/LpYeWU78ehFV1QDYi8H0nGYb4ibg65vvN5Zp wwba/rB6yYM54PZMKgleZ8ZSP7N4Tn0clTIDEdESBmJYV4Cd+i6fPBgel/Q/2M1T UW6avWpYkuPrMsVzHWM80ZCONE6OtAVDTiFxn3bCAftOrKt4Pm8EBbYTHZJjTO4p Ew0rC4VKnJzFQvOx4hlWVCICLCLUcEmXE+UxANoCDWH+iRP1EGU0eB1L11xjf9H1 L1B/pvu59S1SLGB+jDjEIi6xxg/Wo2KwGbqsGtolt7mPN1SO1+kZLRlZ8z9pXldR RWvaVI0jltsLiWXC5obZuMKwIjsZqvlknlqH9tjJaryzq/2AL3btSqWqTAiDXHyu RX7giExYBovZzikhNYtZ72MGk4Rau0gElhtEnp8YVoZxEewycpKaUpBFmZLzAaTE CdIyWlridQ8= =r4zL -----END PGP SIGNATURE-----