Bug 1099776 (CVE-2014-3775)
Summary: | CVE-2014-3775 libgadu: server response memory corruption issue | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Murray McAllister <mmcallis> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | cschalle, debarshir, dominik, itamar, jkurik, mbarnes |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-01-20 17:06:07 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1099777 | ||
Bug Blocks: | 1099778 |
Description
Murray McAllister
2014-05-21 07:46:38 UTC
Created libgadu tracking bugs for this issue: Affects: fedora-all [bug 1099777] Looks like Pidgin is affected too: http://launchpadlibrarian.net/175981395/pidgin_1%3A2.10.9-0ubuntu3_1%3A2.10.9-0ubuntu3.1.diff.gz Fedora apperas to use the system verison of libgadu, so that will not be affected once libgadu is fixed. From an initial investigation, Red Hat Enterprise Linux 6 uses its own embedded version and is vulnerable. Red Hat Enterprise Linux 5 does not appear to have the affected functionality. possible patches: https://github.com/wojtekka/libgadu/commit/f45ff34dfe2edab54d6fa185e8b87246ab100bd4 https://github.com/wojtekka/libgadu/commit/0db17ad635b07566d4e53a773919c16472341966 libgadu-1.12.0-0.5.rc3.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. libgadu-1.12.0-0.5.rc3.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report. |