Bug 1157341

Summary: konversation: out-of-bounds read flaw
Product: [Other] Security Response Reporter: Murray McAllister <mmcallis>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED DUPLICATE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: jrusnack, kevin, rdieter, smparrish, vdanen
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-10-27 04:44:10 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1157342, 1157343    
Bug Blocks:    
Attachments:
Description Flags
patch from upstream none

Description Murray McAllister 2014-10-27 04:27:12 UTC 
An out-of-bounds read flaw was reported that affects Quassel (bug 1156418) and Konversation. A remote attacker could possibly use this flaw to cause Konversation to crash. This flaw could also leak memory.

References:

http://seclists.org/oss-sec/2014/q4/431
https://github.com/quassel/quassel/commit/8b5ecd226f9208af3074b33d3b7cf5e14f55b138
https://bugs.kde.org/show_bug.cgi?id=210792
Comment 1 Murray McAllister 2014-10-27 04:28:16 UTC 
Created attachment 950882 [details]
patch from upstream
Comment 2 Murray McAllister 2014-10-27 04:29:04 UTC 
Created konversation tracking bugs for this issue:

Affects: fedora-all [bug 1157342]
Affects: epel-all [bug 1157343]
Comment 3 Murray McAllister 2014-10-27 04:43:09 UTC 
MITRE assigned CVE-2014-8483 to these issues:

http://seclists.org/oss-sec/2014/q4/448

As the same CVE cannot alias more than one bug, I'm going to close this top level one and mark it a duplicate of bug 1156418
Comment 4 Murray McAllister 2014-10-27 04:44:10 UTC 

*** This bug has been marked as a duplicate of bug 1156418 ***