[arch-security] [Arch Linux Security Advisory ASA-201411-5] konversation: denial of service
Levente Polyak
anthraxx at archlinux.org
Sun Nov 9 06:31:47 UTC 2014
Arch Linux Security Advisory ASA-201411-5
=========================================
Severity: Low
Date : 2014-11-09
CVE-ID : CVE-2014-8483
Package : konversation
Type : denial of service
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE-2014
Summary
=======
The package konversation before version 1.5.1-1 is vulnerable to denial
of service.
Resolution
==========
Upgrade to 1.5.1-1.
# pacman -Syu "konversation>=1.5.1-1"
The problem has been fixed upstream [0] in version 1.5.1.
Workaround
==========
None.
Description
===========
Konversation's Blowfish ECB encryption support assumes incoming blocks
to be the expected 12 bytes. The lack of a sanity-check for the actual
size can cause a denial of service and an information leak to the local
user.
Impact
======
When using Blowfish ECB encryption with another party (an IRC channel
or user), sending malformed blocks to konversation can result in a
crash or an information leak up to 11 bytes to the local user, due to
an out-of-bounds read on a heap-allocated array.
References
==========
[0] https://github.com/quassel/quassel/commit/8b5ecd
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8483
https://bugs.archlinux.org/task/42698
https://www.kde.org/info/security/advisory-20141104-1.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20141109/340867cf/attachment.bin>
More information about the arch-security
mailing list